Re: [TLS] SHA-3 in SignatureScheme

"Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu> Tue, 06 September 2016 12:53 UTC

Return-Path: <prvs=80573c2d4c=uri@ll.mit.edu>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5B1FC12B84F for <tls@ietfa.amsl.com>; Tue, 6 Sep 2016 05:53:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.705
X-Spam-Level:
X-Spam-Status: No, score=-5.705 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-1.508, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XSF0xhXMFoxs for <tls@ietfa.amsl.com>; Tue, 6 Sep 2016 05:53:48 -0700 (PDT)
Received: from llmx2.ll.mit.edu (LLMX2.LL.MIT.EDU [129.55.12.48]) by ietfa.amsl.com (Postfix) with ESMTP id B5DD012B8C8 for <tls@ietf.org>; Tue, 6 Sep 2016 05:35:46 -0700 (PDT)
Received: from LLE2K10-HUB02.mitll.ad.local (LLE2K10-HUB02.mitll.ad.local) by llmx2.ll.mit.edu (unknown) with ESMTP id u86CW39l024457 for <tls@ietf.org>; Tue, 6 Sep 2016 08:32:03 -0400
From: "Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu>
To: "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] SHA-3 in SignatureScheme
Thread-Index: AQHSBHfFOWP+vPLKs0GIS/iOWjsWWqBsoxkA///KVYA=
Date: Tue, 6 Sep 2016 12:35:44 +0000
Message-ID: <F573DEFE-A2A9-4E37-B6A4-C4879ED9696B@ll.mit.edu>
References: <7755682.Cma8FBTrvx@pintsize.usersys.redhat.com> <57CEACE4.2090900@st.com>
In-Reply-To: <57CEACE4.2090900@st.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/f.19.0.160817
x-originating-ip: [172.25.177.156]
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha384; boundary="B_3555995743_178483354"
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2016-09-06_04:, , signatures=0
X-Proofpoint-Spam-Details: rule=inbound_notspam policy=inbound score=0 spamscore=0 suspectscore=0 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1604210000 definitions=main-1609060195
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/AxP1DikuTwQWg_P-nysjy6jvPf4>
Subject: Re: [TLS] SHA-3 in SignatureScheme
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Sep 2016 12:53:52 -0000

+1

 

On 9/6/16, 7:47 , "TLS on behalf of Gilles Van Assche" <tls-bounces@ietf.org on behalf of gilles.vanassche@st.com> wrote:

 

Hello,

 

For RSA PSS, I would suggest to consider:

rsa_pss_shake128

rsa_pss_shake256

where SHAKE128 (or 256), as an exendable output function (XOF), directly

replaces the mask generating function MGF.

 

This would make RSA PSS simpler and more efficient.

 

Kind regards,

Gilles

 

 

On 01/09/16 19:38, Hubert Kario wrote:

The SHA-3 standard is already published and accepted[1], shouldn't TLSv1.3 

include signatures with those hashes then?

 

I think at least the following signature algorithms should be added:

ecdsa_secp256r1_sha3_256

ecdsa_secp384r1_sha3_384

ecdsa_secp521r1_sha3_512

 

rsa_pss_sha3_256

rsa_pss_sha3_384

rsa_pss_sha3_512

 

  1 - https://www.federalregister.gov/articles/2015/08/05/2015-19181/

announcing-approval-of-federal-information-processing-standard-fips-202-sha-3-

standard