Re: [lamps] Second AD Review: draft-ietf-lamps-pkix-shake-10

"Panos Kampanakis (pkampana)" <pkampana@cisco.com> Thu, 06 June 2019 18:10 UTC

Return-Path: <pkampana@cisco.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BA8A6120128 for <spasm@ietfa.amsl.com>; Thu, 6 Jun 2019 11:10:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.501
X-Spam-Level:
X-Spam-Status: No, score=-14.501 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=Pc+/QyXV; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=p06ng50q
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OnZ2U0tu-voS for <spasm@ietfa.amsl.com>; Thu, 6 Jun 2019 11:10:46 -0700 (PDT)
Received: from rcdn-iport-3.cisco.com (rcdn-iport-3.cisco.com [173.37.86.74]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C4DE612001E for <spasm@ietf.org>; Thu, 6 Jun 2019 11:10:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=3738; q=dns/txt; s=iport; t=1559844646; x=1561054246; h=from:to:subject:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version; bh=ycPGW7g+2z3gBECcrGlm+SJknsSzPuZj1QFdOcGrwa8=; b=Pc+/QyXVUwDCbBIZ9+CxnkJeOEuJfI4YPNWlbjms+qzMeVhZNXmTiRh8 NA8xMaJJRbvLN9eIGCEckpfc3TAIVbitE0ZaWVp/wlHPNcAwIPHRIGCCG RGlvjANu3xELvoWvhG7BqF7HEvSvS1y4CrXS/BWhawvV47271di5uU9SP o=;
IronPort-PHdr: 9a23:0UmVZRRaWEmfxe8o4qXYSMM2Fdpsv++ubAcI9poqja5Pea2//pPkeVbS/uhpkESXBNfA8/wRje3QvuigQmEG7Zub+FE6OJ1XH15g640NmhA4RsuMCEn1NvnvOjQ5FcFaXVls13q6KkNSXs35Yg6arw==
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0AIAAC0Vvlc/5tdJa1lGgEBAQEBAgEBAQEHAgEBAQGBUQUBAQEBCwGBPSQsA2pVIAQLKAqHUQOEUooMSoINlzGBLoEkA1QJAQEBDAEBGA0IAgEBhEACgmMjNAkOAQMBAQQBAQIBBG0cDIVKAQEBBAEBECgGAQEsDAsEAgEIDgMEAQEfECcLHQgBAQQBEggagwGBagMdAQIMnDwCgTiIX4IignkBAQWEfhiCDwMGgTQBi1oXgUA/gRFGgkw+gmEBAYFjgzqCJqkdCQKCDoZDjRWXCI0OhxKPHgIEAgQFAg4BAQWBTziBWHAVO4Jsgg8LAReDTYUUhT9ygSmNNAGBIAEB
X-IronPort-AV: E=Sophos;i="5.63,560,1557187200"; d="scan'208";a="558756095"
Received: from rcdn-core-4.cisco.com ([173.37.93.155]) by rcdn-iport-3.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 06 Jun 2019 18:10:45 +0000
Received: from XCH-ALN-004.cisco.com (xch-aln-004.cisco.com [173.36.7.14]) by rcdn-core-4.cisco.com (8.15.2/8.15.2) with ESMTPS id x56IAj4Z008584 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 6 Jun 2019 18:10:45 GMT
Received: from xhs-aln-003.cisco.com (173.37.135.120) by XCH-ALN-004.cisco.com (173.36.7.14) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Thu, 6 Jun 2019 13:10:44 -0500
Received: from xhs-rcd-003.cisco.com (173.37.227.248) by xhs-aln-003.cisco.com (173.37.135.120) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Thu, 6 Jun 2019 13:10:43 -0500
Received: from NAM02-BL2-obe.outbound.protection.outlook.com (72.163.14.9) by xhs-rcd-003.cisco.com (173.37.227.248) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Thu, 6 Jun 2019 13:10:43 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=BiExjr6wdjDRQI1ZWlsYLYf8SzKAOACintxl+e8O/X0=; b=p06ng50qVoyA0IJmwYPyr5iST4LhhcjqoO+9Oaz6mi5PBAMHYv7N5bqRBA1pdY36MrnIdGTO3kFw0oDI6uqvgBWlU5O/wOTS1v6x48Oi6D9E6GbBrYy0d+n15xyRZIKui+bIGRuFvQE4wnBlX+xEjBAqLH2E1IDP2oWd3/9rfdI=
Received: from BN7PR11MB2547.namprd11.prod.outlook.com (52.135.244.29) by BN7PR11MB2627.namprd11.prod.outlook.com (52.135.245.18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1965.12; Thu, 6 Jun 2019 18:10:41 +0000
Received: from BN7PR11MB2547.namprd11.prod.outlook.com ([fe80::89af:3fb4:eae5:18b2]) by BN7PR11MB2547.namprd11.prod.outlook.com ([fe80::89af:3fb4:eae5:18b2%7]) with mapi id 15.20.1965.011; Thu, 6 Jun 2019 18:10:41 +0000
From: "Panos Kampanakis (pkampana)" <pkampana@cisco.com>
To: Roman Danyliw <rdd@cert.org>, "spasm@ietf.org" <spasm@ietf.org>
Thread-Topic: Second AD Review: draft-ietf-lamps-pkix-shake-10
Thread-Index: AdUaOicKPUSplJFAQJW7VEoVRR7HXgCWLijA
Date: Thu, 06 Jun 2019 18:10:41 +0000
Message-ID: <BN7PR11MB2547128F9959735034E89B69C9170@BN7PR11MB2547.namprd11.prod.outlook.com>
References: <359EC4B99E040048A7131E0F4E113AFC01B338267A@marathon>
In-Reply-To: <359EC4B99E040048A7131E0F4E113AFC01B338267A@marathon>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=pkampana@cisco.com;
x-originating-ip: [64.102.57.107]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: c1ef656d-1120-4cf9-c12a-08d6eaaa498c
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(5600148)(711020)(4605104)(1401327)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(7193020); SRVR:BN7PR11MB2627;
x-ms-traffictypediagnostic: BN7PR11MB2627:
x-ms-exchange-purlcount: 3
x-microsoft-antispam-prvs: <BN7PR11MB26273FA0C059011A740E3EF2C9170@BN7PR11MB2627.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8273;
x-forefront-prvs: 00603B7EEF
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(366004)(346002)(376002)(39860400002)(396003)(136003)(199004)(189003)(13464003)(478600001)(14454004)(6246003)(8676002)(476003)(966005)(3846002)(7736002)(186003)(316002)(55016002)(81166006)(66574012)(229853002)(446003)(486006)(86362001)(33656002)(9686003)(11346002)(81156014)(53936002)(52536014)(25786009)(74316002)(110136005)(6306002)(71200400001)(7696005)(305945005)(71190400001)(66476007)(64756008)(76116006)(99286004)(66556008)(66946007)(73956011)(66446008)(2906002)(102836004)(68736007)(26005)(2501003)(6506007)(256004)(6436002)(8936002)(53546011)(76176011)(5660300002)(14444005)(66066001)(6116002)(11771555001); DIR:OUT; SFP:1101; SCL:1; SRVR:BN7PR11MB2627; H:BN7PR11MB2547.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: VVT5WDqU0WUOWiPM9IdYori0Aupy1hsSqYVRjy/6/U7Fsv/sI2YDkl9YgHl4PO+BNf+JvPfLlFKAsGA7KK8+Y+5OBynpbLvm5RQigXdPtZG3WA1P0Yl3cM208hD3j4NFyMnK+DRyGSf5tXggqncvpAt16lUfwXqzyOEe11U6pvwd3U0ckgihJPznVNuH0pvfMI1GsKeeRNhGRsnk4OdkWYqSw4QOvELQNXm9TAuP0VqVh+Db7oAmUF6jkIrpgbjVi/oMvQ8FLl5sG+O6JYVADDUbaHzW5K8/1ktMMl2PoEycBEv6Fsc9DVfmnZkped+R5eN5UqZH+5CMwOBKjyc5ztplOkEJLh/3XjsvAIv/SJGjscaCeJ7CVN5FwCarcupGQwuFDxlQ9VPNnTkzxOfmL1frRUXsUveq0uYYvHsUE6c=
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: c1ef656d-1120-4cf9-c12a-08d6eaaa498c
X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Jun 2019 18:10:41.7185 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: pkampana@cisco.com
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN7PR11MB2627
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.14, xch-aln-004.cisco.com
X-Outbound-Node: rcdn-core-4.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/oLAvgl9adCt-GX3NPbK3rQBFEyA>
Subject: Re: [lamps] Second AD Review: draft-ietf-lamps-pkix-shake-10
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Jun 2019 18:10:49 -0000

Thank you Roman. They are all addressed in the latest version https://github.com/csosto-pk/adding-shake-to-pkix/blob/master/draft-ietf-lamps-pkix-shake-current.txt The log of the actions take in regards to every individual comment is here https://github.com/csosto-pk/adding-shake-to-pkix/issues/44 

I am planning to upload the next iteration next Monday unless there is more feedback.

Panos


-----Original Message-----
From: Spasm <spasm-bounces@ietf.org> On Behalf Of Roman Danyliw
Sent: Monday, June 03, 2019 2:33 PM
To: spasm@ietf.org
Subject: [lamps] Second AD Review: draft-ietf-lamps-pkix-shake-10

Hi!

As a document I inherited in the "IESG:: Waiting for Writeup Internet-Drafts", I conducted a second AD review on draft-ietf-lamps-pkix-shake-10.  I have the following feedback:

(1) Header. Per idnits:    == The 'Updates: ' line in the draft header should list only the _numbers_ of the RFCs which will be updated by this document (if approved); it should not include the word 'RFC' in the list.

s/Updates: RFC3279/Updates: 3279/

(2) Additional References Needed

(2.a) Section 2
   And, the
   corresponding collision and second preimage resistance strengths for
   SHAKE256 are min(d/2,256) and min(d,256) bits respectively.

Recommend you cite Section A.1 of [SHA3] as the source of these security strength metrics.

(2.b) Section 2
   A SHAKE can be used as the message digest function (to hash the
   message to be signed) in RSASSA-PSS and ECDSA  and as the hash in the
   mask generating function in RSASSA-PSS.

Provide a reference on first use for RSASSA-PSS [RFC8017] and ECDSA [X9.62]

(3) Editorial
(3.a) Section 5.1
   In an
   X.509 certificate a signature is encoded  with an algorithm identifier
   in the signatureAlgorithm attribute and a signatureValue  that
   contains the actual signature.

s/signatureValue/signatureValue attribute/

(3.b) Section 5.1.1.  Add commas between terms.  

s/hash and mask generating algorithm and trailer and salt are embedded in the OID definition/ hash, mask generating algorithm, trailer and salt are embedded in the OID definition/

(3.c) Section 5.1.1.  Define the acronym MGF on first use

s/mask generation function/mask generation function (MGF)/

(3.d) Section 5.1.  Duplicate word.  s/section Section 4/Section 4/

(4) Section 5.1.  The ASN.1 blob of Certificate is inserted in the text without citation or explanation.  It seems like the paragraph prior to it should make explicit reference to it (as it cites the elements).

(5) Section 5.1.
   They
   MAY also generate such signatures in accordance with all other
   recommendations in [X9.62] or [SEC1] if they have a stated policy
   that requires conformance to these standards.  These standards may
   have not specified SHAKE128 and SHAKE256 as hash algorithm options.
   However, SHAKE128 and SHAKE256 with output length being 32 and 64
   octets respectively are substitutions for 256 and 512-bit output hash
   algorithms such as SHA256 and SHA512 used in the standards.

I recommend being more precise in this text.

s/These standards may have not specified SHAKE128 and SHAKE256 as hash algorithm options./ These standards have not specified SHAKE128 and SHAKE256 as hash algorithm options./

Per "SHAKE128 and SHAKE256 with output length being 32 and 64 octets respectively are substitutions for ... SHA256 and SHA 512", what does substitutions mean in this case?  Similar output size or cryptographic strength?

Regards,
Roman

_______________________________________________
Spasm mailing list
Spasm@ietf.org
https://www.ietf.org/mailman/listinfo/spasm