IETF Logo Mail Archive

Re: [lamps] [EXT] Re: WGLC for draft-ietf-lamps-cms-sha3-hash

Russ Housley <housley@vigilsec.com> Wed, 07 February 2024 16:08 UTC

Return-Path: <housley@vigilsec.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 19F62C14F68D for <spasm@ietfa.amsl.com>; Wed, 7 Feb 2024 08:08:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.906
X-Spam-Level:
X-Spam-Status: No, score=-1.906 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pkAqb5j7AqTd for <spasm@ietfa.amsl.com>; Wed, 7 Feb 2024 08:08:49 -0800 (PST)
Received: from mail3.g24.pair.com (mail3.g24.pair.com [66.39.134.11]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1777FC14F618 for <spasm@ietf.org>; Wed, 7 Feb 2024 08:08:49 -0800 (PST)
Received: from mail3.g24.pair.com (localhost [127.0.0.1]) by mail3.g24.pair.com (Postfix) with ESMTP id 7562515295A; Wed, 7 Feb 2024 11:08:48 -0500 (EST)
Received: from smtpclient.apple (unknown [96.241.2.243]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail3.g24.pair.com (Postfix) with ESMTPSA id 5FAE31527F3; Wed, 7 Feb 2024 11:08:48 -0500 (EST)
From: Russ Housley <housley@vigilsec.com>
Message-Id: <C61A2777-D678-4B8F-B20B-303CDBF195BE@vigilsec.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_6CE37B1B-D157-4FCB-B46B-875208983230"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.700.6\))
Date: Wed, 07 Feb 2024 11:08:38 -0500
In-Reply-To: <7D181DEE-933F-4E19-82BB-F3CE9BD15504@ll.mit.edu>
Cc: Daniel Van Geest <daniel.vangeest.ietf@gmail.com>, SPASM <spasm@ietf.org>
To: Uri Blumenthal <uri@ll.mit.edu>
References: <SN7PR14MB6492B10C0593B89D36FE221E837D2@SN7PR14MB6492.namprd14.prod.outlook.com> <CH0PR11MB5739C5F3417263871C60C5649F462@CH0PR11MB5739.namprd11.prod.outlook.com> <CH0PR11MB5739E26AF94E538B30D440389F462@CH0PR11MB5739.namprd11.prod.outlook.com> <0F0F606F-6B33-4896-ACDF-8388E28BC258@vigilsec.com> <02e401da59db$d2d2c830$78785890$@gmail.com> <7D181DEE-933F-4E19-82BB-F3CE9BD15504@ll.mit.edu>
X-Mailer: Apple Mail (2.3731.700.6)
X-Scanned-By: mailmunge 3.11 on 66.39.134.11
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/OWVBw20UvI5wJnN9lEh-tskV9CE>
Subject: Re: [lamps] [EXT] Re: WGLC for draft-ietf-lamps-cms-sha3-hash
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: This is the mail list for the LAMPS Working Group <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Feb 2024 16:08:53 -0000

Uri:

KMAC with SHAKE128 and KMAC with SHAKE256 are already specified for use as Message Authentication Codes in RFC 8702.

Russ

> On Feb 7, 2024, at 10:50 AM, Blumenthal, Uri - 0553 - MITLL <uri@ll.mit.edu> wrote:
> 
> >   So then, are there any suggestions on what to do with this?  Keep hkdf-with-sha3* and make @Markku-Juhani O. Saarinen <mailto:mjos@pqshield.com> unhappy? 
>  
> I’m against it. I.e., count me as “unhappy” in this case too.
>  
> >  Slide KMAC into draft-ietf-lamps-cms-sha3-hash? Spin up a new draft for KMAC? 
>  
> Spinning up a new draft for KMAC sounds reasonable. I wouldn’t worry that it uses cSHAKE rather than SHA3.
>  
> >  Define an OID for KMAC in draft-ietf-lamps-cms-kyber (yuck)?
>  
> My gut feeling is “No”.
>  
> >  Force draft-ietf-lamps-cms-kyber to use KDF3 like rfc5990bis (and further commit to a paywalled spec)?
>  
> Absolutely not.
>  
>  
>  
> From: Spasm <spasm-bounces@ietf.org <mailto:spasm-bounces@ietf.org>> On Behalf Of Russ Housley
> Sent: Tuesday, February 6, 2024 8:51 PM
> To: Mike Ounsworth <Mike.Ounsworth=40entrust.com@dmarc.ietf.org <mailto:Mike.Ounsworth=40entrust.com@dmarc.ietf.org>>; Markku-Juhani O. Saarinen <mjos@pqshield.com <mailto:mjos@pqshield.com>>
> Cc: Tim Hollebeek <tim.hollebeek=40digicert.com@dmarc.ietf.org <mailto:tim.hollebeek=40digicert.com@dmarc.ietf.org>>; SPASM <spasm@ietf.org <mailto:spasm@ietf.org>>
> Subject: Re: [lamps] WGLC for draft-ietf-lamps-cms-sha3-hash
>  
> Mike and Markku:
>  
> Section 5 was added in October 2023because someone asked for KDFs.  I do not recall the source of the request.
>  
> Russ
> 
> 
> 
>> On Feb 6, 2024, at 3:21 PM, Mike Ounsworth <Mike.Ounsworth=40entrust.com@dmarc.ietf.org <mailto:Mike.Ounsworth=40entrust.com@dmarc.ietf.org>> wrote:
>>  
>> Sorry, too quick on the SEND.
>>  
>> Markku is questioning why we need section 5.1 HKDF with SHA3.
>>  
>> ---
>> Mike Ounsworth
>>  
>> From: Spasm <spasm-bounces@ietf.org <mailto:spasm-bounces@ietf.org>> On Behalf Of Mike Ounsworth
>> Sent: Tuesday, February 6, 2024 2:20 PM
>> To: Tim Hollebeek <tim.hollebeek=40digicert.com@dmarc.ietf.org <mailto:tim.hollebeek=40digicert.com@dmarc.ietf.org>>; SPASM <spasm@ietf.org <mailto:spasm@ietf.org>>; Markku-Juhani O. Saarinen <mjos@pqshield.com <mailto:mjos@pqshield.com>>
>> Subject: [EXTERNAL] Re: [lamps] WGLC for draft-ietf-lamps-cms-sha3-hash
>>  
>> I’m just gonna lob this in on @Markku-Juhani O. Saarinen <mailto:mjos@pqshield.com>’s behalf.
>>  
>> He commented this morning that it’s un-necessary to do HMAC with SHA3. If you need a MAC, then KMAC is a single invocation of SHA3 vs two invocations in HMAC. And if you only need a KDF then (I think?) naked SHA3 is fine?
>>  
>> I’ll leave it to Markku to give the details here, but I wanted to make sure this got logged before WGLC closes.
>>  
>> ---
>> Mike Ounsworth
>>  
>> From: Spasm <spasm-bounces@ietf.org <mailto:spasm-bounces@ietf.org>> On Behalf Of Tim Hollebeek
>> Sent: Tuesday, January 30, 2024 2:43 PM
>> To: SPASM <spasm@ietf.org <mailto:spasm@ietf.org>>
>> Subject: [EXTERNAL] [lamps] WGLC for draft-ietf-lamps-cms-sha3-hash
>>  
>> Hello,
>>  
>> Russ has suggested that draft-ietf-lamps-cms-sha3-hash might be ready for WGLC, and since it’s a pretty simple draft that seems like a pretty reasonable way to flush out any remaining comments and problems.
>>  
>> Therefore this is the WGLC for draft-ietf-lamps-cms-sha3-hash:
>>  
>> Use of the SHA3 One-way Hash Functions in the Cryptographic Message Syntax (CMS)
>> https://datatracker.ietf.org/doc/draft-ietf-lamps-cms-sha3-hash/
>>  
>> Abstract
>>  
>>    This document describes the conventions for using the four one-way
>>    hash functions in the SHA3 family with the Cryptographic Message
>>    Syntax (CMS).
>>  
>> Please send comments to the list by 12 February 2024.
>>  
>> -Tim
>>  
>> _______________________________________________
>> Spasm mailing list
>> Spasm@ietf.org <mailto:Spasm@ietf.org>
>> https://www.ietf.org/mailman/listinfo/spasm
> 
>  
> _______________________________________________
> Spasm mailing list
> Spasm@ietf.org <mailto:Spasm@ietf.org>
> https://www.ietf.org/mailman/listinfo/spasm

v2.23.0 | Report a Bug | By Email