IETF Logo Mail Archive

[lamps] CMS with SHAKE128 and SHAKE256 draft.

"Dang, Quynh (Fed)" <quynh.dang@nist.gov> Sun, 29 October 2017 12:15 UTC

Return-Path: <quynh.dang@nist.gov>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 046A213F542 for <spasm@ietfa.amsl.com>; Sun, 29 Oct 2017 05:15:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nistgov.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5H7k0yJlmZbn for <spasm@ietfa.amsl.com>; Sun, 29 Oct 2017 05:15:52 -0700 (PDT)
Received: from gcc01-dm2-obe.outbound.protection.outlook.com (mail-dm2gcc01on0099.outbound.protection.outlook.com [23.103.201.99]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E1DE613A9F5 for <spasm@ietf.org>; Sun, 29 Oct 2017 05:15:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nistgov.onmicrosoft.com; s=selector1-nist-gov; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=SGQ3GqGSYXw2WAMMvQfGOgX3ucoOSc5pMuPcejHtjTI=; b=oMfd+AiH6ld8Ihmm/sRCp2W0y63vqDS+Q7fyhUwgxXEN25jey+1+hBCp3SZUfurZ2AkBGUFLOFkr77ltSsqTbgUTSLDhCWSnvqKnk1WNkkbCi6k1NUMd5ohQG+xgA60oZhLMdH2a5UmQumUp5AZr5Or8cL8TOqb4oJ3HBgkvw3M=
Received: from MWHPR09MB1469.namprd09.prod.outlook.com (10.173.50.19) by MWHPR09MB1472.namprd09.prod.outlook.com (10.173.50.22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.178.6; Sun, 29 Oct 2017 12:15:49 +0000
Received: from MWHPR09MB1469.namprd09.prod.outlook.com ([10.173.50.19]) by MWHPR09MB1469.namprd09.prod.outlook.com ([10.173.50.19]) with mapi id 15.20.0178.012; Sun, 29 Oct 2017 12:15:49 +0000
From: "Dang, Quynh (Fed)" <quynh.dang@nist.gov>
To: "spasm@ietf.org" <spasm@ietf.org>
CC: 'Russ Housley' <housley@vigilsec.com>
Thread-Topic: CMS with SHAKE128 and SHAKE256 draft.
Thread-Index: AQHTUK+ohcjyehsaR0i8PIMsuKOaGA==
Date: Sun, 29 Oct 2017 12:15:49 +0000
Message-ID: <MWHPR09MB1469ECAAFB1DCDDBBC2C229CF3580@MWHPR09MB1469.namprd09.prod.outlook.com>
References: <D774A9B1-F765-4BDA-9D78-D584B4B0EFF8@vigilsec.com>
In-Reply-To: <D774A9B1-F765-4BDA-9D78-D584B4B0EFF8@vigilsec.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=quynh.dang@nist.gov;
x-originating-ip: [129.6.222.142]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; MWHPR09MB1472; 6:u3YyRWq0+aqfQbFsKL9NsSpXXAal4QgLzIekRL1NyhpxDYYansGdM7BciutEjLrkjuIPfMhQC4ugru5snADaIIF2GhwsTOl6Yeb77r+mNCOUj4i6XFYCbFaTqz9GWB9liqHBY1mGhsg1niIiVUGFfOvOu29Tjaz9PWtiYnIsHBFdQArFz6t7A3GFQos2loh0odrcPTf7NyhAeP4AeMIyP/wPGMvgMtWT8kJi+YRLUXShXGpmgIdYZuYGmFDKXVrv8fHQI7ak7RoxYs6V/xyRRrebjD8fN2Xc4r+PttAswUzvDxY78mtnS/qCpC6RRCR7Z/zb2ba7b1TAPBNX1KvonHWIk92gOHeczk8JHZNJk8o=; 5:B1sZXuqff2C/LBV4p0tlQVk4rY7zTsM1hisasJjtv0vrzcpOqCpfmbx9JO/fF+ZRG7FBbQpJ64aN3BNUB6tKL/ZSnG8g4Lc+tz30GFzGzBueKVfI2jletM7XXoYYcQgugHUvZsfkxpKmCyZB9tR0mIjQTZzLDDhNpkGkP762yGw=; 24:Bd/AKqp3JtmaRwi0wwj9ewbVJhw4ixmdG/mqBPFrhd80E87Oic1o3bFjfNkDCc3CczhaGJ6c7jxD1VMZGBOuFMwxAa2Mur6LNJicCwRlBK4=; 7:yHf4cGzX2jSey+pX9gFXjVHpG2CYcdg8kqBVG33/6uOCbJn+G5BQYTWais22izEVyKbBQjS68FLrehXRwb05njfdaSHS/o+jZQgHa96EeRl0SBnsEKBXuAzHJkx+yQ2ZoIoEUiMr11a/erA/J7K6cATqcubqd9sbEjPIDFMEaW5wdPTHqRKxHJd8kJ4LDVsNkPAmbSdZ9dItGJ4dd5Aqf61ChvhMeq5LkxVE2FfLu2HwwWEL1dE8/5rAGI829m0Q
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-correlation-id: b3a14cdb-94e0-47e7-076f-08d51ec6caa3
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(4534020)(4602075)(48565401081)(2017052603199); SRVR:MWHPR09MB1472;
x-ms-traffictypediagnostic: MWHPR09MB1472:
x-exchange-antispam-report-test: UriScan:(120809045254105)(192374486261705)(788757137089);
x-microsoft-antispam-prvs: <MWHPR09MB14729C3CE2185A8EB40B2E76F3580@MWHPR09MB1472.namprd09.prod.outlook.com>
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(5005006)(8121501046)(10201501046)(3002001)(3231020)(100000703101)(100105400095)(93006095)(93001095)(6055026)(6041248)(20161123560025)(20161123555025)(20161123558100)(20161123564025)(20161123562025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:MWHPR09MB1472; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:MWHPR09MB1472;
x-forefront-prvs: 0475418F50
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(376002)(346002)(189002)(199003)(78114003)(53754006)(7696004)(5660300001)(6606003)(2950100002)(6916009)(2351001)(19627405001)(74316002)(2906002)(101416001)(7736002)(25786009)(77096006)(3280700002)(50986999)(76176999)(53936002)(54356999)(3660700001)(6506006)(6436002)(8936002)(1730700003)(81166006)(8676002)(81156014)(3846002)(102836003)(6116002)(68736007)(5640700003)(4743002)(4326008)(2900100001)(33656002)(97736004)(105586002)(189998001)(106356001)(606006)(478600001)(53546010)(66066001)(86362001)(6306002)(9686003)(55016002)(14454004)(316002)(2501003)(99286003)(966005)(236005)(54896002); DIR:OUT; SFP:1102; SCL:1; SRVR:MWHPR09MB1472; H:MWHPR09MB1469.namprd09.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None (protection.outlook.com: nist.gov does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_MWHPR09MB1469ECAAFB1DCDDBBC2C229CF3580MWHPR09MB1469namp_"
MIME-Version: 1.0
X-OriginatorOrg: nist.gov
X-MS-Exchange-CrossTenant-Network-Message-Id: b3a14cdb-94e0-47e7-076f-08d51ec6caa3
X-MS-Exchange-CrossTenant-originalarrivaltime: 29 Oct 2017 12:15:49.2957 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR09MB1472
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/W0oZaNcHYfz_SQxSXHcv0HbmAe8>
Subject: [lamps] CMS with SHAKE128 and SHAKE256 draft.
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 29 Oct 2017 12:15:54 -0000

Hi all,

Since our group did not adopt SHA3s, I replaced them by SHAKE128 and SHAKE256 (asked by Russ Housley: the chair) in this draft
https://tools.ietf.org/html/draft-housley-lamps-cms-sha3-hash-00, then generated a new draft posted at the link below.

https://datatracker.ietf.org/doc/draft-dang-lamps-cms-shakes-hash/

Since we use the SHAKEs, I specified KMAC for MAC.

Regards,
Quynh.

________________________________
From: Spasm <spasm-bounces@ietf.org> on behalf of Russ Housley <housley@vigilsec.com>
Sent: Friday, September 15, 2017 3:43 PM
To: spasm@ietf.org
Subject: [lamps] Starting work to CAA and SHAKE

I have been discussing the recharter with EKR, and he agrees that we should get started on this work even though the LAMPS re-charter is blocked on a bit of process.

Having completed the S/MIME 4.0 specifications and updates to support i18n email addresses in PKIX certificates, the LAMPS WG is now ready to work on two additional topics:

1. Specify a discovery mechanism for CAA records to replace the one described in RFC 6844.

2. Specify the use of SHAKE128/256 and SHAKE256/512 for PKIX and S/MIME.

Other topics can be considered when these two are progressing.


CAA

RFC 6844 describes the mechanism by which CAA records relating to a domain are discovered.  Implementation experience has demonstrated an ambiguity in the current processing of CNAME and DNAME records during discovery.  Subsequent discussion has suggested that a different discovery approach would resolve limitations inherent in the current approach.  We have seen at least two individual drafts on this topic.  I would like to have the WG adopt a rfc6844bis as a starting point.


SHAKE

Unlike the previous hashing standards, the SHA-3 functions are the outcome of an open competition.  They have a clear design rationale and have received a lot of public analysis, resulting in great confidence that the SHA-3 family of functions are very secure.  Also, since the design of the SHA-3 functions use a very different construction from the SHA-2 functions, they offer an excellent alternative to the SHA-2 family
of functions.  In particular, SHAKE128/256 and SHAKE256/512 offer security and performance benefits.  We have not seen any individual drafts on this yet.  It seems to me that one draft is needed for PKIX and another draft is needed for CMS and S/MIME.  Is anyone willing to work on them?

Russ
_______________________________________________
Spasm mailing list
Spasm@ietf.org
https://www.ietf.org/mailman/listinfo/spasm

v2.23.0 | Report a Bug | By Email