Re: [lamps] Benjamin Kaduk's Yes on draft-ietf-lamps-pkix-shake-11: (with COMMENT)
"Panos Kampanakis (pkampana)" <pkampana@cisco.com> Fri, 28 June 2019 02:52 UTC
Return-Path: <pkampana@cisco.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D86A91200EF; Thu, 27 Jun 2019 19:52:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.5
X-Spam-Level:
X-Spam-Status: No, score=-14.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=iFt9RsWc; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=MeqZpK4E
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eaXm5KLVPair; Thu, 27 Jun 2019 19:52:07 -0700 (PDT)
Received: from rcdn-iport-9.cisco.com (rcdn-iport-9.cisco.com [173.37.86.80]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 04F7F120094; Thu, 27 Jun 2019 19:52:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=6457; q=dns/txt; s=iport; t=1561690327; x=1562899927; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=FUHPDrKSIiaN94kuMUSoFqwUCShIitRqmUrCGukqJrU=; b=iFt9RsWcpy6u/HPq2Kow3LMirnzJ4IXkNiaZISiTIqGdtn0Dtmvz2LaZ vQH4HkQp/ZZWdkSZj4nk8wYGlo2L6CFYlB0yUCG9hvVG6LZeghnnG7H6F m4EGVnn9FrjPXPE/AL9fLSjL9EjKqNfxEjg1mUMBJmdnMZk4e3n2S8bE/ k=;
IronPort-PHdr: 9a23:YqViLRCY2fq/KviwD4srUyQJPHJ1sqjoPgMT9pssgq5PdaLm5Zn5IUjD/qs03kTRU9Dd7PRJw6rNvqbsVHZIwK7JsWtKMfkuHwQAld1QmgUhBMCfDkiuNP3jajQzGs1qX15+9Hb9Ok9QS47z
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0B7AACJfxVd/5ldJa1mDgsBAQEBAQEBAQEBAQEHAQEBAQEBgWeBRFADalUgBAsoh2MDjlyCW5dEgUKBEANUCQEBAQwBARgNCAIBAYRAAoMAIzgTAQMBAQQBAQIBBW2KNwyFSgEBAQQBARAoBgEBLAsBCwQCAQgRBAEBHgEQJwsdCAIEAQ0FCBqDAYFqAx0BAgyaVwKBOIhggiOCeQEBBYEyARNBgwYYghEDBoE0i18XgUA/gRFGgkw+gmEBAQEBAQGBKgESASEwgwqCJot9EodtlUNrCQKCFoZSjT6CK4cXjE+BTY0phziPZgIEAgQFAg4BAQWBZyFnWBEIcBU7gmwTgi4JAgEXFIM6hRSFBDtyAQmBH4tFgkMBAQ
X-IronPort-AV: E=Sophos;i="5.63,426,1557187200"; d="scan'208";a="497355963"
Received: from rcdn-core-2.cisco.com ([173.37.93.153]) by rcdn-iport-9.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 28 Jun 2019 02:52:06 +0000
Received: from XCH-ALN-018.cisco.com (xch-aln-018.cisco.com [173.36.7.28]) by rcdn-core-2.cisco.com (8.15.2/8.15.2) with ESMTPS id x5S2q5Bm028415 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Fri, 28 Jun 2019 02:52:06 GMT
Received: from xhs-aln-001.cisco.com (173.37.135.118) by XCH-ALN-018.cisco.com (173.36.7.28) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Thu, 27 Jun 2019 21:52:05 -0500
Received: from xhs-aln-003.cisco.com (173.37.135.120) by xhs-aln-001.cisco.com (173.37.135.118) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Thu, 27 Jun 2019 21:52:04 -0500
Received: from NAM05-DM3-obe.outbound.protection.outlook.com (173.37.151.57) by xhs-aln-003.cisco.com (173.37.135.120) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Thu, 27 Jun 2019 21:52:04 -0500
ARC-Seal: i=1; a=rsa-sha256; s=testarcselector01; d=microsoft.com; cv=none; b=OtSVxzyifgTI/FJiQmkM15roDDUfQ91cFv4XX0DBPOxcatk46G4BojyJJHRfVzWud4904IdY3rz+Ff2zeRj7Ib90znhaZY668dL1Ii1WdHqDSN4KWwU/XHwH2frYfFkN/xOEFEnS0Ne/AtN+ueCNHjS/57b227lkZjaK1GDLQtE=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=testarcselector01; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=EV+WBtweootY/FTrsR7XJe+9nYMe1sOtvYJoYpSH5rM=; b=sQy/4gycC1cx26EAmaxfOB0qLCWs7G8bX72IuDXEtXA43zWQKJXGdayHiHL7Apbjz52V+YqWuiJXht2vquxWbltNBKTvhEij3Vjo3ZeR7LM/SWhdnOnn2h9aVCUo+NBePZVIzOHa996vmSSQ2/mLSuGK7iVeeNwmIi3GLdNJcgc=
ARC-Authentication-Results: i=1; test.office365.com 1;spf=none;dmarc=none;dkim=none;arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=EV+WBtweootY/FTrsR7XJe+9nYMe1sOtvYJoYpSH5rM=; b=MeqZpK4Ev/M7bUxcKPQfZkpE/ZMPJApbnAtouVW/M5/4roN0WPC++52SsFcNM3Ind/sj4HmFO6aqd1ss+/ujFB1vZ8jRJSeaficcv5PFoGLjA2EoN4BCKpk5nW26v3MwaQJBmuU17RKbIld8QEgJmiT8N8iO8ZprNDv1pGaVWZ0=
Received: from BN7PR11MB2547.namprd11.prod.outlook.com (52.135.244.29) by BN7PR11MB2562.namprd11.prod.outlook.com (52.135.244.32) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2008.16; Fri, 28 Jun 2019 02:52:03 +0000
Received: from BN7PR11MB2547.namprd11.prod.outlook.com ([fe80::b1dc:fd0d:e540:67aa]) by BN7PR11MB2547.namprd11.prod.outlook.com ([fe80::b1dc:fd0d:e540:67aa%7]) with mapi id 15.20.2008.018; Fri, 28 Jun 2019 02:52:03 +0000
From: "Panos Kampanakis (pkampana)" <pkampana@cisco.com>
To: Benjamin Kaduk <kaduk@mit.edu>, The IESG <iesg@ietf.org>
CC: "spasm@ietf.org" <spasm@ietf.org>, "housley@vigilsec.com" <housley@vigilsec.com>, "draft-ietf-lamps-pkix-shake@ietf.org" <draft-ietf-lamps-pkix-shake@ietf.org>, "lamps-chairs@ietf.org" <lamps-chairs@ietf.org>
Thread-Topic: [lamps] Benjamin Kaduk's Yes on draft-ietf-lamps-pkix-shake-11: (with COMMENT)
Thread-Index: AQHVKrxtDm2L1haLKkG9mQOvI++2lKawYTcw
Date: Fri, 28 Jun 2019 02:52:03 +0000
Message-ID: <BN7PR11MB254747B163D1D8BEE1BF1A8CC9FC0@BN7PR11MB2547.namprd11.prod.outlook.com>
References: <156140166968.17780.4781257860683054457.idtracker@ietfa.amsl.com>
In-Reply-To: <156140166968.17780.4781257860683054457.idtracker@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=pkampana@cisco.com;
x-originating-ip: [2001:420:c0c4:1003::3db]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 7ef5a1ce-d017-4d52-a33d-08d6fb7399a3
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:BN7PR11MB2562;
x-ms-traffictypediagnostic: BN7PR11MB2562:
x-ms-exchange-purlcount: 5
x-microsoft-antispam-prvs: <BN7PR11MB25627FD4ED7B985CA681C153C9FC0@BN7PR11MB2562.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-forefront-prvs: 00826B6158
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(366004)(376002)(39860400002)(396003)(346002)(136003)(199004)(189003)(13464003)(5660300002)(53546011)(54906003)(186003)(102836004)(99286004)(76176011)(7696005)(11346002)(71200400001)(71190400001)(8936002)(256004)(6506007)(6246003)(229853002)(14444005)(110136005)(4326008)(2171002)(25786009)(66574012)(316002)(6306002)(53936002)(64756008)(2906002)(6116002)(52536014)(66476007)(66446008)(966005)(66946007)(66556008)(46003)(33656002)(9686003)(55016002)(14454004)(86362001)(305945005)(7736002)(81166006)(68736007)(8676002)(74316002)(81156014)(486006)(76116006)(478600001)(73956011)(446003)(6436002)(476003); DIR:OUT; SFP:1101; SCL:1; SRVR:BN7PR11MB2562; H:BN7PR11MB2547.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: 1mwVwlgJMKBlwLRdsS33tZSFy5i0Zc2/18z1sh443r05JpGBr9Vzp6lzAR4yk+JhWBkXBSU/UG8GBVAx57f8gKVTMMb9btYuQBBXN+BB5E5UXQQfTda/EKz9raxNAogZuJVLzxuIxNgHFlx7DvotIRc93xPoSpBH33hwA8fV041k3I05aeVnJ0S6whVC4o2j8EEdEcDCAFeeHCIrOcTQg7N9MEufU5FsL8tess/VzA5NOzdcM0r2fxVOU4cyi2Ba6qcnIhaT0hU2ztu9eQGS0myGCYLNmFpJVbX+cyVsarGSlsOzOvlR/i0V2ItyjHYQ6JBNd+5SwYNQGl92FZ1TRg88AfFBUcZHAW1Q1pixHhEQ4CieJFdCo0GjVV4TOhQJpCp767uKS+AKp1HKngw0IzTTrxJ8dRnXBPjvROnzqpo=
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 7ef5a1ce-d017-4d52-a33d-08d6fb7399a3
X-MS-Exchange-CrossTenant-originalarrivaltime: 28 Jun 2019 02:52:03.4914 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: pkampana@cisco.com
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN7PR11MB2562
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.28, xch-aln-018.cisco.com
X-Outbound-Node: rcdn-core-2.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/wzIpl-EhSImQkmo27O3wPcnPs0E>
Subject: Re: [lamps] Benjamin Kaduk's Yes on draft-ietf-lamps-pkix-shake-11: (with COMMENT)
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Jun 2019 02:52:10 -0000
Hi Ben, Then you for the review. I addressed all your comments. The details and the language used are described in the git issue https://github.com/csosto-pk/adding-shake-to-pkix/issues/47#issuecomment-505640399 And the actual updates are in https://github.com/csosto-pk/adding-shake-to-pkix/commit/1f056710eea828a4f2cfd8f349563a4b1a5af85a Please check them out to see if they look OK. I am planning to reupload the draft tomorrow or Monday. Thanks, Panos -----Original Message----- From: Spasm <spasm-bounces@ietf.org> On Behalf Of Benjamin Kaduk via Datatracker Sent: Monday, June 24, 2019 2:41 PM To: The IESG <iesg@ietf.org> Cc: spasm@ietf.org; housley@vigilsec.com; draft-ietf-lamps-pkix-shake@ietf.org; lamps-chairs@ietf.org Subject: [lamps] Benjamin Kaduk's Yes on draft-ietf-lamps-pkix-shake-11: (with COMMENT) Benjamin Kaduk has entered the following ballot position for draft-ietf-lamps-pkix-shake-11: Yes When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-lamps-pkix-shake/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Thanks for this document; I only have editorial-nit-level comments. Section 2 This document describes cryptographic algorithm identifiers for several cryptographic algorithms which use variable length output SHAKE functions introduced in [SHA3] which can be used with the Internet X.509 Certificate and CRL profile [RFC5280]. nit(?): Is "describes" or "defines" more appropriate? (Given that NIST has already allocated some of the OIDs in question, I could go either way.) I'd also suggest further rewording, perhaps as: This document defines cryptographic algorithm identifiers for several cryptographic algorithms that use the variable length output SHAKE functions introduced in [SHA3]; these algorithms can be used with the Internet X.509 Certificate and CRL profile [RFC5280]. -- This specification describes the identifiers for SHAKEs to be used in X.509 and their meaning. nit: this seems pretty redundant with the first paragraph of the section. Section 5.1 Signatures are used in a number of different ASN.1 structures. As shown in the ASN.1 representation from [RFC5280] below, an X.509 certificate a signature is encoded with an algorithm identifier in the signatureAlgorithm attribute and a signatureValue attribute that contains the actual signature. nit: "an X.509 certificate a signature is encoded" is not grammatical; I think there's a missing "in" at the start? The identifiers defined in Section 4 can be used as the AlgorithmIdentifier in the signatureAlgorithm field in the sequence Certificate and the signature field in the sequence tbsCertificate in X.509 [RFC5280]. [...] nit: I'm a bit confused by the usage "sequence tbsCertificate" -- the name of the ASN.1 SEQUENCE is TBSCertificate, with tbsCertificate reflecting the field name for this sequence as it appears in the Certificate. (Contrariwise, "the sequence Certificate" makes sense to me, as that is the type name of an ASN.1 SEQUENCE.) I do note that the sentence "This field MUST contain the same algorithm identifier as the signature field in the sequence tbsCertificate (Section 4.1.2.3" appears in RFC 5280, which includes the same phrasing. Section 5.1.1 The RSASSA-PSS algorithm is defined in [RFC8017]. When id-RSASSA- PSS-SHAKE128 or id-RSASSA-PSS-SHAKE256 specified in Section 4 is used, the encoding MUST omit the parameters field. [...] Is this requirement redundant with the one in Section 4? (Similarly in Section 5.1.2.) The hash algorithm to hash a message being signed and the hash algorithm as the mask generation function used in RSASSA-PSS MUST be the same, SHAKE128 or SHAKE256 respectively. [...] nit: I think just "as" is not the right grammar, here, and we want "used as" instead. SHAKE128 and id-RSASSA-PSS-SHAKE256 respectively. The mgfSeed is the seed from which mask is generated, an octet string [RFC8017]. As explained in Step 9 of section 9.1.1 of [RFC8017], the output length of the MGF is emLen - hLen - 1 bytes. emLen is the maximum message length ceil((n-1)/8), where n is the RSA modulus in bits. hLen is 32 and 64-bytes for id-RSASSA-PSS-SHAKE128 and id-RSASSA-PSS-SHAKE256 respectively. Thus when SHAKE is used as the MGF, the SHAKE output length maskLen is (n - 264) or (n - 520) bits respectively. For example, when RSA modulus n is 2048, the output length of SHAKE128 or SHAKE256 as the MGF will be 1784 or 1528-bits when id-RSASSA-PSS- SHAKE128 or id-RSASSA-PSS-SHAKE256 is used respectively. nit: Absent some external requirement for the RSA modulus to be a multiple of 8 bits (that I have forgotten about), it seems we need to be more careful about transtioning from the byte length of the MGF output to the bit length of SHAKE output needed, as the ceil() function will vary with the modulus of n base 8. Section 5.2 is an OID and optionally associated parameters. The conventions and encoding for RSASSA-PSS and ECDSA public keys algorithm identifiers are as specified in Section 2.3 of [RFC3279], Section 3.1 of [RFC4055] and Section 2.1 of [RFC5480]. I think this might be better if it calls out sections 2.3.1 and 2.3.5 of RFC 3279 explicitly rather than globbing in a bunch of unrelated subsections. The identifier parameters, as explained in Section 4, MUST be absent. This feels like the fourth time we've said that parameters are absent... Appendix A nit: Does "Deterministic" need to be in the comments for the ECDSA smime capabilities? It's not really something the peer can verify. _______________________________________________ Spasm mailing list Spasm@ietf.org https://www.ietf.org/mailman/listinfo/spasm
- [lamps] Benjamin Kaduk's Yes on draft-ietf-lamps-… Benjamin Kaduk via Datatracker
- Re: [lamps] Benjamin Kaduk's Yes on draft-ietf-la… Panos Kampanakis (pkampana)