IETF Logo Mail Archive

Re: [lamps] [EXT] Re: WGLC for draft-ietf-lamps-cms-sha3-hash

"Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu> Wed, 07 February 2024 15:51 UTC

Return-Path: <prvs=4767e9bc1f=uri@ll.mit.edu>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3978EC14F68B for <spasm@ietfa.amsl.com>; Wed, 7 Feb 2024 07:51:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.204
X-Spam-Level:
X-Spam-Status: No, score=-4.204 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nhT-smR_P9mC for <spasm@ietfa.amsl.com>; Wed, 7 Feb 2024 07:50:59 -0800 (PST)
Received: from MX2.LL.MIT.EDU (mx2.ll.mit.edu [129.55.12.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2521EC14F618 for <spasm@ietf.org>; Wed, 7 Feb 2024 07:50:58 -0800 (PST)
Received: from LLEX2019-02.mitll.ad.local ([172.25.4.98]) by MX2.LL.MIT.EDU (8.17.1.19/8.17.1.19) with ESMTPS id 417FnjvD045171 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Wed, 7 Feb 2024 10:49:46 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector5401; d=microsoft.com; cv=none; b=QDvCYLVEJM6JgiirEX42cku6ze+uK3jFHfZ9tpOkr8EbSpykx11r42vX3cOC8VEt0FJyi7kqj7w4OWRTs0KTSVrwNfAYr+7jCaFCieibIDWNdYqGzSOSJWe4M+eG+SS+8DPPESxc7xWTieIdHWtig5smV6DibgSEQYU/yLGuVKXjC4pSWa8jUsIuEEj197p/8iR/nhDaie/wPZ2xPVWCq/Qb7Li4Bc5q0tPOBSGW81tN8hPZx5K+VcjCmRkseFqWbjKkI7OTwhXpR374FrGGMivC3xVTx87/tR0ebwMW7iPWJwieTMgiphS1Ezzf5EhfJfGNnG16bTgk7P/QWenBQQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector5401; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ihBebNZrpFGmpgx2i3sysd0ZFgvfmuY1LysmLrcmXZc=; b=J+SmTOgcajrvuWVtcMRtnyM4A5cI6pj5N/eieZKNvfFTpNc4BLeympv8njH5Xm7PRCNzCaMRWly6c4Mjyzqr7Sm+XQyrgMvxQB4VPwLv6h9pQ9OT9ta+dsZBWVs0CGhkkpzVl/nI0ROYY7GoU6K+45uN5nBy6CF6PLnnITrLmlHerJGPuOJv420S3ogd4o/XFxqxTmiOSVFMBPU4WtxM2eA1YhAcVeApBst1jaVxCrwArwuJt+ixy6WPP8vcdbhLi1QKH+Kl1HEfJoH7C1JilT7miYIrtCiHoBMsAztP0xyeB1BiXQ9zBD0w5quPR9rvhCCU8DDwTGSxYVBXweipKQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ll.mit.edu; dmarc=pass action=none header.from=ll.mit.edu; dkim=pass header.d=ll.mit.edu; arc=none
From: "Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu>
To: Daniel Van Geest <daniel.vangeest.ietf@gmail.com>, 'SPASM' <spasm@ietf.org>
Thread-Topic: [EXT] Re: [lamps] WGLC for draft-ietf-lamps-cms-sha3-hash
Thread-Index: AdpTuYTOT/PDfTBxQzmDS28x6y5X4AFf7jRQAAAq0DAAAQ7RgAAna4MA//+vZAA=
Date: Wed, 07 Feb 2024 15:50:53 +0000
Message-ID: <7D181DEE-933F-4E19-82BB-F3CE9BD15504@ll.mit.edu>
References: <SN7PR14MB6492B10C0593B89D36FE221E837D2@SN7PR14MB6492.namprd14.prod.outlook.com> <CH0PR11MB5739C5F3417263871C60C5649F462@CH0PR11MB5739.namprd11.prod.outlook.com> <CH0PR11MB5739E26AF94E538B30D440389F462@CH0PR11MB5739.namprd11.prod.outlook.com> <0F0F606F-6B33-4896-ACDF-8388E28BC258@vigilsec.com> <02e401da59db$d2d2c830$78785890$@gmail.com>
In-Reply-To: <02e401da59db$d2d2c830$78785890$@gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.81.24012814
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: BN0P110MB1419:EE_|BN0P110MB1596:EE_
x-ms-office365-filtering-correlation-id: ab3fdfc2-4e26-40bd-0be4-08dc27f490cd
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: Xdhmk+923+yRTFNn4yjO20fAnqI1O62jW9OgjuoEadzrhsMdCevbeeHC+RWVpxXM22TgN+6H66o7KCU3TJfewauLL7/c4EZ1eGhiotoh9KgUlrRkcRjVyEsPDnP27pw8yDWrWNYDSyVenux3/dYX9dHdNaMGHTmcEUYohuNXjlmwzaoQ3R5Fs6tEVZRAGH1ceOP2o0UYROWAwAQ214pxDi6l2JYVXz0NM3iL61ZqVjTOLpkDJPvuUwf4JTrzIzKj/6fPTXPt91Oo0tr5jxz4KI4+RT9Lo6feUIF8ZVbTZJ4LkFhYArCxvtpJDDS/gWWZbZdR1nG7oWzEr6JyR6fTOybThq0pvSt3Td9I5lbXlPk8Lxi6mySnTN1smRUum8HJHpEK/eqobvIemo0PADMY8AkayEUHihH+0FkYXFsfEgLSIRt9fl54b5Idlmhg0KjR9Fe9aiDH3vCZHaEUdZ/8WGjmf1qA6QAjrGMU9cmdGVb6koAxsU5X7bSh7Fox+KiMlx5JtIACBvutBap98uJNZIrPSa/WyeXGd/10N9nE97tZUP00Bs/29pRQhVaiBvhXL11MvveDsGCp6XXXp0kZMe0LesqBqIANPYcw6CePiPJp6mDW2WnX6xarY0RSGmKlaeJUcIO+1K0XH1r4WrVXPw==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BN0P110MB1419.NAMP110.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230031)(366004)(230922051799003)(230273577357003)(1800799012)(186009)(451199024)(76116006)(6512007)(122000001)(75432002)(38100700002)(86362001)(2906002)(5660300002)(8936002)(33656002)(8676002)(66556008)(66476007)(66446008)(38070700009)(99936003)(66946007)(166002)(508600001)(64756008)(6486002)(53546011)(71200400001)(6506007)(966005)(83380400001)(110136005)(26005)(2616005)(45980500001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: KZ/T/W0qcWmI8Qda205L/tAir/Q2NI6kaqNibJfdZ97ArP+5VwIQVO7lptWaccp6FCJG4uRWUBSOgDW2Fxl1VdzANX9d75C2zLy3b/eOHfGl9VIunAyyYKXuTI1+0LZyD2HPadtbq0hzyuusWhq1n63oXeytgaHIxyZ5Qbnur6lw5TR/Xvn5ooWEynSDx0CAhXh3JTFC5eoYl+U9tBYuBWP/l/NNCY4C/U9yEu2Za39qCPXQJUfzckH7mGk7+fR8ApQyM1LdVS8EWGJa9f2r0VhEqD/c4rwvSYHoTPU83s7N20uRCtgv7Z4QGhgpFRtDg/ORU3Jx+qd/IYz9UHeE+5yIYa7ogdcZglsyQti1JLg/Qls5y0K+imnujhWaHBuQnGJzpM0EkNALOt1LN1a90XYpq1MUZSakBzYQXhOabP75NU4vrQd4ICFpcC+S6aOKN+YI+IKQMCyMemtKuWH+FfDufgeL+4BoikR7Dqcqrg0S91jOhPmr7yuQyTnXL4PtdE05RwdRd9ezeTMHc+RcAgJiYAj+ueTYWzl5NC5HxvjVIyLqom+bVEWlKHXHntPnKADS89LMfAIo25PX26GQtimhOXF4gFwUMYa5Nl0cFqdCmcfZ9biM9lLA24FD/cu+6rw5YJUOcVsSEcSGuj/SkTHTgwtRoyc4o8MQ1zs3gzV3iykkNUjcD4zPZeGz60PeY9708iGsJHag2WAFcYZ55ebZq4wXDNVMzpSa6vkVYM7kPODPsxrxjl8xsd2KeXACS931G/Ek3vSRdY63CeZwUjmtfsdDkAC/BkQ01RuCE3QZjImNko2G9HzYiQZLMhr5pT21mw7t+LlH6uU2HE3DP8sbFCp1DOZZ37AY7xWnQk6gUp70kYlCKWL315ASsobJ59ZOMjHxRxPE0m14uPv4I6zzjnl298evzhRSMQNfTklGThsXxEd/BnKPqdaPrwsJJesu/hySxewJr+BgHqV/6GmNeND5FY3vGhj/vu2zhwKPdy8CilJ6sMhiHX38ZxQY+5dsYGjzU/9BEMoNXpkLHMQ/Pz0m6h3CT4OENpJ2gKjuu+fn3pUiy3ct1Evu3TwCyMrcXrGgztNfg63LVaWJr1ZeStbK/8KvD6mBqTtxZp5xsfGzt2aIf91ouxVBi1WG+CFk0seOMO9TpA9ooaKCe9t39vG7NJhyxb/gPIb/tEhGji2B+sUG3mgzT1RfBwT8o7IdnyDlYVDKKX6si1KM9l8uaZQeSyoNNnOal1jQ1i9l1ORMl/PwcMECmBHKMzicackISC3yaU/n8qGMG0X5d1xIwpEIIlgYmerx6b+1YqZ/hE8J9uAsohIa+LYTzOR89ng77OVun5dqYqdj+ij+/Bm7kjQDiXz5k7XwMvPj+2OD1BP86tcvLplKegoEI5kVLw7hQI/PXXNeBzMe08zx5lggS/A8BIqOMqK8EJaVhE431/eHnc/Hn0tLDF63daqXjxEqdpKLIlteztcon97LynC3/1ApGwkmWT7Jm8B1qL8=
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha256"; boundary="B_3790147852_1438636698"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BN0P110MB1419.NAMP110.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: ab3fdfc2-4e26-40bd-0be4-08dc27f490cd
X-MS-Exchange-CrossTenant-originalarrivaltime: 07 Feb 2024 15:50:53.4605 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 83d1efe3-698e-4819-911b-0a8fbe79d01c
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN0P110MB1596
X-Proofpoint-ORIG-GUID: tFWBtEz3_HQKLvKHpvfyEMCqT1eHhBgM
X-Proofpoint-GUID: tFWBtEz3_HQKLvKHpvfyEMCqT1eHhBgM
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-02-07_06,2024-02-07_01,2023-05-22_02
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 malwarescore=0 adultscore=0 suspectscore=0 phishscore=0 mlxscore=0 spamscore=0 mlxlogscore=999 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2311290000 definitions=main-2402070116
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/nnd9qkidg6N_Xcb21um5GQ0AGuM>
Subject: Re: [lamps] [EXT] Re: WGLC for draft-ietf-lamps-cms-sha3-hash
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: This is the mail list for the LAMPS Working Group <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Feb 2024 15:51:03 -0000

>   So then, are there any suggestions on what to do with this?  Keep hkdf-with-sha3* and make @Markku-Juhani O. Saarinen unhappy? 

 

I’m against it. I.e., count me as “unhappy” in this case too.

 

>  Slide KMAC into draft-ietf-lamps-cms-sha3-hash? Spin up a new draft for KMAC? 

 

Spinning up a new draft for KMAC sounds reasonable. I wouldn’t worry that it uses cSHAKE rather than SHA3.

 

>  Define an OID for KMAC in draft-ietf-lamps-cms-kyber (yuck)?

 

My gut feeling is “No”.

 

>  Force draft-ietf-lamps-cms-kyber to use KDF3 like rfc5990bis (and further commit to a paywalled spec)?

 

Absolutely not.

 

 

 

From: Spasm <spasm-bounces@ietf.org> On Behalf Of Russ Housley
Sent: Tuesday, February 6, 2024 8:51 PM
To: Mike Ounsworth <Mike.Ounsworth=40entrust.com@dmarc.ietf.org>; Markku-Juhani O. Saarinen <mjos@pqshield.com>
Cc: Tim Hollebeek <tim.hollebeek=40digicert.com@dmarc.ietf.org>; SPASM <spasm@ietf.org>
Subject: Re: [lamps] WGLC for draft-ietf-lamps-cms-sha3-hash

 

Mike and Markku:

 

Section 5 was added in October 2023because someone asked for KDFs.  I do not recall the source of the request.

 

Russ




On Feb 6, 2024, at 3:21 PM, Mike Ounsworth <Mike.Ounsworth=40entrust.com@dmarc.ietf.org> wrote:

 

Sorry, too quick on the SEND.

 

Markku is questioning why we need section 5.1 HKDF with SHA3.

 

---

Mike Ounsworth

 

From: Spasm <spasm-bounces@ietf.org> On Behalf Of Mike Ounsworth
Sent: Tuesday, February 6, 2024 2:20 PM
To: Tim Hollebeek <tim.hollebeek=40digicert.com@dmarc.ietf.org>; SPASM <spasm@ietf.org>; Markku-Juhani O. Saarinen <mjos@pqshield.com>
Subject: [EXTERNAL] Re: [lamps] WGLC for draft-ietf-lamps-cms-sha3-hash

 

I’m just gonna lob this in on @Markku-Juhani O. Saarinen’s behalf.

 

He commented this morning that it’s un-necessary to do HMAC with SHA3. If you need a MAC, then KMAC is a single invocation of SHA3 vs two invocations in HMAC. And if you only need a KDF then (I think?) naked SHA3 is fine?

 

I’ll leave it to Markku to give the details here, but I wanted to make sure this got logged before WGLC closes.

 

---

Mike Ounsworth

 

From: Spasm <spasm-bounces@ietf.org> On Behalf Of Tim Hollebeek
Sent: Tuesday, January 30, 2024 2:43 PM
To: SPASM <spasm@ietf.org>
Subject: [EXTERNAL] [lamps] WGLC for draft-ietf-lamps-cms-sha3-hash

 

Hello,

 

Russ has suggested that draft-ietf-lamps-cms-sha3-hash might be ready for WGLC, and since it’s a pretty simple draft that seems like a pretty reasonable way to flush out any remaining comments and problems.

 

Therefore this is the WGLC for draft-ietf-lamps-cms-sha3-hash:

 

Use of the SHA3 One-way Hash Functions in the Cryptographic Message Syntax (CMS)

https://datatracker.ietf.org/doc/draft-ietf-lamps-cms-sha3-hash/

 
Abstract
 

   This document describes the conventions for using the four one-way

   hash functions in the SHA3 family with the Cryptographic Message

   Syntax (CMS).

 

Please send comments to the list by 12 February 2024.

 

-Tim

 

_______________________________________________
Spasm mailing list
Spasm@ietf.org
https://www.ietf.org/mailman/listinfo/spasm

v2.23.0 | Report a Bug | By Email