Re: [lamps] Starting work to CAA and SHAKE
"Panos Kampanakis (pkampana)" <pkampana@cisco.com> Mon, 18 September 2017 14:36 UTC
Return-Path: <pkampana@cisco.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E04E71331E4 for <spasm@ietfa.amsl.com>; Mon, 18 Sep 2017 07:36:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.52
X-Spam-Level:
X-Spam-Status: No, score=-14.52 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XbDD_DYjEVEG for <spasm@ietfa.amsl.com>; Mon, 18 Sep 2017 07:36:11 -0700 (PDT)
Received: from rcdn-iport-4.cisco.com (rcdn-iport-4.cisco.com [173.37.86.75]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CF11D1321C9 for <spasm@ietf.org>; Mon, 18 Sep 2017 07:36:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=10584; q=dns/txt; s=iport; t=1505745370; x=1506954970; h=from:to:subject:date:message-id:references:in-reply-to: mime-version; bh=asxM82OtiNVVnKWU8BMdPdqk/zZoNZyICGwFqr4s+4M=; b=JHHubFIBePIhkP7ZniQyTpNJ/JHAbQUZa5Sm3LS2GN/ovT5sz99tsPsg TH9jRpe4qVBux14NCRSHFf25Cq6LYR3oEdPYqcUNg0O/veE284NF3kQt2 hsV8ZPAzhYuHukmg8fTYcueQxdCPG+XFrClSGgz1AA0orgK8dz1kHj8bv 0=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0CyAADC2L9Z/5NdJa1cGQEBAQEBAQEBAQEBBwEBAQEBgm9AK2RuJweODo92gXSQZ4U/DoIEChgBCoUYAoRHPxgBAgEBAQEBAQFrKIUYAQEBAQMBAStBGwIBCBEEAQEoBycLFAkIAgQBEgiIWW5kEKxAiyoBAQEBAQEBAQEBAQEBAQEBAQEBAQEYBYMrggKBUIFjgyiERQESAVWFPQWYQIhIApRKkwGVCAIRGQGBOAEfOIECC3cVSYccdoVhgSOBDwEBAQ
X-IronPort-AV: E=Sophos;i="5.42,413,1500940800"; d="scan'208,217";a="296821666"
Received: from rcdn-core-11.cisco.com ([173.37.93.147]) by rcdn-iport-4.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 18 Sep 2017 14:36:09 +0000
Received: from XCH-RCD-008.cisco.com (xch-rcd-008.cisco.com [173.37.102.18]) by rcdn-core-11.cisco.com (8.14.5/8.14.5) with ESMTP id v8IEa9fj020199 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Mon, 18 Sep 2017 14:36:09 GMT
Received: from xch-aln-010.cisco.com (173.36.7.20) by XCH-RCD-008.cisco.com (173.37.102.18) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Mon, 18 Sep 2017 09:36:09 -0500
Received: from xch-aln-010.cisco.com ([173.36.7.20]) by XCH-ALN-010.cisco.com ([173.36.7.20]) with mapi id 15.00.1263.000; Mon, 18 Sep 2017 09:36:08 -0500
From: "Panos Kampanakis (pkampana)" <pkampana@cisco.com>
To: "Dang, Quynh (Fed)" <quynh.dang@nist.gov>, Russ Housley <housley@vigilsec.com>, "spasm@ietf.org" <spasm@ietf.org>
Thread-Topic: [lamps] Starting work to CAA and SHAKE
Thread-Index: AQHTLlrfXIZ8m4v8P0uw3FozVLbwJKK60vAA///VVBA=
Date: Mon, 18 Sep 2017 14:36:08 +0000
Message-ID: <8b3e335ad93d426eb359a8dd053793d2@XCH-ALN-010.cisco.com>
References: <D774A9B1-F765-4BDA-9D78-D584B4B0EFF8@vigilsec.com> <CY4PR09MB1464DDE2B16AE0E869D93866F3630@CY4PR09MB1464.namprd09.prod.outlook.com>
In-Reply-To: <CY4PR09MB1464DDE2B16AE0E869D93866F3630@CY4PR09MB1464.namprd09.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.116.108.5]
Content-Type: multipart/alternative; boundary="_000_8b3e335ad93d426eb359a8dd053793d2XCHALN010ciscocom_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/P_00VWvpC-ol8V0M-8IJ1T_rRYE>
Subject: Re: [lamps] Starting work to CAA and SHAKE
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Sep 2017 14:36:13 -0000
+1 Happy to work with Quynh on the X.509 SHAKE draft as well. Panos From: Spasm [mailto:spasm-bounces@ietf.org] On Behalf Of Dang, Quynh (Fed) Sent: Monday, September 18, 2017 7:05 AM To: Russ Housley <housley@vigilsec.com>; spasm@ietf.org Subject: Re: [lamps] Starting work to CAA and SHAKE Hi Russ and all, Yes, I am willing to work on the item 2. Regards, Quynh. ________________________________ From: Spasm <spasm-bounces@ietf.org<mailto:spasm-bounces@ietf.org>> on behalf of Russ Housley <housley@vigilsec.com<mailto:housley@vigilsec.com>> Sent: Friday, September 15, 2017 3:43:01 PM To: spasm@ietf.org<mailto:spasm@ietf.org> Subject: [lamps] Starting work to CAA and SHAKE I have been discussing the recharter with EKR, and he agrees that we should get started on this work even though the LAMPS re-charter is blocked on a bit of process. Having completed the S/MIME 4.0 specifications and updates to support i18n email addresses in PKIX certificates, the LAMPS WG is now ready to work on two additional topics: 1. Specify a discovery mechanism for CAA records to replace the one described in RFC 6844. 2. Specify the use of SHAKE128/256 and SHAKE256/512 for PKIX and S/MIME. Other topics can be considered when these two are progressing. CAA RFC 6844 describes the mechanism by which CAA records relating to a domain are discovered. Implementation experience has demonstrated an ambiguity in the current processing of CNAME and DNAME records during discovery. Subsequent discussion has suggested that a different discovery approach would resolve limitations inherent in the current approach. We have seen at least two individual drafts on this topic. I would like to have the WG adopt a rfc6844bis as a starting point. SHAKE Unlike the previous hashing standards, the SHA-3 functions are the outcome of an open competition. They have a clear design rationale and have received a lot of public analysis, resulting in great confidence that the SHA-3 family of functions are very secure. Also, since the design of the SHA-3 functions use a very different construction from the SHA-2 functions, they offer an excellent alternative to the SHA-2 family of functions. In particular, SHAKE128/256 and SHAKE256/512 offer security and performance benefits. We have not seen any individual drafts on this yet. It seems to me that one draft is needed for PKIX and another draft is needed for CMS and S/MIME. Is anyone willing to work on them? Russ _______________________________________________ Spasm mailing list Spasm@ietf.org<mailto:Spasm@ietf.org> https://www.ietf.org/mailman/listinfo/spasm
- [lamps] Starting work to CAA and SHAKE Russ Housley
- Re: [lamps] Starting work to CAA and SHAKE Salz, Rich
- Re: [lamps] Starting work to CAA and SHAKE Dr. Pala
- Re: [lamps] Starting work to CAA and SHAKE Russ Housley
- Re: [lamps] Starting work to CAA and SHAKE Russ Housley
- Re: [lamps] Starting work to CAA and SHAKE Phillip Hallam-Baker
- Re: [lamps] Starting work to CAA and SHAKE Salz, Rich
- Re: [lamps] Starting work to CAA and SHAKE Phillip Hallam-Baker
- Re: [lamps] Starting work to CAA and SHAKE Dang, Quynh (Fed)
- Re: [lamps] Starting work to CAA and SHAKE Panos Kampanakis (pkampana)
- [lamps] CMS with SHAKE128 and SHAKE256 draft. Dang, Quynh (Fed)