Re: [TLS] Re: Draft for SM cipher suites used in TLS1.3

"Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu> Fri, 16 August 2019 15:05 UTC

Return-Path: <prvs=3131b19307=uri@ll.mit.edu>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7ADD5120052 for <tls@ietfa.amsl.com>; Fri, 16 Aug 2019 08:05:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.194
X-Spam-Level:
X-Spam-Status: No, score=-4.194 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_NONE=0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xYP1dob2g2DP for <tls@ietfa.amsl.com>; Fri, 16 Aug 2019 08:05:39 -0700 (PDT)
Received: from llmx3.ll.mit.edu (LLMX3.LL.MIT.EDU [129.55.12.49]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EAC56120047 for <tls@ietf.org>; Fri, 16 Aug 2019 08:05:37 -0700 (PDT)
Received: from LLE2K16-MBX03.mitll.ad.local (LLE2K16-MBX03.mitll.ad.local) by llmx3.ll.mit.edu (unknown) with ESMTPS id x7GF5ZXQ047355 for <tls@ietf.org>; Fri, 16 Aug 2019 11:05:35 -0400
From: "Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu>
To: TLS <tls@ietf.org>
Thread-Topic: [TLS] Re: Draft for SM cipher suites used in TLS1.3
Thread-Index: AQHVVAJVK0PrqEdKSEeegSRe0UZt+Kb94BWA
Date: Fri, 16 Aug 2019 15:05:33 +0000
Message-ID: <CD858630-F612-4069-B48B-673594B80437@ll.mit.edu>
References: <3dfe43fe-b81c-4fc1-91af-3a1e8565794e.kepeng.lkp@alibaba-inc.com>
In-Reply-To: <3dfe43fe-b81c-4fc1-91af-3a1e8565794e.kepeng.lkp@alibaba-inc.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.1b.0.190715
x-originating-ip: [172.25.1.85]
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha256"; boundary="B_3648798333_348709734"
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-08-16_07:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1906280000 definitions=main-1908160159
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/IUtxraSIfLBcuF5VQUB9qU-j1l0>
Subject: Re: [TLS] Re: Draft for SM cipher suites used in TLS1.3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Aug 2019 15:05:42 -0000

AFAIK, all the ISO standards that IETF refers to, were defined elsewhere first, i.e., ISO defined them based on some open submissions, publications, etc.

 

I fully agree with Rene – if you want the specs standardized, provide the complete specs, including the missing parts 1 and 3.

 

 

 

From: TLS <tls-bounces@ietf.org> on behalf of Kepeng Li <kepeng.lkp@alibaba-inc.com>
Reply-To: Kepeng Li <kepeng.lkp@alibaba-inc.com>
Date: Friday, August 16, 2019 at 3:15 AM
To: "rstruik.ext" <rstruik.ext@gmail.com>, TLS <tls@ietf.org>
Subject: [TLS] Re: Draft for SM cipher suites used in TLS1.3

 

Hi Rene and all,

 

> Since the ISO documents are not available to the general 
> public without payment, it would be helpful to have a freely available 
> document (in English) from an authoritative source. Having such a 
> reference available would be helpful to the IETF community (and 
> researchers).
About the references to ISO documens, I think it is a general issue for IETF drafts.

 

How does the other IETF drafts make the references to ISO documents? ISO documents are often referenced by IETF drafts.

 

Thanks,

 

Kind Regards

Kepeng

——————————————————————————————————————————————————————————————————

Re: [TLS] Draft for SM cipher suites used in TLS1.3
Rene Struik <rstruik.ext@gmail.com> Thu, 15 August 2019 15:34 UTCShow header
Hi Paul:
 
I tried and look up the documents GMT.0009-2012 and GBT.32918.5-2016 on 
the (non-secured) websites you referenced, but only found Chinese 
versions (and Chinese website navigation panels [pardon my poor language 
skills here]). Since the ISO documents are not available to the general 
public without payment, it would be helpful to have a freely available 
document (in English) from an authoritative source. Having such a 
reference available would be helpful to the IETF community (and 
researchers). Please note that BSI provides its specifications in German 
and English, so as to foster use/study by the community. If the Chinese 
national algorithms would be available in similar form, this would serve 
a similar purpose.
 
FYI - I am interested in full details and some time last year I tried to 
download specs, but only Parts 2, 4, and 5 were available [1], [2], [3], 
not Parts 1 and 3.
 
Best regards, Rene
 
[1] China ECC - Public Key Cryptographic Algorithm SM2 Based on ECC - 
Part 5 - Parameter Definition (SEMB, July 24, 2018)
[2] China ECC - Public Key Cryptographic Algorithm SM2 Based on ECC - 
Part 2 - Digital Signature Algorithm (SEMB, July 24, 2018)
[3] China ECC - Public Key Cryptographic Algorithm SM2 Based on ECC - 
Part 4 - Public Key Encryption Algorithm (SEMB, July 24, 2018)
 
On 8/15/2019 10:16 AM, Paul Yang wrote:
> Hi all,
> 
> I have submitted a new internet draft to introduce the SM cipher 
> suites into TLS 1.3 protocol.
> 
> https://tools.ietf.org/html/draft-yang-tls-tls13-sm-suites-00
> 
> SM cryptographic algorithms are originally a set of Chinese national 
> algorithms and now have been (or being) accepted by ISO as 
> international standards, including SM2 signature algorithm, SM3 hash 
> function and SM4 block cipher. These algorithms have already been 
> supported some time ago by several widely used open source 
> cryptographic libraries including OpenSSL, BouncyCastle, Botan, etc.
> 
> Considering TLS1.3 is being gradually adopted in China's internet 
> industry, it's important to have a normative definition on how to use 
> the SM algorithms with TLS1.3, especially for the mobile internet 
> scenario. Ant Financial is the company who develops the market leading 
> mobile app 'Alipay' and supports payment services for Alibaba 
> e-commerce business. We highly are depending on the new TLS1.3 
> protocol for both performance and security purposes. We expect to have 
> more deployment of TLS1.3 capable applications in China's internet 
> industry by this standardization attempts.
> 
> It's very appreciated to have comments from the IETF TLS list :-)
> 
> Many thanks!
> 
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls