IETF Logo Mail Archive

Re: [lamps] [EXTERNAL] [EXT] Re: WGLC for draft-ietf-lamps-cms-sha3-hash

Mike Ounsworth <Mike.Ounsworth@entrust.com> Wed, 07 February 2024 18:02 UTC

Return-Path: <Mike.Ounsworth@entrust.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9383AC14CF18 for <spasm@ietfa.amsl.com>; Wed, 7 Feb 2024 10:02:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.006
X-Spam-Level:
X-Spam-Status: No, score=-7.006 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=entrust.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id L3lZjysUiQFl for <spasm@ietfa.amsl.com>; Wed, 7 Feb 2024 10:02:30 -0800 (PST)
Received: from mx08-0015a003.pphosted.com (mx08-0015a003.pphosted.com [185.183.30.227]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 96FDEC14CF12 for <spasm@ietf.org>; Wed, 7 Feb 2024 10:02:29 -0800 (PST)
Received: from pps.filterd (m0242863.ppops.net [127.0.0.1]) by mx08-0015a003.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 417CJx0I003300; Wed, 7 Feb 2024 12:02:25 -0600
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=entrust.com; h= from:to:cc:subject:date:message-id:references:in-reply-to :content-type:mime-version; s=mail1; bh=Bdx6iJrwJBxoYSvdWUKArE7U nmn/g37wIcnT4j+UGYY=; b=W+D0ygpLzP6T+BYcXd7yhgPslrC/mbCk05XZ1vMt 4FeLVkWTOF3a7mY6lVopGKz9TBWtU2VJRTF8nTN/SGN+LYPPs2KCOB4Mm66Jjaku ubAW6qyB8DTkgzL92AsvhhqnWWF4SYIMcDQMQvn+4IRfJyIilRWhAv1i1hSajiXC zW2GXQ08zxufXz+iD7PNLNEieB60nlnF7UOHwL3mGg5Qc06PxFRFi5aMX1EF0SGn KhrVUSEIrz1PFrVv3F5PInnFsFGSLMOJhMqgaSP5dRT5fpSesJaz2ayAHQToRhzZ aFYxQ8IogKRZ21argdv05cUuPxRTRJHX3INDiEGdXFATSQ==
Received: from nam04-mw2-obe.outbound.protection.outlook.com (mail-mw2nam04lp2168.outbound.protection.outlook.com [104.47.73.168]) by mx08-0015a003.pphosted.com (PPS) with ESMTPS id 3w1hbqyk9b-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 07 Feb 2024 12:02:24 -0600 (CST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=OWnWov6APZb3LShA4tHpgiNEhs6HuuY8+M8/MpiOtL70AKUiBdHaiMq8ZYaKX21h276pYy9FfZEKzfUPH/w7o0PNpXZtCEptxsEwh7yBmrtm8FJP72458LWWqwYb5Il3JK1dzaEzLjH1uoDrciIBkueqOdC03Qsi7voKK9nkgOd5m70JUl9QCW4DqqhP/7s7E4fXbKFq6fVETSxYzMTaO49JhQr3M3/9fz3kIy2DTmpUHdN2Mu3Su4hnYQ2Gf/SFqA/nDcI51XKnqiZk36MtBo01wf3Y3SeO1XJVO/xLEdfS1QwZJZmWFpJSb7Shx3zj3572Vngou+EtGy37NSKMMg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Eje/Rg8pxx0dqXWvC5lCXikFbNUuO6IilXG2siyU410=; b=dHF2yVRCj4ZcgQv3wBVVosg9AoYxxAbjy0PB9Z3nDEMJjEJPgtdw2agf4lxu80Jze6eslVGytCYn09s0SHEwc7ym0zzQsissb3qjIqA+9wPgqH5TsAgAt99CE7TRQ5iOA/z/FO1hJtU2X0yeK2l/xWoWfFsAknrFyFKgdGZJHngYnXuPD9QReDl6zbRdv/BvY27Io4IqTNbCv/zeIQcaxU8hFU2X2llNi85L+w8W2wL27jAOuBlTK8PO6R3n4R5CmVcF9KAi1RsZcEI1Wsa8hGNowTC0XYBl7gEezsIjys8aiq1dGzUEPNhmCqyOF5olv2lusLQOqHwwbqqzgYFE7Q==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=entrust.com; dmarc=pass action=none header.from=entrust.com; dkim=pass header.d=entrust.com; arc=none
Received: from CH0PR11MB5739.namprd11.prod.outlook.com (2603:10b6:610:100::20) by DM4PR11MB5503.namprd11.prod.outlook.com (2603:10b6:5:39f::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7249.36; Wed, 7 Feb 2024 18:02:18 +0000
Received: from CH0PR11MB5739.namprd11.prod.outlook.com ([fe80::d401:ba56:87f2:7eb8]) by CH0PR11MB5739.namprd11.prod.outlook.com ([fe80::d401:ba56:87f2:7eb8%6]) with mapi id 15.20.7249.035; Wed, 7 Feb 2024 18:02:18 +0000
From: Mike Ounsworth <Mike.Ounsworth@entrust.com>
To: Russ Housley <housley@vigilsec.com>
CC: Uri Blumenthal <uri@ll.mit.edu>, Daniel Van Geest <daniel.vangeest.ietf@gmail.com>, SPASM <spasm@ietf.org>
Thread-Topic: [EXTERNAL] [lamps] [EXT] Re: WGLC for draft-ietf-lamps-cms-sha3-hash
Thread-Index: AQHaWe7GXPUpFoVa4EyG2hOhmrAWJrD/K68A
Date: Wed, 07 Feb 2024 18:02:18 +0000
Message-ID: <CH0PR11MB5739B27D8905B65F5737BF209F452@CH0PR11MB5739.namprd11.prod.outlook.com>
References: <SN7PR14MB6492B10C0593B89D36FE221E837D2@SN7PR14MB6492.namprd14.prod.outlook.com> <CH0PR11MB5739C5F3417263871C60C5649F462@CH0PR11MB5739.namprd11.prod.outlook.com> <CH0PR11MB5739E26AF94E538B30D440389F462@CH0PR11MB5739.namprd11.prod.outlook.com> <0F0F606F-6B33-4896-ACDF-8388E28BC258@vigilsec.com> <02e401da59db$d2d2c830$78785890$@gmail.com> <7D181DEE-933F-4E19-82BB-F3CE9BD15504@ll.mit.edu> <C61A2777-D678-4B8F-B20B-303CDBF195BE@vigilsec.com> <CH0PR11MB573990B3E0E1B77B9729C3269F452@CH0PR11MB5739.namprd11.prod.outlook.com> <4EA17D5B-D69B-4A61-8D7F-E3FC8502F100@vigilsec.com>
In-Reply-To: <4EA17D5B-D69B-4A61-8D7F-E3FC8502F100@vigilsec.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: CH0PR11MB5739:EE_|DM4PR11MB5503:EE_
x-ms-office365-filtering-correlation-id: 1d3e9224-2df0-449e-58fa-08dc2806ecd7
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 1Mz6kpAZYI9500KORFbFAK62JALdz9rRsCQf5Cf/1L0fDxKBn9zpipiMBrqQVky71gMmf4DqHShW7f3wA75L3oZKe0Mv3BdfRK+HQp7cK15DuUW1Qu1sX5Jukc3ENQUFtw0VBEVA4SLuOu3LCI4k+OsxN4ssmO+ZlLuuD/zyaDzCG1KAI/35Ee1mUGNp+mP9ZCL5hA0aMqX8aiYZFHYv6Xe3EuorLJMooTrd3rkv+MXXqQwr0h7/fZN1h5eY224rGiNUTRVSrielZuIxScLjuRDrWBAHfVxvGP9FRHa32BgsPpexHycEnrHg0njGKpGSEIRw3SSMqXMSxB/ISjLtMROLQD3nJ42345osbwjsYdueI1y7AhDOrmAZSFmniu3SguDQvUU+7lcf9WjteXVqtoe6nUbw+C9q8jmmZDFdnbVNpmQ3lI8E4nIO8RpePlrHw6V5iABEKhrKTb/fQfQY0COGyxSZ+rXsKeKwBX9FdJul1eDV6NXeu/FoYAQQRn0T9FWmTluLiptt4eG/QTsaoyGhrBG77xS9o52I812pK2D4Thu8RwqTguldIwnHF6tYDcMCZIaBwUXZWvFaUDPfzwhNTw9RNyZPECCIvSf6/ns=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CH0PR11MB5739.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(346002)(39860400002)(136003)(376002)(366004)(396003)(230273577357003)(230922051799003)(1800799012)(64100799003)(186009)(451199024)(52536014)(2906002)(5660300002)(55016003)(41300700001)(86362001)(122000001)(26005)(38100700002)(54906003)(33656002)(66946007)(7696005)(64756008)(53546011)(6506007)(9686003)(8676002)(71200400001)(76116006)(8936002)(83380400001)(66446008)(166002)(966005)(478600001)(6916009)(66556008)(66476007)(99936003)(38070700009)(4326008)(316002); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: f5785OBZmFD9zKBQP8WNMMqwFPn5hUVp4P4kMcYKoZ1EXK0QYuTy5OIJbMkVKTdZ1aia9rrD0xTyxCkZeRORpKwFHtdlhH8eEiwlQ2W2eY9DsgvFI9V70x0DePJzx/D4eDP8+xQqm85UWRchXbRhXGiAoypKSgXNLYYCj6MCuuU4Ci+wUKQA2Do1KNCcRwCkluYmkab2RU1yyG37EL1F4b1yeh/OE5n4w2erbGg3aWsFm0LlmsZOw9Ft22bTlF2AteblaaSiBvYQQS4vSpSQIkqlNYdNdEal9Tdsljg13GF7h7CghXKWrR9JeHsrHTRyG47su2Sphq2pnC34puxld7AwpoLcVPiBL/wh/NIFHJwspnCPupkhis7eahyTd8SYOvKl+hIZFHd2rcwOO49TXmOUNfWWJWfTHW6kaWdCa/CsB09HpfYiuWGYLUjYI0/pbKtRb89TEmUsYArtSbZreuSUmJuMYtaAk/TRDHjDgXFUuBTL5zTK2ZVdBZFL+0f3AOqh5HM2qpVjK0c5a6h7VPEutDCrp6vsuc7kGJFKyrcLIm6zedrcObumLWs33Uvnna/yxxkcPmdy7uanxCE+VH1koWOtHPKv0qG35BNSb9ZGD809eGoJK4AXRfRuxIDthz5EuaR/AggDxqEtX1675kFK+IWtq3fT30OweBxoTL8Bnw87eUlNqKCC61RNKVch/wSZltJLni1uukErr/yLj/Q08oDXT+xXmrFSyq324hBlP8qKMwIRjkRsP/v0OAmL39lyhj6f0523QpNMhFsHGCPYUWUSdLnXVJUnZAqJJdqnN2AGiDJDEHxggMF7m7hCuWb08SM0dfkdhjNOfdkXOQilUowhSczC8HlxMPQLL6GXMtmOJZJ3VBzwTBrY6JefTq7qzHVB/1yJDgcYvrLnOsIoMCtYqTwfQJaBmYsgyhVj7Vo0q6G081HbCeAElMFyPcOBP1yznV5FGIF13Q8mxL18x3AMaHG7R1aSDZWMOyOzDdvnQ+1FVOaLtv8rS2z/zXq9JBlRi1yYS7eSB6oIAhi1421/FVhmd/cKHN0V5J4o0BXkQrL7vXiZcp9bBTdc1wWtQ7QLyT05FzQ6UkbsuE271WHMQgXCDdlW7IyLvm4tU61p+MKaAXN7yewmu83AXuwRnZKUIZutVufV1aZ5vLxZl3zmvKdhdTx8Hk88+COhv7py2bM1WWWJgLC6j+ZZTDtu5xeWnXcl9hzfwhDHd/lT7x0C10NMMsiXQOkxDTNUl2anSzgCRI3M2SGUmZV4s4GktNmVUzFqkRZaB9KAe9Ip0s/RW1G2ouqlDjU3PayhEbSV+wEPHuFi1i3irR2eKItsxFPIeVlvndqZjt3AeZU2GWXVa2IGcihSwsvCLP3VkH+0u8o3r0Ed0J0ZumvN1j2Z1YC+1hdcpfZsqYq5UvCxNlyPGh7qFEise7ukdHHcaZ5NUNlppJWAhEWdvg2TdqkBeqMIbU9nEwTzmS58Fwppt3FsCD8ldZWVQpEefbDNGSzMC7xCTp6QaehN+CSFfmLDwGW3gKzPlr0vYApMa0mLAyEYP6MpGtir86JysLhtbeMao3JoKp5+WE1Z5LLLyBohiqSVpNJc2+ozRuL82w==
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="SHA1"; boundary="----=_NextPart_000_028B_01DA59BD.7EE663D0"
MIME-Version: 1.0
X-OriginatorOrg: entrust.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CH0PR11MB5739.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 1d3e9224-2df0-449e-58fa-08dc2806ecd7
X-MS-Exchange-CrossTenant-originalarrivaltime: 07 Feb 2024 18:02:18.7803 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f46cf439-27ef-4acf-a800-15072bb7ddc1
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: glEvmSKCI0syVU34r2IQSK/wBNDzhntkaKKAM/LREjqhVnIik+cxerh6zjAgU20A6O5T7DEMj0Od6NCJTYTCOuE65qwnfepiiqK4P4tXbes=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM4PR11MB5503
X-Proofpoint-GUID: cIJ6ehZYPnbUX5d3HyAsyvW_q535itrz
X-Proofpoint-ORIG-GUID: cIJ6ehZYPnbUX5d3HyAsyvW_q535itrz
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-02-07_09,2024-02-07_01,2023-05-22_02
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 mlxscore=0 spamscore=0 phishscore=0 lowpriorityscore=0 mlxlogscore=999 clxscore=1015 impostorscore=0 priorityscore=1501 adultscore=0 suspectscore=0 bulkscore=0 malwarescore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2401310000 definitions=main-2402070133
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/iUJXOskmuQQUY7OAtVTcdklwVWg>
Subject: Re: [lamps] [EXTERNAL] [EXT] Re: WGLC for draft-ietf-lamps-cms-sha3-hash
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: This is the mail list for the LAMPS Working Group <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Feb 2024 18:02:34 -0000

Russ:

 

Awesome. Fully agree.

 

---

Mike Ounsworth

 

From: Russ Housley <housley@vigilsec.com> 
Sent: Wednesday, February 7, 2024 11:55 AM
To: Mike Ounsworth <Mike.Ounsworth@entrust.com>
Cc: Uri Blumenthal <uri@ll.mit.edu>; Daniel Van Geest <daniel.vangeest.ietf@gmail.com>; SPASM <spasm@ietf.org>
Subject: Re: [EXTERNAL] [lamps] [EXT] Re: WGLC for draft-ietf-lamps-cms-sha3-hash

 

Mike: I have sent email to NIST to see whether they will assign OIDs for KMAC as a KDF as specified in NIST. SP. 800-108r1. If so, I'm pleased to add another subsection to the draft for these KDFs. They are more efficient that HKDF using SHA-3, 



Mike:

 

I have sent email to NIST to see whether they will assign OIDs for KMAC as a KDF as specified in NIST.SP.800-108r1. If so, I'm pleased to add another subsection to the draft for these KDFs.  They are more efficient that HKDF using SHA-3, but I'm not sure we should remove those sections.  There is a lot of adoption of HKDF in many different contexts.

 

Russ

 





On Feb 7, 2024, at 12:06 PM, Mike Ounsworth <Mike.Ounsworth@entrust.com <mailto:Mike.Ounsworth@entrust.com> > wrote:

 

Russ,

 

I don’t think we’re talking about KMAC as a MAC – we’re talking about KMAC as a KDF, right?

 

draft-ietf-lamps-cms-sha3-hash Section 5: Key Derivation Functions lists

 

* HKDF with SHA3

* KDF2 and KDF3 with SHA3

 

HKDF is HMAC underneath, which will be 2 invocations of SHA3. I don’t know what the KDF2 or KDF3 constructions are because I am not paying for the document.

 

KMAC is only a single invocation of SHA3, so I think this document would benefit from defining id-alg-kdf-kmac-128 and id-alg-kdf-kmac-256, with suitable instantiations of KMAC, in addition to the HKDF and KDF2 / KDF3 ones that are already in there.

 

Copying from my parallel email on this thread, there will be existing implementations of HKDF-SHA2 where the existing crypto agility easily allows for substitution of SHA2 for SHA3, but may not easily allow for substitution of the entire construction for KMAC, so I think there is value in leaving HKDF-SHA3 in.

 

---

Mike Ounsworth

 

From: Spasm <spasm-bounces@ietf.org <mailto:spasm-bounces@ietf.org> > On Behalf Of Russ Housley
Sent: Wednesday, February 7, 2024 10:09 AM
To: Uri Blumenthal <uri@ll.mit.edu <mailto:uri@ll.mit.edu> >
Cc: Daniel Van Geest <daniel.vangeest.ietf@gmail.com <mailto:daniel.vangeest.ietf@gmail.com> >; SPASM <spasm@ietf.org <mailto:spasm@ietf.org> >
Subject: [EXTERNAL] Re: [lamps] [EXT] Re: WGLC for draft-ietf-lamps-cms-sha3-hash

 

Uri: KMAC with SHAKE128 and KMAC with SHAKE256 are already specified for use as Message Authentication Codes in RFC 8702. Russ On Feb 7, 2024, at 10: 50 AM, Blumenthal, Uri - 0553 - MITLL <uri@ ll. mit. edu> wrote: > So then, are there 

Uri:

 

KMAC with SHAKE128 and KMAC with SHAKE256 are already specified for use as Message Authentication Codes in RFC 8702.

 

Russ

 

On Feb 7, 2024, at 10:50 AM, Blumenthal, Uri - 0553 - MITLL <uri@ll.mit.edu <mailto:uri@ll.mit.edu> > wrote:

 

>   So then, are there any suggestions on what to do with this?  Keep hkdf-with-sha3* and make  <mailto:mjos@pqshield.com> @Markku-Juhani O. Saarinen unhappy? 

 

I’m against it. I.e., count me as “unhappy” in this case too.

 

>  Slide KMAC into draft-ietf-lamps-cms-sha3-hash? Spin up a new draft for KMAC? 

 

Spinning up a new draft for KMAC sounds reasonable. I wouldn’t worry that it uses cSHAKE rather than SHA3.

 

>  Define an OID for KMAC in draft-ietf-lamps-cms-kyber (yuck)?

 

My gut feeling is “No”.

 

>  Force draft-ietf-lamps-cms-kyber to use KDF3 like rfc5990bis (and further commit to a paywalled spec)?

 

Absolutely not.

 

 

 

From: Spasm <spasm-bounces@ietf.org <mailto:spasm-bounces@ietf.org> > On Behalf Of Russ Housley
Sent: Tuesday, February 6, 2024 8:51 PM
To: Mike Ounsworth <Mike.Ounsworth=40entrust.com@dmarc.ietf.org <mailto:Mike.Ounsworth=40entrust.com@dmarc.ietf.org> >; Markku-Juhani O. Saarinen <mjos@pqshield.com <mailto:mjos@pqshield.com> >
Cc: Tim Hollebeek <tim.hollebeek=40digicert.com@dmarc.ietf.org <mailto:tim.hollebeek=40digicert.com@dmarc.ietf.org> >; SPASM <spasm@ietf.org <mailto:spasm@ietf.org> >
Subject: Re: [lamps] WGLC for draft-ietf-lamps-cms-sha3-hash

 

Mike and Markku:

 

Section 5 was added in October 2023because someone asked for KDFs.  I do not recall the source of the request.

 

Russ








On Feb 6, 2024, at 3:21 PM, Mike Ounsworth <Mike.Ounsworth=40entrust.com@dmarc.ietf.org <mailto:Mike.Ounsworth=40entrust.com@dmarc.ietf.org> > wrote:

 

Sorry, too quick on the SEND.

 

Markku is questioning why we need section 5.1 HKDF with SHA3.

 

---

Mike Ounsworth

 

From: Spasm < <mailto:spasm-bounces@ietf.org> spasm-bounces@ietf.org> On Behalf Of Mike Ounsworth
Sent: Tuesday, February 6, 2024 2:20 PM
To: Tim Hollebeek < <mailto:tim.hollebeek=40digicert.com@dmarc.ietf.org> tim.hollebeek=40digicert.com@dmarc.ietf.org>; SPASM < <mailto:spasm@ietf.org> spasm@ietf.org>; Markku-Juhani O. Saarinen < <mailto:mjos@pqshield.com> mjos@pqshield.com>
Subject: [EXTERNAL] Re: [lamps] WGLC for draft-ietf-lamps-cms-sha3-hash

 

I’m just gonna lob this in on  <mailto:mjos@pqshield.com> @Markku-Juhani O. Saarinen’s behalf.

 

He commented this morning that it’s un-necessary to do HMAC with SHA3. If you need a MAC, then KMAC is a single invocation of SHA3 vs two invocations in HMAC. And if you only need a KDF then (I think?) naked SHA3 is fine?

 

I’ll leave it to Markku to give the details here, but I wanted to make sure this got logged before WGLC closes.

 

---

Mike Ounsworth

 

From: Spasm < <mailto:spasm-bounces@ietf.org> spasm-bounces@ietf.org> On Behalf Of Tim Hollebeek
Sent: Tuesday, January 30, 2024 2:43 PM
To: SPASM < <mailto:spasm@ietf.org> spasm@ietf.org>
Subject: [EXTERNAL] [lamps] WGLC for draft-ietf-lamps-cms-sha3-hash

 

Hello,

 

Russ has suggested that draft-ietf-lamps-cms-sha3-hash might be ready for WGLC, and since it’s a pretty simple draft that seems like a pretty reasonable way to flush out any remaining comments and problems.

 

Therefore this is the WGLC for draft-ietf-lamps-cms-sha3-hash:

 

Use of the SHA3 One-way Hash Functions in the Cryptographic Message Syntax (CMS)

 <https://urldefense.com/v3/__https:/datatracker.ietf.org/doc/draft-ietf-lamps-cms-sha3-hash/__;!!FJ-Y8qCqXTj2!byPxBYPVZ9FW0iY4xIILY8VaxAuB50r17Pl74_V6yeLZ_6u55BDl5iFwdWmHwTM2b_3cIFpu-ktMwth2YQnANtgAaDTb$> https://datatracker.ietf.org/doc/draft-ietf-lamps-cms-sha3-hash/

 

Abstract

 

   This document describes the conventions for using the four one-way

   hash functions in the SHA3 family with the Cryptographic Message

   Syntax (CMS).

 

Please send comments to the list by 12 February 2024.

 

-Tim

 

_______________________________________________
Spasm mailing list
 <mailto:Spasm@ietf.org> Spasm@ietf.org
 <https://urldefense.com/v3/__https:/www.ietf.org/mailman/listinfo/spasm__;!!FJ-Y8qCqXTj2!byPxBYPVZ9FW0iY4xIILY8VaxAuB50r17Pl74_V6yeLZ_6u55BDl5iFwdWmHwTM2b_3cIFpu-ktMwth2YQnANlKRxjq-$> https://www.ietf.org/mailman/listinfo/spasm

 

_______________________________________________
Spasm mailing list
 <mailto:Spasm@ietf.org> Spasm@ietf.org
 <https://urldefense.com/v3/__https:/www.ietf.org/mailman/listinfo/spasm__;!!FJ-Y8qCqXTj2!byPxBYPVZ9FW0iY4xIILY8VaxAuB50r17Pl74_V6yeLZ_6u55BDl5iFwdWmHwTM2b_3cIFpu-ktMwth2YQnANlKRxjq-$> https://www.ietf.org/mailman/listinfo/spasm

v2.23.0 | Report a Bug | By Email