IETF Logo Mail Archive

Re: [lamps] Adoption call for draft-housley-lamps-cms-sha3-hash

Michael StJohns <msj@nthpermutation.com> Sun, 29 October 2023 03:50 UTC

Return-Path: <msj@nthpermutation.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7D539C14CF1E for <spasm@ietfa.amsl.com>; Sat, 28 Oct 2023 20:50:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.803
X-Spam-Level:
X-Spam-Status: No, score=-1.803 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=nthpermutation-com.20230601.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZwwwZy9UdvJF for <spasm@ietfa.amsl.com>; Sat, 28 Oct 2023 20:50:00 -0700 (PDT)
Received: from mail-qv1-xf32.google.com (mail-qv1-xf32.google.com [IPv6:2607:f8b0:4864:20::f32]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 581C1C14CF1C for <spasm@ietf.org>; Sat, 28 Oct 2023 20:49:59 -0700 (PDT)
Received: by mail-qv1-xf32.google.com with SMTP id 6a1803df08f44-66d060aa2a4so25248126d6.2 for <spasm@ietf.org>; Sat, 28 Oct 2023 20:49:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nthpermutation-com.20230601.gappssmtp.com; s=20230601; t=1698551398; x=1699156198; darn=ietf.org; h=in-reply-to:from:references:to:content-language:subject:user-agent :mime-version:date:message-id:from:to:cc:subject:date:message-id :reply-to; bh=hqIop2kRV7IfNBLYap3x98dEJMrbFfHOtKO4wNaZ5Lc=; b=X4dsSSyydY0Wl83AZC9GnLqVtdidHR8Tq3JYunbw7Naj5uPIMsLuoO/RNEZuKr9N39 Pxm+u4TGhERxPj1LVkJQk/bpcWxdJ2yOu05PA04f3jbnf2F51Tj4Mb3LHp2uI0aQGXjy Wk6RZJWgc32zm3Yy5MQqzpMXyVy5Nq7/43GvoiR8qYbOj/l5emNz5vrY5Zq0jxsGK1+4 u5u1xktEv0Wwiz5y4UNOY/zd370Ob/YTpqBG1VDYocCvt6QJMoVE6uKSOYxJZH/vznPW +7YwWn3JWGbZ4gOySUBcH2h07k7Lqt507EGVl00jRwzf7hzdIUrpCfkz9u914HlUMTCD Qi/g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1698551398; x=1699156198; h=in-reply-to:from:references:to:content-language:subject:user-agent :mime-version:date:message-id:x-gm-message-state:from:to:cc:subject :date:message-id:reply-to; bh=hqIop2kRV7IfNBLYap3x98dEJMrbFfHOtKO4wNaZ5Lc=; b=hDELcopwYQpc+uFdRhyYCDTU//r8ur/KLOLPMfu9+tC0QHIfFFPXLk/wASSR8lV6/z GWHpSkR6xbWiaJCFeWjd1o+MWejP33ZcifnDTi/Oas7/hMBB3g/xRgI2pzqCf1NQiF2v FMZSHI6osv6TQhhwuACbRjluU50DjidjIwc2206Eil469YjaQFtyJ+ujaWaiHtz1JDh6 NPF8E0WUSmOv4KAKOjnXEDEWilrgc+lZew/cnrqIBm1m4wa9EGA3DwQ4AKE/2K1iECE/ eqVDdLP8Lt/DLjuESeI76bqtMsVj9IdVSbJNUYjMK4EEh8Euhj9DCNZnqrp0BwiBoGfC WJCg==
X-Gm-Message-State: AOJu0YzNR2haOeqUtjN8HSbpu5zdBF5mEVJdfYADrCrYp3rUaZyisISx 6IMPfSK0nRUiYwEdBXSYl7dqUv4CjTfcVjc83Fo=
X-Google-Smtp-Source: AGHT+IHWgQeqf2nDeG7V86uH12BCEgJ78BxPVFwidIAibe0U7FwgcTjX34uBrHk3WrLt0axPGCaDtA==
X-Received: by 2002:ad4:5de4:0:b0:66d:696b:db75 with SMTP id jn4-20020ad45de4000000b0066d696bdb75mr7199937qvb.32.1698551398279; Sat, 28 Oct 2023 20:49:58 -0700 (PDT)
Received: from [192.168.1.23] (pool-108-31-156-76.washdc.fios.verizon.net. [108.31.156.76]) by smtp.gmail.com with ESMTPSA id q7-20020a0ce9c7000000b0065afe284b3csm152212qvo.125.2023.10.28.20.49.57 for <spasm@ietf.org> (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Sat, 28 Oct 2023 20:49:57 -0700 (PDT)
Content-Type: multipart/alternative; boundary="------------0F1LxxLN2PbW87ksZI3S81Po"
Message-ID: <2d75918b-4815-4ec9-9e6f-74472af97a73@nthpermutation.com>
Date: Sat, 28 Oct 2023 23:49:56 -0400
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Content-Language: en-US
To: spasm@ietf.org
References: <SN7PR14MB64924398A13D7C521AEDF4B283DCA@SN7PR14MB6492.namprd14.prod.outlook.com> <bfa2812c899541cc84f7c5abb38ee435@amazon.com> <597E6452-69BF-41EE-A3EB-19AF0A01304C@vigilsec.com> <CH0PR11MB573915B912FA76F9D2A8B3239FA3A@CH0PR11MB5739.namprd11.prod.outlook.com> <fb2e4bbe95964d8e9015e3787385fa53@amazon.com>
From: Michael StJohns <msj@nthpermutation.com>
In-Reply-To: <fb2e4bbe95964d8e9015e3787385fa53@amazon.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/WWvSkgmiS2cHSnpVJ8DINgTSQOA>
Subject: Re: [lamps] Adoption call for draft-housley-lamps-cms-sha3-hash
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: This is the mail list for the LAMPS Working Group <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 29 Oct 2023 03:50:04 -0000

IMHO - These are somewhat orthogonal items.   Russ' document is useful 
irrespective of the Mike's KEM stuff, and I'd like to see it move 
forward on that basis.

(also, 
https://csrc.nist.gov/Projects/computer-security-objects-register/algorithm-registration 
has the OID registration for id-sha3-256, so for the use Mike as asking 
about, it's unclear his document actually depends on Russ' document.  
That said, its usually useful to have an IETF public of the NIST 
allocations as RFCs tend to be a bit easier to find for our participants).

If you want draft-ietf-lamps-pq-composite-kem to use Shake exclusively, 
that's more a discussion that needs to happen on the list with respect 
to that draft.  Alternately, do what is more flexible and define 
multiple kda-??? KEY-DERIVATION ::={} constructs to support both shake 
and sha3.

So I'd suggest it may be better to avoid discussions about which is 
better and try and practice algorithmic pluralism in the way we define 
things.  In other words, allocate top level OIDs for both a shake and 
sha3 variant of the KDF and include those in the ASN1.

Later, Mike


On 10/28/2023 10:37 PM, Kampanakis, Panos wrote:
>
> Hi Mike,
>
> > I guess this is a design choice that the WG can discuss. We could 
> instead use id-shake-256 from RFC8702, which is usable as a digest 
> algorithm as per section 3.1, but why? If what I actually want is a 
> hash function, then why can’t I have a hash function?
>
> I suggest to discuss this in IETF-118. SHAKEs are XOFs but can be used 
> just fine as hashes with constant output size. Their performance is 
> better, and generally that is the reason they have be favored and more 
> adopted than SHA-3 (in the same family).
>
> *From:* Spasm <spasm-bounces@ietf.org> *On Behalf Of * Mike Ounsworth
> *Sent:* Saturday, October 28, 2023 2:08 PM
> *To:* Russ Housley <housley@vigilsec.com>; Kampanakis, Panos 
> <kpanos@amazon.com>
> *Cc:* LAMPS <spasm@ietf.org>
> *Subject:* RE: [EXTERNAL] [lamps] [EXTERNAL] Re: Adoption call for 
> draft-housley-lamps-cms-sha3-hash
>
> *CAUTION*: This email originated from outside of the organization. Do 
> not click links or open attachments unless you can confirm the sender 
> and know the content is safe.
>
> Panos,
>
> Specifically, draft-ietf-lamps-pq-composite-kem instantiates RSA-KEM 
> (RFC5990bis) with:
>
> keyDerivationFunction  kda-kdf3 with id-sha3-256
>
> See:
>
> https://datatracker.ietf.org/doc/html/draft-ietf-lamps-pq-composite-kem-02#name-rsa-kem-parameters
>
> Therefore, I need an OID for id-sha3-256.
>
> I guess this is a design choice that the WG can discuss. We could 
> instead use id-shake-256 from RFC8702, which is usable as a digest 
> algorithm as per section 3.1, but why? If what I actually want is a 
> hash function, then why can’t I have a hash function?
>
> - Mike Ounsworth
>
> ------------------------------------------------------------------------
>
> *From:*Spasm <spasm-bounces@ietf.org> on behalf of Russ Housley 
> <housley@vigilsec.com>
> *Sent:* Saturday, October 28, 2023 10:44:57 AM
> *To:* Panos Kampanakis <kpanos@amazon.com>
> *Cc:* LAMPS <spasm@ietf.org>
> *Subject:* [EXTERNAL] Re: [lamps] Adoption call for 
> draft-housley-lamps-cms-sha3-hash
>
> Panos: Mike Ounsworth needs these OIDs to be available, and the 
> easiest solution was to just publish the previously abandoned I-D. 
> Russ On Oct 27, 2023, at 11: 00 PM, Kampanakis, Panos 
> <kpanos=40amazon. com@ dmarc. ietf. org> wrote: Hi Russ,
>
> Panos:
>
> Mike Ounsworth needs these OIDs to be available, and the easiest 
> solution was to just publish the previously abandoned I-D.
>
> Russ
>
>     On Oct 27, 2023, at 11:00 PM, Kampanakis, Panos
>     <kpanos=40amazon.com@dmarc.ietf.org> wrote:
>
>     Hi Russ,
>
>     I was under the impression that SHAKEs for CMS and X.509 would
>     suffice for introducing the Keccak family to these standards.
>     SHAKEs have the same security and better performance. I thought
>     that was the reason draft-turner-lamps-adding-sha3-to-pkix never
>     made it.
>
>     Is there a reason why someone would use SHA-3 in CMS instead of
>     SHAKE128 or SHAKE256 (RFC8702)?
>
>     *From:*Spasm <spasm-bounces@ietf.org
>     <mailto:spasm-bounces@ietf.org>>*On Behalf Of*Tim Hollebeek
>     *Sent:*Friday, October 27, 2023 11:39 AM
>     *To:*SPASM <spasm@ietf.org <mailto:spasm@ietf.org>>
>     *Subject:*[EXTERNAL] [lamps] Adoption call for
>     draft-housley-lamps-cms-sha3-hash
>
>     *CAUTION*: This email originated from outside of the organization.
>     Do not click links or open attachments unless you can confirm the
>     sender and know the content is safe.
>
>     Hello,
>
>     Russ has asked for an adoption call for this short document that
>     explains how to
>
>     use SHA-3 with CMS.  Since people may be traveling to IETF 118,
>     we’ll do a three
>
>     week adoption call.
>
>     https://datatracker.ietf.org/doc/html/draft-housley-lamps-cms-sha3-hash-00
>     <https://urldefense.com/v3/__https:/datatracker.ietf.org/doc/html/draft-housley-lamps-cms-sha3-hash-00__;!!FJ-Y8qCqXTj2!btMHx3oQg1XcdsmiDk3zQn-HVGxUExFHzJp0v2bwunfFVR3P8235FQ_QH4pzRkyD49fJSywzek8dgSw-P9DqGArWDMhf$>
>
>     Abstract
>
>     This document describes the conventions for using the four one-way
>
>     hash functions in the SHA3 family with the Cryptographic Message
>
>     Syntax (CMS).
>
>     Please indicate whether you support adoption, and optionally
>     indicate why, on
>
>     the list by 17 November 2023.
>
>     For the chairs,
>
>     -Tim
>
>     _______________________________________________
>     Spasm mailing list
>     Spasm@ietf.org <mailto:Spasm@ietf.org>
>     https://www.ietf.org/mailman/listinfo/spasm
>     <https://urldefense.com/v3/__https:/www.ietf.org/mailman/listinfo/spasm__;!!FJ-Y8qCqXTj2!btMHx3oQg1XcdsmiDk3zQn-HVGxUExFHzJp0v2bwunfFVR3P8235FQ_QH4pzRkyD49fJSywzek8dgSw-P9DqGMDI1k9b$>
>
> /Any email and files/attachments transmitted with it are intended 
> solely for the use of the individual or entity to whom they are 
> addressed. If this message has been sent to you in error, you must not 
> copy, distribute or disclose of the information it contains. _Please 
> notify Entrust immediately and delete the message from your system._/
>
>
> _______________________________________________
> Spasm mailing list
> Spasm@ietf.org
> https://www.ietf.org/mailman/listinfo/spasm

v2.23.0 | Report a Bug | By Email