Re: [lamps] Mail regarding draft-ietf-lamps-cmp-algorithms
"Brockhaus, Hendrik" <hendrik.brockhaus@siemens.com> Tue, 15 December 2020 07:22 UTC
Return-Path: <hendrik.brockhaus@siemens.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 463133A0B87 for <spasm@ietfa.amsl.com>; Mon, 14 Dec 2020 23:22:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.1
X-Spam-Level:
X-Spam-Status: No, score=0.1 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=siemens.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lbiZ49GgSehi for <spasm@ietfa.amsl.com>; Mon, 14 Dec 2020 23:22:26 -0800 (PST)
Received: from EUR01-DB5-obe.outbound.protection.outlook.com (mail-eopbgr150057.outbound.protection.outlook.com [40.107.15.57]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C4C4E3A0B6E for <spasm@ietf.org>; Mon, 14 Dec 2020 23:22:25 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=KEqwAUacVJeS4N6E2Y3deGetTwbNNvdiDLevdAYGAp4fCYW/msHhKLd7jmr5npZ/hQHm/ogp7w1eRjZDnXi2OQ1mrub6aOOtvxRv4Ql+PGZGl+dWPk0cplB4E8iYTMJz2qsl264hxFw82siQ0vEw349Fbkmd4nIS/3/JDGTu1YgoHBXCxyhtBFw9x+g7VHuaEacSK6JM+tAqhpZ6zex8qZEdOTRG3BoM57fODNWLL+lIcorezC2kCkJymSjz2gez8y0+7hcnlogTpLAuDLLaYV74H0v6JyACd/K7+vNek5YIyqU3Yv9KssXg/AWVtm/nCMp7gR9CqHPn0hwrYRjKAA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ZWuhUttiZXEpaPoNVRLq4b7QT97FkEDMpAOAN5WlHJk=; b=QcFXUfyi4IY8oAAr8kqG5Cw8U7y4iPpe6b/M0iYPFoaRZm+9MwlFRH1TG86+YQux32l5kn8ZFvAC86XIQHrhhh6U4ot71SRzyf5QTtiiWGqlRH/F1fV+MsIszOhE8QEQ0gxfX/LiOpsaaSApBdNhKUZg04uys2DgLYGVvsJ/iY0Yu4xYGx9oriuimLBekINGjdQPoH9gbIvEhvwDHb2izzIsyySZDmfNOYgZuBDzdF5pkFdk/23gG9NQLgsKej5S5ItgJYUS5PmJAILiE1t5dfLAJKd3wx/whuwiNSpUYL4OKmpjUIouJcH2aFCpzXk3tyCC12fcabFiz8jJBNrWsg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=siemens.onmicrosoft.com; s=selector1-siemens-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ZWuhUttiZXEpaPoNVRLq4b7QT97FkEDMpAOAN5WlHJk=; b=Yat+bBR3Q+8r2ELRTd+LJ+RDvba16CX5cuqZn8/kzx2hes05DbIY7wzTjkMxUSM3POJ/NFGRdC0jJbCjS3gIddrDlayO+roB3WXUbHHuFwhmcGynFq3uZ1kiNmGwSI6S3e92kkm5KKZ78LEUNR7H2zKztC/BTfeJAQhKQG+nmWw=
Received: from AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:208:dd::17) by AM9PR10MB4213.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:1cd::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3654.24; Tue, 15 Dec 2020 07:22:23 +0000
Received: from AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM ([fe80::a5a7:8af9:1e22:1d69]) by AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM ([fe80::a5a7:8af9:1e22:1d69%7]) with mapi id 15.20.3654.024; Tue, 15 Dec 2020 07:22:23 +0000
From: "Brockhaus, Hendrik" <hendrik.brockhaus@siemens.com>
To: Lijun Liao <lijun.liao@gmail.com>
CC: Russ Housley <housley@vigilsec.com>, "spasm@ietf.org" <spasm@ietf.org>
Thread-Topic: Mail regarding draft-ietf-lamps-cmp-algorithms
Thread-Index: AQHW0MqJja16stmT1UK1L4/mhTvoY6n2J3ZAgAB6XgCAAApo4IAAUu4AgAAZ3wCAAKKt8A==
Date: Tue, 15 Dec 2020 07:22:23 +0000
Message-ID: <AM0PR10MB24188B586A77823772BCD2ECFEC60@AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM>
References: <CANNx7D_=oQnDm-hFc=F1ie9KM2UfvTRCUjajfwfY9briS0dDdg@mail.gmail.com> <AM0PR10MB24180E4230B73681BE369678FEC70@AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM> <CANNx7D9pSYucE3oaBZ5CM+pmUXT5MAk5cttcxE87LhyuEWhKYQ@mail.gmail.com> <AM0PR10MB241866B0E0107177F147F7DAFEC70@AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM> <CANNx7D9hVJnR_6i6_j=xZefBUPgfea1f+uaaXJPadbVWXabAfQ@mail.gmail.com> <CANNx7D8OM9R=4NDSAu=pW7mgosx-FRoctc86JTmZp6cvPYQASg@mail.gmail.com>
In-Reply-To: <CANNx7D8OM9R=4NDSAu=pW7mgosx-FRoctc86JTmZp6cvPYQASg@mail.gmail.com>
Accept-Language: de-DE, en-US
Content-Language: de-DE
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_Enabled=true; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_SetDate=2020-12-15T07:22:21Z; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_Method=Standard; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_Name=restricted-default; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_SiteId=38ae3bcd-9579-4fd4-adda-b42e1495d55a; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_ActionId=ab502099-008d-4b43-875b-217ae0225e8c; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_ContentBits=0
document_confidentiality: Restricted
authentication-results: gmail.com; dkim=none (message not signed) header.d=none;gmail.com; dmarc=none action=none header.from=siemens.com;
x-originating-ip: [165.225.200.184]
x-ms-publictraffictype: Email
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: 687ee572-026e-4073-b185-08d8a0ca2aa7
x-ms-traffictypediagnostic: AM9PR10MB4213:
x-microsoft-antispam-prvs: <AM9PR10MB421305562C5BB8D10BA133FEFEC60@AM9PR10MB4213.EURPRD10.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: CBXiRzMtv0taw0IWRFuSWpnzOwWkfDYuKoDsiJekdDR9soTz/k9+dZaHY6fGxUrBvkSRJUvSN4i/0cA42QORx5//2PiwBOlNTGxR+fzBBhlap9dCXvR3YaqEAmnzEH2u95WuLfO+K1pY51qODiTwwukyFQ4dtJ0Xs52fR2p/bcUWN5ainOQWkEokjMiEViiTaGrUDMSjrRc7hLW9oSo4chca3kEOrBzm+PFE0pzAmtWa/yBpgJzEQU1nZnIp861/5vb0EVamnhrP+g1I6vsW7a9t/Iow77LaQHcHl2jpizMaWl4PPz+7m2Ogs42thqdT/RXmJX4KD5nF+GoeFxbCoaP1+JPlHL4yQ/0SuMol0bvWHH8lLCD0GOjnSzneDHLxzwqXk6iQvNHNAJ2If8bhivdN6w2ujEZGjn5LJ4TafY4Aq6LqMLHOx1KQairUUU0O3xj5lm2lTaSfnr574VuwPQ==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(4636009)(396003)(39860400002)(376002)(346002)(136003)(366004)(66556008)(86362001)(8936002)(8676002)(55236004)(4326008)(186003)(6506007)(9686003)(64756008)(52536014)(66476007)(53546011)(55016002)(76116006)(26005)(66946007)(66446008)(5660300002)(54906003)(71200400001)(316002)(7696005)(83080400002)(83380400001)(166002)(6916009)(478600001)(2906002)(33656002); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: GPFBBmQK7pzBg/AQti1EepVgiccpVbzqJO2w+x8UIrkdJsi7AiFKwMTVUj/6go8WfvsscsEVDtbqfXw5PeuRL2i30IyAw8giqfyQ9s5C6i79ckw94Xfjk1iBX+QvVY7zPyx2bV/uMrhT3VWcbrtpGU9lZpUYFaHoeuON+qWPX2SB9R++g2tSUoMF0JFuWTu0A0qCGON7KOxso5h3D/W9+aid3n0kUUiw7xtlCuluCPBMzsaKvhWGWrEfGMRT0ZQ/ut3jRVACOBjFEdd3Zt/TV7awRcqwowvnxrwESv3iKJq9IUE6kjX8aDRTrpqmwxVyT5am5uqzpoFQAaaoa1uFNlZGNjTmPBbvZ97JSAq0dr8QiOL1gm3VntJYmZ2/WQ8f2bAo8xhDFZdUCpy4QdPuJMvzNRcrBdfyMdtMdsARptGIAHwyEUMBHrWlJ7p1s+yvcKD2B5OnUzj8TfceCntqXO9ZMOGZ3v4ryImvkx82QxmZ0EjECriXAAuJRQJXV7NEFFBVDTqPey4RX+RhQwVnUFMIhwt+0uKux/KRpCxhU8+ANCu6+9d1BhNScF38TTDzP4NyoA6PVVEWLgQS/GKrQ2wrhB5Rf9Go433d/SCXD7jpg5SullVNsN1cSg6jJeWsDC8MlXb8Zi+bD3Z1AkLKLsc95Ec6cP6nSDQpwJxQ0rSPdnNkGkuOHuiGwRgPWOyWhe+4k9evQDFPhEPVn8pGcOiBe6JMXiyFmie0NwRZlFHuKJMdUz7FfBdoatiJFW5kHN2uB6Dr3LojEa9AuFUKFEwHch86x70iCpZ9NPIdy0SAejbreAeZe+MFqPDCeDyuQe/HreDTWe/vl4+SAwVGeVqToAGG1Lm9fL4I1xa7v9hHKKkyhYpyDpVhInsYe4EKgQ42h2NCDTCydYMnsjA7240fHLKvwIu2zwtmr+HcSEqFUyw2TXiP93FXVa62iI2a+XNKXDL8q1x4edj0wNTLn1/VPa9L5o8hD9BeBGWB+1xLEeevbb0RPYdul7yGY1tY
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_AM0PR10MB24188B586A77823772BCD2ECFEC60AM0PR10MB2418EURP_"
MIME-Version: 1.0
X-OriginatorOrg: siemens.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 687ee572-026e-4073-b185-08d8a0ca2aa7
X-MS-Exchange-CrossTenant-originalarrivaltime: 15 Dec 2020 07:22:23.1446 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: Q2vBpYxk0k3ZSRPcJLCqluzSDZawEIegq6JDSQIiwthrv3bJ57akg4zBG9O2dLLs13hNUzrcI40r8JL2tty2ADYNOKbLpcdHujLaOVVIgLo=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM9PR10MB4213
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/xnKMkJqoL1U0hc-kjCOOmqU4QhY>
Subject: Re: [lamps] Mail regarding draft-ietf-lamps-cmp-algorithms
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Dec 2020 07:22:30 -0000
Lijun Thank you for explaining your requests. I am open to also add SHA3 and I see your points regarding PKCS#11 support. But, currently from the SHA3-family only SHAKE128 and SHAKE256 are specified for use in X.509 and CMS. Therefore, you should rise your request to support SHA3 to the LAMPS mailing list and possibly submit a draft on this. Thank you for the reference. I will cover RSASSA-PSS as alternative to PKCS#1 V1.5. I am also open to keep RSA-OAEP. As this was discussed during the WG meeting, you should also bring this request to the attention of the group, to get a joined decision. Anyhow, the document dose not aim to specify an exclusive list of algorithms to support. The goal is to have at least one set of algorithms as main line and one as successor. The document should also cove the most widely used algorithms. As for usage in CMP, the algorithms to support in CMP implementations strongly depend on the certificates to be used by the CMP endpoints for authentication and on the certificates to manage. I copied the WG mailing list to this conversation, to bring you valuable point also to their attention. Any feedback from the group is of course welcome. Best regards, Hendrik Von: Lijun Liao <lijun.liao@gmail.com> Gesendet: Montag, 14. Dezember 2020 22:09 An: Brockhaus, Hendrik (T RDA CST SEA-DE) <hendrik.brockhaus@siemens.com> Cc: Russ Housley <housley@vigilsec.com>; draft-ietf-lamps-cmp-algorithms@ietf.org Betreff: Re: Mail regarding draft-ietf-lamps-cmp-algorithms Another issue, in the meeting minutes of IETF 109, datatracker.ietf.org/meeting/109/materials/minutes-109-lamps-00<https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fdatatracker.ietf.org%2Fmeeting%2F109%2Fmaterials%2Fminutes-109-lamps-00&data=04%7C01%7Chendrik.brockhaus%40siemens.com%7Cefc83cd1b17e4580d06208d8a0747b32%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C637435769436155584%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=ozaYtHQmvLib1VlKpZLuriL97MTXZqHCLHpOkrhoXdo%3D&reserved=0> "Current key transport algorithms is PKCS#1 V1.5 and RSAES-OAEP. Russ has not seen RSAES-OAEP in the wild. Hendrik will remove RSAES-OAEP." Be careful while removing RSAES-OAEP, the BSI cryptographic recommendations of 2020 (https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/TechGuidelines/TG02102/BSI-TR-02102-1.html<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.bsi.bund.de%2FSharedDocs%2FDownloads%2FEN%2FBSI%2FPublications%2FTechGuidelines%2FTG02102%2FBSI-TR-02102-1.html&data=04%7C01%7Chendrik.brockhaus%40siemens.com%7Cefc83cd1b17e4580d06208d8a0747b32%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C637435769436165577%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=27%2B9VsJhXMcH2lRn2yxh4icvomXM7RGQ%2FcDvVF7%2F8sI%3D&reserved=0>) deprecates the usage of PKCS#1 v1.5 for the encryption (also for the signature), and suggests RSAES-OAEP instead. At page 18: "RSA with PKCS1v1.5 padding: In principle, usage of this padding format is encouraged neither for encryption nor for signature applications, since RSA-OAEP respectively RSA- PSS offer more solid theoretical security guarantees. Moreover, RSA implementations with PKCS1v1.5 padding turned out to be more susceptible to attacks exploiting side-channel information or implementation errors." And at page 38: "Encryption and Decryption: ... Usage of the older PKCS#1v1.5 paddings is not recommended, as in this context variations of the Bleichenbacher attack [17] have repeatedly turned out to be a problem, see e.g. [20] for a recent example." - Lijun On Mon, Dec 14, 2020 at 8:36 PM Lijun Liao <lijun.liao@gmail.com<mailto:lijun.liao@gmail.com>> wrote: As specified in RFC Section 10.1.6, "Key derivation algorithms convert a password or shared secret value into a key-encryption key", in my opinion, it is the correct location to specify the HKDF to derive from shared secret. This is very useful in IoT areas, since it is much quicker than the PBKDF (no iteration is required in HKDF). Regard SHA3, I agree that from aspect of functionality, SHAKE can replace SHA3 completely. But if considering the current PKCS#11 specification, SHA3 is defined as the hash algorithm together with the raw signature mechanism RSA, DSA and ECDSA, and is also in HMAC, HKDF, but SHAKE only in HKDF. Considering PKCS#11 is widely used, and currently SHA3s are the approved algorithms, but shake still not, if SHA3 is excluded from the specification, for a very long time, we will keep to use only the sha2. Please also note that the industrial / commercial CA/RA use FIPS 140 certified HSMs, and SHAKEs are not in the approved list. So please reconsider to add the support of SHA3. Best regards Lijun Brockhaus, Hendrik <hendrik.brockhaus@siemens.com<mailto:hendrik.brockhaus@siemens.com>> schrieb am Mo., 14. Dez. 2020, 17:27: Russ, Lijun @Russ, is it OK to use a HKDF as keyDerivationAlgorithm in PasswordRecipientInfo to solve Lijuns scenario? @Lijun, here is the link to the meeting minutes of IETF 109, datatracker.ietf.org/meeting/109/materials/minutes-109-lamps-00<https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fdatatracker.ietf.org%2Fmeeting%2F109%2Fmaterials%2Fminutes-109-lamps-00&data=04%7C01%7Chendrik.brockhaus%40siemens.com%7Cefc83cd1b17e4580d06208d8a0747b32%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C637435769436165577%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=%2BiEbeoC4ZW0849dD4Fs4XjKQe%2FNekDH%2Br6FeLMnR3fs%3D&reserved=0>. Unfortunately the discussion SHAKE vs. SHA3 is not documented in the minutes. I remember the discussion, that SHAKE offers mor flexibility than SHA3, but SHA3 does not offer more security than SHAKE. But I do not fully remember the discussion. @Russ, can you give Lijun the background, why SHA3 is not sued for X.509 and CMS, but SHAKE. - Hendrik Von: Lijun Liao <lijun.liao@gmail.com<mailto:lijun.liao@gmail.com>> Gesendet: Montag, 14. Dezember 2020 15:02 An: Brockhaus, Hendrik (T RDA CST SEA-DE) <hendrik.brockhaus@siemens.com<mailto:hendrik.brockhaus@siemens.com>> Cc: draft-ietf-lamps-cmp-algorithms@ietf.org<mailto:draft-ietf-lamps-cmp-algorithms@ietf.org> Betreff: Re: Mail regarding draft-ietf-lamps-cmp-algorithms Dear Hendrik, Related to the HKDF, there are Scenarios where bot CA and CMP client share secret other than passwords, 1) the secret is not qualified for the encryption / decryption, e.g. the 16 byte secret but they want to use AES 256; 2) or they do not want to use the secret as direct key to protect the secret. Related to the SHA3, could you please share the meeting notes, if permitted. Best regards Lijun Brockhaus, Hendrik <hendrik.brockhaus@siemens.com<mailto:hendrik.brockhaus@siemens.com>> schrieb am Mo., 14. Dez. 2020, 07:53: Dear Lijun Thank you very much for your review. Currently I am preparing the next update to address the guidance from IETF109. See my comments below. Von: Lijun Liao <lijun.liao@gmail.com<mailto:lijun.liao@gmail.com>> Gesendet: Samstag, 12. Dezember 2020 22:05 An: draft-ietf-lamps-cmp-algorithms@ietf.org<mailto:draft-ietf-lamps-cmp-algorithms@ietf.org> Betreff: Mail regarding draft-ietf-lamps-cmp-algorithms Dear authors, here some comments on this draft: 1. Editorial error in Section 2.1. SHA2 "The message digest algorithms SHA-224, SHA-256, SHA-384, and SHA-512 produce a 224-bit are identified by the following object identifiers (OIDs)" Only the SHA-224 produces 224-bit output. It is better to remove the text "produce a 224-bit". [Bro] I have removed this sentence. 2. Editorial error in Section 3. Signature Algorithms "Signature algorithm identifiers are located in ... signatureAlgorithm field of p10cr, ..." "Signature values are located in ... signature field of p10cr, ..." p10cr should be corrected to CertificationRequest. [Bro] Thank you. I will have to check this, but I think you are right. Finally the p10cr message type contains the CertificationRequest. 3. Signature algorithm Please also consider the Ed25519 and Ed448 (see RFC 8410) [Bro] I added them. 4. Hash algorithm in MAC, Signature algorithm and PBKDF2 Please also consider SHA3 (and SHAKE). [Bro] After discussion at IETF109 it was decided to add SHAKE and not to add SHA3, similar to other protocols and formats like X.509 and CMS. 5. Key derivation algorithms Please also consider HKDF. [Bro] Currently there is only a password-based key derivation required. If I add symmetric key management technique, I would also need to add a symmetric key based algorithm. May be I have overlooked something. Where do you want to use the HKDF? 6. ECDH Please consider X25519 and X448 (see RFC 8410) [Bro] I added them. Hendrik -- Lijun Liao
- Re: [lamps] Mail regarding draft-ietf-lamps-cmp-a… Brockhaus, Hendrik
- Re: [lamps] Mail regarding draft-ietf-lamps-cmp-a… Russ Housley
- Re: [lamps] Mail regarding draft-ietf-lamps-cmp-a… Lijun Liao
- Re: [lamps] Mail regarding draft-ietf-lamps-cmp-a… Russ Housley