[TLS] Draft for SM cipher suites used in TLS1.3

"Paul Yang" <kaishen.yy@antfin.com> Thu, 15 August 2019 14:17 UTC

Return-Path: <kaishen.yy@antfin.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0E16512011B for <tls@ietfa.amsl.com>; Thu, 15 Aug 2019 07:17:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XpvhW-gM8eDU for <tls@ietfa.amsl.com>; Thu, 15 Aug 2019 07:17:00 -0700 (PDT)
Received: from out0-142.mail.aliyun.com (out0-142.mail.aliyun.com [140.205.0.142]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A632F1200E5 for <tls@ietf.org>; Thu, 15 Aug 2019 07:16:58 -0700 (PDT)
X-Alimail-AntiSpam: AC=PASS; BC=-1|-1; BR=01201311R181e4; CH=green; DM=||false|; FP=0|-1|-1|-1|0|-1|-1|-1; HT=e02c03267; MF=kaishen.yy@antfin.com; NM=1; PH=DW; RN=1; SR=0; TI=W4_5657687_v5ForWebDing_0AB101E6_1565878614219_o7001c35p;
Received: from WS-web (kaishen.yy@antfin.com[W4_5657687_v5ForWebDing_0AB101E6_1565878614219_o7001c35p]) by e01l07394.eu6 at Thu, 15 Aug 2019 22:16:54 +0800
Date: Thu, 15 Aug 2019 22:16:54 +0800
From: "Paul Yang" <kaishen.yy@antfin.com>
To: "TLS List" <tls@ietf.org>
Reply-To: "Paul Yang" <kaishen.yy@antfin.com>
Message-ID: <2145119c-0942-4b38-bc58-eb8d6e018a1f.kaishen.yy@antfin.com>
X-Mailer: [Alimail-Mailagent][W4_5657687][v5ForWebDing][Chrome]
MIME-Version: 1.0
x-aliyun-mail-creator: W4_5657687_v5ForWebDing_M3LTW96aWxsYS81LjAgKE1hY2ludG9zaDsgSW50ZWwgTWFjIE9TIFggMTBfMTRfNSkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzc2LjAuMzgwOS4xMDAgU2FmYXJpLzUzNy4zNg==vN
Content-Type: multipart/alternative; boundary="----=ALIBOUNDARY_23333_4e15c940_5d556956_192fadc"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/NHbHOGtsR1S5cCr9nWN9_sdyTgg>
Subject: [TLS] =?utf-8?q?Draft_for_SM_cipher_suites_used_in_TLS1=2E3?=
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Aug 2019 14:17:02 -0000

Hi all,

I have submitted a new internet draft to introduce the SM cipher suites into TLS 1.3 protocol.

https://tools.ietf.org/html/draft-yang-tls-tls13-sm-suites-00

SM cryptographic algorithms are originally a set of Chinese national algorithms and now have been (or being) accepted by ISO as international standards, including SM2 signature algorithm, SM3 hash function and SM4 block cipher. These algorithms have already been supported some time ago by several widely used open source cryptographic libraries including OpenSSL, BouncyCastle, Botan, etc.

Considering TLS1.3 is being gradually adopted in China's internet industry, it's important to have a normative definition on how to use the SM algorithms with TLS1.3, especially for the mobile internet scenario. Ant Financial is the company who develops the market leading mobile app 'Alipay' and supports payment services for Alibaba e-commerce business. We highly are depending on the new TLS1.3 protocol for both performance and security purposes. We expect to have more deployment of TLS1.3 capable applications in China's internet industry by this standardization attempts.

It's very appreciated to have comments from the IETF TLS list :-)

Many thanks!