IETF Logo Mail Archive

Re: [Tls-reg-review] [TLS] (offline) Re: Draft for SM cipher suites used in TLS1.3

"Salz, Rich" <rsalz@akamai.com> Sat, 14 September 2019 02:05 UTC

Return-Path: <rsalz@akamai.com>
X-Original-To: tls-reg-review@ietfa.amsl.com
Delivered-To: tls-reg-review@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 02A7A120048 for <tls-reg-review@ietfa.amsl.com>; Fri, 13 Sep 2019 19:05:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.701
X-Spam-Level:
X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id I7a64SM-_kGR for <tls-reg-review@ietfa.amsl.com>; Fri, 13 Sep 2019 19:05:04 -0700 (PDT)
Received: from mx0b-00190b01.pphosted.com (mx0b-00190b01.pphosted.com [IPv6:2620:100:9005:57f::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E971F1200A1 for <tls-reg-review@ietf.org>; Fri, 13 Sep 2019 19:05:03 -0700 (PDT)
Received: from pps.filterd (m0122331.ppops.net [127.0.0.1]) by mx0b-00190b01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id x8E21nEU013988; Sat, 14 Sep 2019 03:04:58 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-id : content-transfer-encoding : mime-version; s=jan2016.eng; bh=87kaBsX6wHG9sQzVztB41DNe6IGrQcdgA9hYcPpP6a8=; b=HvMnl0PfZdy7o/950Vfdk+kgcmcLJ+47OvmnlpQNj2Nm4bA3MGHtyrzqdFC0dIH4cSLJ AbvRmsE1UidpdDDP9Z9XYECDBZp5LhP9/FHPHQa2QqvlmLTf+bWAOBZrur5MyWqA2gJ5 vxU3pj15eaCZyp2m6XIC9oZ2fLRlxqvzdGouZj8pan6Cc+F6g6tlQdwKYu+TsGtxGw/w HUj+A61uHupNAoL2dit9sFOqGCc0CZ8WxOdULjoxbyfQFsuBvHyVyzW43xrH8mv5kXoW OPHx5xouj7VqtAipv/zu+PHm0ebDCSrF1zkbbs3tSOnM+a/jIEdNecoefTsLzm5HXO0E zg==
Received: from prod-mail-ppoint6 (prod-mail-ppoint6.akamai.com [184.51.33.61] (may be forged)) by mx0b-00190b01.pphosted.com with ESMTP id 2v0n2t8aua-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sat, 14 Sep 2019 03:04:57 +0100
Received: from pps.filterd (prod-mail-ppoint6.akamai.com [127.0.0.1]) by prod-mail-ppoint6.akamai.com (8.16.0.27/8.16.0.27) with SMTP id x8E223oB018709; Fri, 13 Sep 2019 22:04:57 -0400
Received: from email.msg.corp.akamai.com ([172.27.123.33]) by prod-mail-ppoint6.akamai.com with ESMTP id 2uyth11wjr-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Fri, 13 Sep 2019 22:04:57 -0400
Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com (172.27.123.101) by usma1ex-dag1mb2.msg.corp.akamai.com (172.27.123.102) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Fri, 13 Sep 2019 22:04:56 -0400
Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com ([172.27.123.101]) by usma1ex-dag1mb1.msg.corp.akamai.com ([172.27.123.101]) with mapi id 15.00.1473.005; Fri, 13 Sep 2019 22:04:56 -0400
From: "Salz, Rich" <rsalz@akamai.com>
To: Benjamin Kaduk <kaduk@mit.edu>, Yoav Nir <ynir.ietf@gmail.com>
CC: "tls-reg-review@ietf.org" <tls-reg-review@ietf.org>, Paul Yang <kaishen.yy=40antfin.com@dmarc.ietf.org>
Thread-Topic: [Tls-reg-review] [TLS] (offline) Re: Draft for SM cipher suites used in TLS1.3
Thread-Index: AQHVapf2o/ii09YCvEusDzMdAJ53VqcqbGqA
Date: Sat, 14 Sep 2019 02:04:55 +0000
Message-ID: <D1D5C368-E279-4A37-A097-F1FAF2CC69AA@akamai.com>
References: <20a27f61-98cf-4b2c-b6a8-e25aabd56099.kepeng.lkp@alibaba-inc.com> <83CBB97A-A3D3-48AC-9B1B-35557EE4CC95@antfin.com> <C13CBEB9-36AA-49BC-9F20-1BB0DD0E414E@ll.mit.edu> <6C74B593-C6D7-4D2E-97D8-90935E01A65E@antfin.com> <768D5E2F-4DD5-475A-A719-0BB7323204AF@akamai.com> <E5C48351-5C65-48D1-BBED-82855A7B58EB@gmail.com> <20190914010128.GL10656@kduck.mit.edu>
In-Reply-To: <20190914010128.GL10656@kduck.mit.edu>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.1d.0.190908
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [172.19.40.203]
Content-Type: text/plain; charset="utf-8"
Content-ID: <E7BCBE2A5BDB734A9F6118A63D82662E@akamai.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-09-13_11:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1908290000 definitions=main-1909140017
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.70,1.0.8 definitions=2019-09-13_11:2019-09-11,2019-09-13 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 clxscore=1015 impostorscore=0 lowpriorityscore=0 mlxscore=0 phishscore=0 priorityscore=1501 suspectscore=0 malwarescore=0 bulkscore=0 adultscore=0 spamscore=0 mlxlogscore=999 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-1908290000 definitions=main-1909140017
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls-reg-review/dRl1Mq1w3B62pwK8FU-vSdrkML8>
Subject: Re: [Tls-reg-review] [TLS] (offline) Re: Draft for SM cipher suites used in TLS1.3
X-BeenThere: tls-reg-review@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: TLS REVIEW <tls-reg-review.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls-reg-review>, <mailto:tls-reg-review-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls-reg-review/>
List-Post: <mailto:tls-reg-review@ietf.org>
List-Help: <mailto:tls-reg-review-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls-reg-review>, <mailto:tls-reg-review-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 14 Sep 2019 02:05:06 -0000

If it needs to be made more clear, sure: I second the +1.

Nick's probably off celebrating the IPO :)


On 9/13/19, 9:01 PM, "Benjamin Kaduk" <kaduk@mit.edu> wrote:

    Hi all,
    
    It looks like we have a +1 from Yoav and an "I don't want to be the first
    +1" from Rich.  Rich, do you want to make good on that, or does Nick want
    to weigh in?
    
    Thanks,
    
    Ben
    
    On Sun, Aug 25, 2019 at 10:35:03PM +0300, Yoav Nir wrote:
    > It seems fine to me. That’s exactly the way it was with Russian ciphers in the past.
    > 
    > > On 22 Aug 2019, at 19:14, Salz, Rich <rsalz@akamai.com> wrote:
    > > 
    > > Can we assign codepoints?  The draft is here: https://tools.ietf.org/id/draft-yang-tls-tls13-sm-suites-00.html <https://tools.ietf.org/id/draft-yang-tls-tls13-sm-suites-00.html>
    > > As you can see from the mail below, they made the SM specs available in English.
    > >  
    > > I don’t want to be the first one to approve this, because Paul is a pal and I helped him through the process, but I will +1 if either of you two folks are okay with it.
    > >  
    > > From: Paul Yang <kaishen.yy=40antfin.com@dmarc.ietf.org <mailto:kaishen.yy=40antfin.com@dmarc.ietf.org>>
    > > Date: Thursday, August 22, 2019 at 12:09 PM
    > > To: Uri Blumenthal <uri@ll.mit.edu <mailto:uri@ll.mit.edu>>
    > > Cc: "tls@ietf.org <mailto:tls@ietf.org>" <tls@ietf.org <mailto:tls@ietf.org>>
    > > Subject: Re: [TLS] (offline) Re: Draft for SM cipher suites used in TLS1.3
    > >  
    > > Hi there, 
    > >  
    > > Just to keep the it consistent with what previous email said - the Markdown file of the draft has been pushed to the repo:
    > >  
    > > https://github.com/alipay/tls13-sm-spec <https://github.com/alipay/tls13-sm-spec>
    > >  
    > > Please check:
    > >  
    > > https://github.com/alipay/tls13-sm-spec/blob/master/BUILD.md <https://github.com/alipay/tls13-sm-spec/blob/master/BUILD.md>
    > >  
    > > for detailed information.
    > >  
    > > Thanks.
    > > 
    > > 
    > >> On Aug 19, 2019, at 10:57 PM, Blumenthal, Uri - 0553 - MITLL <uri@ll.mit.edu <mailto:uri@ll.mit.edu>> wrote:
    > >>  
    > >> >  A side note: we will also upload the Markdown file of this draft into the same git 
    > >>         >  repository at https://github.com/alipay/tls13-sm-spec <https://github.com/alipay/tls13-sm-spec> later to make it a totally
    > >>         >  public involved progress.
    > >>  
    > >> I think this is exactly what was needed/asked-for. Thank you!
    > >> 
    > >> 
    > >> 
    > >>> On Aug 19, 2019, at 7:51 PM, Kepeng Li <kepeng.lkp@alibaba-inc.com <mailto:kepeng.lkp@alibaba-inc.com>> wrote:
    > >>>  
    > >>> Currently, we uploaded some of the referenced documents here:
    > >>> https://github.com/alipay/tls13-sm-spec <https://github.com/alipay/tls13-sm-spec>
    > >>>  
    > >>> @Rene, Parts 1 and 3 can be found in the link above.
    > >>>  
    > >>> Hope it helps.
    > >>>  
    > >>> Thanks,
    > >>>  
    > >>> Kind Regards
    > >>> Kepeng
    > >>>  
    > >>>> ------------------------------------------------------------------
    > >>>> 发件人:李克鹏(易深) <kepeng.lkp@antfin.com <mailto:kepeng.lkp@antfin.com>>
    > >>>> 发送时间:2019年8月19日(星期一) 17:38
    > >>>> 收件人:sean+ietf <sean+ietf@sn3rd.com <mailto:sean+ietf@sn3rd.com>>; joe <joe@salowey.net <mailto:joe@salowey.net>>; caw <caw@heapingbits.net <mailto:caw@heapingbits.net>>
    > >>>> 抄 送:tls@ietf.org <mailto:tls@ietf.org> <tls@ietf.org <mailto:tls@ietf.org>>; "Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu <mailto:uri@ll.mit.edu>>; Paul Yang <kaishen.yy=40alipay.com@dmarc.ietf.org <mailto:kaishen.yy=40alipay.com@dmarc.ietf.org>>
    > >>>> 主 题:Re: [TLS] (offline) Re: Draft for SM cipher suites used in TLS1.3
    > >>>>  
    > >>>> Hi WG chairs,
    > >>>>  
    > >>>> Can we place the referenced documents in the TLS WG GitHub?
    > >>>> https://github.com/tlswg <https://github.com/tlswg>
    > >>>>  
    > >>>> According to the discussion below, this can help people to read and understand the referenced specifications.
    > >>>>  
    > >>>> Thanks,
    > >>>>  
    > >>>> Kind Regards
    > >>>> Kepeng 
    > >>>>  
    > >>>> 发件人: TLS <tls-bounces@ietf.org <mailto:tls-bounces@ietf.org>> 代表 "Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu <mailto:uri@ll.mit.edu>>
    > >>>> 日期: 2019年8月18日 星期日 22:08
    > >>>> 收件人: Paul Yang <kaishen.yy=40alipay.com@dmarc.ietf.org <mailto:kaishen.yy=40alipay.com@dmarc.ietf.org>>
    > >>>> 抄送: "tls@ietf.org <mailto:tls@ietf.org>" <tls@ietf.org <mailto:tls@ietf.org>>
    > >>>> 主题: Re: [TLS] (offline) Re: Draft for SM cipher suites used in TLS1.3
    > >>>>  
    > >>>> IMHO, placing the documents on GitHub would be perfect, and quite sufficient. 
    > >>>>  
    > >>>> Please make sure to post the name of the repo here. ;/)
    > >>>>  
    > >>>> I leave it to others to decide whether they'd want copies of today PDF files sent to the mailing list directly.
    > >>>> 
    > >>>> Regards,
    > >>>> Uri
    > >>>>  
    > >>>> Sent from my iPhone
    > >>>> 
    > >>>> On Aug 17, 2019, at 01:03, Paul Yang <kaishen.yy=40alipay.com@dmarc.ietf.org <mailto:kaishen.yy=40alipay.com@dmarc.ietf.org>> wrote:
    > >>>> 
    > >>>> Good points.
    > >>>>  
    > >>>> The good news is that we have found some English PDFs of SM2, including the missing part 1 and part 3. Will continue to find English translations of other SM standards mentioned in the draft.
    > >>>>  
    > >>>> So, if we host a free website, say on Github or so, to provide those docs, is it convenient for you guys? Or should we just drop the   PDF files to this mailing list as attachments?
    > >>>>  
    > >>>> 
    > >>>> On Aug 16, 2019, at 10:58 PM, Rene Struik <rstruik.ext@gmail.com <mailto:rstruik.ext@gmail.com>> wrote:
    > >>>>  
    > >>>> Arguably, "national" crypto specifications garnish more stature if these are made available to the pubic by that standard-setting body itself (who, thereby, acts as its authoritative source), without deference to a third party (that may, independently from the originator, enforce document control [e.g., by effectuating technical changes or enforcing controlled dissemination]).
    > >>>>  
    > >>>> Since your draft introducing SM cipher suites with TLS1.3 appeals to the authority of a standard-setting authority, easy availability of the full and accredited technical documentation to the IETF community helps in scrutiny and, e.g., evaluating claims in the security considerations section.
    > >>>>  
    > >>>> On 8/16/2019 3:06 AM, Kepeng Li wrote:
    > >>>> Hi Rene and all,
    > >>>>  
    > >>>> > Since the ISO documents are not available to the general 
    > >>>> > public without payment, it would be helpful to have a freely available 
    > >>>> > document (in English) from an authoritative source. Having such a 
    > >>>> > reference available would be helpful to the IETF community (and 
    > >>>> > researchers).
    > >>>> About the references to ISO documens, I think it is a general issue for IETF drafts.
    > >>>>  
    > >>>> How does the other IETF drafts make the references to ISO documents? ISO documents are often referenced by IETF drafts.
    > >>>>  
    > >>>> Thanks,
    > >>>>  
    > >>>> Kind Regards
    > >>>> Kepeng
    > >>>> ——————————————————————————————————————————————————————————————————
    > >>>> Re: [TLS] Draft for SM cipher suites used in TLS1.3
    > >>>> 
    > >>>> Rene Struik <rstruik.ext@gmail.com <mailto:rstruik.ext@gmail.com>> Thu, 15 August 2019 15:34 UTCShow header <https://mailarchive.ietf.org/arch/browse/tls/?index=NHbHOGtsR1S5cCr9nWN9_sdyTgg&gbt=1>
    > >>>> Hi Paul:
    > >>>>  
    > >>>> I tried and look up the documents GMT.0009-2012 and GBT.32918.5-2016 on 
    > >>>> the (non-secured) websites you referenced, but only found Chinese 
    > >>>> versions (and Chinese website navigation panels [pardon my poor language 
    > >>>> skills here]). Since the ISO documents are not available to the general 
    > >>>> public without payment, it would be helpful to have a freely available 
    > >>>> document (in English) from an authoritative source. Having such a 
    > >>>> reference available would be helpful to the IETF community (and 
    > >>>> researchers). Please note that BSI provides its specifications in German 
    > >>>> and English, so as to foster use/study by the community. If the Chinese 
    > >>>> national algorithms would be available in similar form, this would serve 
    > >>>> a similar purpose.
    > >>>>  
    > >>>> FYI - I am interested in full details and some time last year I tried to 
    > >>>> download specs, but only Parts 2, 4, and 5 were available [1], [2], [3], 
    > >>>> not Parts 1 and 3.
    > >>>>  
    > >>>> Best regards, Rene
    > >>>>  
    > >>>> [1] China ECC - Public Key Cryptographic Algorithm SM2 Based on ECC - 
    > >>>> Part 5 - Parameter Definition (SEMB, July 24, 2018)
    > >>>> [2] China ECC - Public Key Cryptographic Algorithm SM2 Based on ECC - 
    > >>>> Part 2 - Digital Signature Algorithm (SEMB, July 24, 2018)
    > >>>> [3] China ECC - Public Key Cryptographic Algorithm SM2 Based on ECC - 
    > >>>> Part 4 - Public Key Encryption Algorithm (SEMB, July 24, 2018)
    > >>>>  
    > >>>> On 8/15/2019 10:16 AM, Paul Yang wrote:
    > >>>> > Hi all,
    > >>>> > 
    > >>>> > I have submitted a new internet draft to introduce the SM cipher 
    > >>>> > suites into TLS 1.3 protocol.
    > >>>> > 
    > >>>> > https://tools.ietf.org/html/draft-yang-tls-tls13-sm-suites-00 <https://tools.ietf.org/html/draft-yang-tls-tls13-sm-suites-00>
    > >>>> > 
    > >>>> > SM cryptographic algorithms are originally a set of Chinese national 
    > >>>> > algorithms and now have been (or being) accepted by ISO as 
    > >>>> > international standards, including SM2 signature algorithm, SM3 hash 
    > >>>> > function and SM4 block cipher. These algorithms have already been 
    > >>>> > supported some time ago by several widely used open source 
    > >>>> > cryptographic libraries including OpenSSL, BouncyCastle, Botan, etc.
    > >>>> > 
    > >>>> > Considering TLS1.3 is being gradually adopted in China's internet 
    > >>>> > industry, it's important to have a normative definition on how to use 
    > >>>> > the SM algorithms with TLS1.3, especially for the mobile internet 
    > >>>> > scenario. Ant Financial is the company who develops the market leading 
    > >>>> > mobile app 'Alipay' and supports payment services for Alibaba 
    > >>>> > e-commerce business. We highly are depending on the new TLS1.3 
    > >>>> > protocol for both performance and security purposes. We expect to have 
    > >>>> > more deployment of TLS1.3 capable applications in China's internet 
    > >>>> > industry by this standardization attempts.
    > >>>> > 
    > >>>> > It's very appreciated to have comments from the IETF TLS list :-)
    > >>>> > 
    > >>>> > Many thanks!
    > >>>> > 
    > >>>> > _______________________________________________
    > >>>> > TLS mailing list
    > >>>> > TLS@ietf.org <mailto:TLS@ietf.org>
    > >>>> > https://www.ietf.org/mailman/listinfo/tls <https://www.ietf.org/mailman/listinfo/tls>
    > >>>>  
    > >>>>  
    > >>>> -- 
    > >>>> email: rstruik.ext@gmail.com <mailto:rstruik.ext@gmail.com> | Skype: rstruik
    > >>>> cell: +1 (647) 867-5658 | US: +1 (415) 690-7363
    > >>>> _______________________________________________
    > >>>> TLS mailing list
    > >>>> TLS@ietf.org <mailto:TLS@ietf.org>
    > >>>> https://www.ietf.org/mailman/listinfo/tls <https://www.ietf.org/mailman/listinfo/tls>
    > >>>>  
    > >>>> 
    > >>>> Regards,
    > >>>>  
    > >>>> Paul Yang
    > >>>>  
    > >>>> _______________________________________________
    > >>>> TLS mailing list
    > >>>> TLS@ietf.org <mailto:TLS@ietf.org>
    > >>>> https://www.ietf.org/mailman/listinfo/tls <https://www.ietf.org/mailman/listinfo/tls>
    > >>>> _______________________________________________ TLS mailing list TLS@ietf.org <mailto:TLS@ietf.org> https://www.ietf.org/mailman/listinfo/tls <https://www.ietf.org/mailman/listinfo/tls>
    > >>  
    > >> 
    > >> Regards,
    > >>  
    > >> Paul Yang
    > > 
    > >  
    > > 
    > > Regards,
    > >  
    > > Paul Yang
    > >  
    > > _______________________________________________
    > > tls-reg-review mailing list
    > > tls-reg-review@ietf.org <mailto:tls-reg-review@ietf.org>
    > > https://www.ietf.org/mailman/listinfo/tls-reg-review <https://www.ietf.org/mailman/listinfo/tls-reg-review>
    > 
    
    > _______________________________________________
    > tls-reg-review mailing list
    > tls-reg-review@ietf.org
    > https://www.ietf.org/mailman/listinfo/tls-reg-review

v2.23.0 | Report a Bug | By Email