Re: [lamps] draft-ietf-lamps-cms-shakes-07
Jeffrey Walton <noloader@gmail.com> Thu, 28 February 2019 22:37 UTC
Return-Path: <noloader@gmail.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AB4C0131057 for <spasm@ietfa.amsl.com>; Thu, 28 Feb 2019 14:37:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yDYUWi_bXNiU for <spasm@ietfa.amsl.com>; Thu, 28 Feb 2019 14:37:56 -0800 (PST)
Received: from mail-it1-x132.google.com (mail-it1-x132.google.com [IPv6:2607:f8b0:4864:20::132]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8DE8D13104E for <spasm@ietf.org>; Thu, 28 Feb 2019 14:37:56 -0800 (PST)
Received: by mail-it1-x132.google.com with SMTP id 188so18416978itb.0 for <spasm@ietf.org>; Thu, 28 Feb 2019 14:37:56 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:reply-to:from:date:message-id :subject:to:cc; bh=oOIWjExDqqipVIeRnHeL0g3k/aVzbvYKopMZ7IrbJlM=; b=F2P9bckInhYd5kyH4kQVrsoZVxKFk3aidOhGC+N4+YhBat3/SvH+Xd+W1X3HcJVPqx dyniDssLV5mbAbuVnj0calXFX3BH647baGXuR/oa6gx2jIBkecpMLGYwS1bZzWOamrGp jWRlofJRPurv4bLkZlEzeTf7qvHWWjftPP2FtEZ/7cf2tnDDuCzjaKtiynES4sc/nRSj CbVZzg0EVqHmIICwDm55QyCBGZceeKW6BOcBdMl3cuYnrb9aP6KthBnM4nvM3bL8tQZA +U9vCaywKQ2hNdIZaTxBHqhYdMpRh4JKOXWlyEHhs9locNvoOFcJsJN1q6t0H7P8jmHZ VZ/A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:reply-to :from:date:message-id:subject:to:cc; bh=oOIWjExDqqipVIeRnHeL0g3k/aVzbvYKopMZ7IrbJlM=; b=GlRZVnYXVkXdIxQwPT81RjJ5l175tAwpm0hDucHTjkYmCG0Z+JuuONC9fgmVeqOl51 KNESp852Ua9PZqnU097MCeqnDvjx9ZJzeVqluBo7VyaAyrTjJ1Bm+Txi3KCuq5qczH3N dFpV0WQe0DwUT+Gdx+5jcJqp+Ong72NN2ZoXucrMxb1R+ZUkLKPsWqhO0o4WrdXaAt8y FfvuYRDFCWZjFSxl5mm0wxDFavqM7UPOUDQthhbn8gTCYg5ua69AyzjyBd5ddWXImAuO db0Gk7iER6x53q1O4tcBhXgguGrzOAkoWjjKhAj5cKoK9sD1NUrgxWCH7UM1kEpc0qKg rfsQ==
X-Gm-Message-State: APjAAAWiwkDldeHdQkOO6wEA0DbZXscRV3qo1HKALIAHrEUYlKD5eWUj sIlZ8jvkAKqDg8Y9uDP9lbWYLVjVMNhfdXj5OV3o1M3w
X-Google-Smtp-Source: APXvYqy9P+W40LIyX92bwFkVAudWiyvPiZoYUZzdrZUcWKmJk3ieToX7DbCWIfF7YLAk1Kx2zsl/Di9ldycpSFR4iJ0=
X-Received: by 2002:a24:3a12:: with SMTP id m18mr1325338itm.5.1551393475654; Thu, 28 Feb 2019 14:37:55 -0800 (PST)
MIME-Version: 1.0
References: <8A2F741C-3E8A-4D7A-B70C-F570932DD96C@vigilsec.com>
In-Reply-To: <8A2F741C-3E8A-4D7A-B70C-F570932DD96C@vigilsec.com>
Reply-To: noloader@gmail.com
From: Jeffrey Walton <noloader@gmail.com>
Date: Thu, 28 Feb 2019 17:37:36 -0500
Message-ID: <CAH8yC8np1U23YT1Kb6VWz0M3k6nT4K6EARUuZbaktbnv+RzEeA@mail.gmail.com>
To: Russ Housley <housley@vigilsec.com>
Cc: SPASM <spasm@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/gTK8nOi-7jsDbHO00nw5eq0wqAo>
Subject: Re: [lamps] draft-ietf-lamps-cms-shakes-07
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Feb 2019 22:37:59 -0000
On Thu, Feb 28, 2019 at 5:10 PM Russ Housley <housley@vigilsec.com> wrote: > > I was just looking at this document, and an inconsistency jumped out at me. > > Section 4.1 says that id-shake128-len and id-shake256-len have no parameters. > > However, as used in RFC 8419 has a parameter: > > hashAlg-SHAKE256-LEN ALGORITHM ::= { OID id-shake256-len > PARMS ShakeOutputLen } > > id-shake256-len OBJECT IDENTIFIER ::= { hashAlgs 18 } > > ShakeOutputLen ::= INTEGER -- Output length in bits > > On the other hand, id-shake256 has no parameters: > > hashAlg-SHAKE256 ALGORITHM ::= { OID id-shake256 } > > id-shake256 OBJECT IDENTIFIER ::= { hashAlgs 12 } > > I think this needs to get sorted out before draft-ietf-lamps-cms-shakes goes to IETF Last Call. >From the algorithmic point of view, SHAKE digests can be truncated in the traditional way. The truncated digest does not affect the output of the hash. That is, a smaller digest size produces a prefix of a longer one. cSHAKE is different. The digest size affects the calculation of the digest. Different digest sizes will produce different hashes, and the prefix behavior does not hold. The one area of confusion I have observed is, what is the default output size of SHAKE-128 or SHAKE-256. For example, for SHAKE-128, some libraries use 16, and some use 32 as the default digest size. The SHAKE digest size is probably not needed as long as the digest size is unambiguously stated for interop purposes. Jeff
- [lamps] draft-ietf-lamps-cms-shakes-07 Russ Housley
- Re: [lamps] draft-ietf-lamps-cms-shakes-07 Jeffrey Walton
- Re: [lamps] draft-ietf-lamps-cms-shakes-07 Panos Kampanakis (pkampana)