[TLS] Re: Draft for SM cipher suites used in TLS1.3

"Kepeng Li" <kepeng.lkp@alibaba-inc.com> Fri, 16 August 2019 07:13 UTC

Return-Path: <kepeng.lkp@alibaba-inc.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C7F3E120041 for <tls@ietfa.amsl.com>; Fri, 16 Aug 2019 00:13:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.997
X-Spam-Level:
X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=alibaba-inc.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SCTj0rMeLml5 for <tls@ietfa.amsl.com>; Fri, 16 Aug 2019 00:13:54 -0700 (PDT)
Received: from out0-145.mail.aliyun.com (out0-145.mail.aliyun.com [140.205.0.145]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D3E9312002E for <TLS@ietf.org>; Fri, 16 Aug 2019 00:13:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alibaba-inc.com; s=default; t=1565939628; h=Date:From:To:Message-ID:Subject:MIME-Version:Content-Type; bh=CsKPhqQlhRGNdLJ0ZzUMSycYgLCDH8GV4ddmkHZQWNw=; b=cLcZbMZwqITXHrb+Fq4yJ9g2RxVX7iO093UwHTHGK07mMbck5GS+YIjAXFcTYjVtHivtqQ+nAp9wt3dtByPYKaKYFOzVL8A7TBQUFqX1Afx5lVVQHK44OktdyMbKCzK+Gfq+J5Jo2vMxeQgx3XwHT1FjotAqJ4rh23l3tPhFKI0=
X-Alimail-AntiSpam: AC=PASS; BC=-1|-1; BR=01201311R161e4; CH=green; DM=||false|; FP=0|-1|-1|-1|0|-1|-1|-1; HT=e02c03267; MF=kepeng.lkp@alibaba-inc.com; NM=1; PH=DW; RN=2; SR=0; TI=W4_5657687_DEFAULT_0A93269A_1565939620954_o7001c95s;
Received: from WS-web (kepeng.lkp@alibaba-inc.com[W4_5657687_DEFAULT_0A93269A_1565939620954_o7001c95s]) by e01l04363.eu6 at Fri, 16 Aug 2019 15:13:44 +0800
Date: Fri, 16 Aug 2019 15:13:44 +0800
From: "Kepeng Li" <kepeng.lkp@alibaba-inc.com>
To: "rstruik.ext" <rstruik.ext@gmail.com>, "TLS" <TLS@ietf.org>
Reply-To: "Kepeng Li" <kepeng.lkp@alibaba-inc.com>
Message-ID: <3dfe43fe-b81c-4fc1-91af-3a1e8565794e.kepeng.lkp@alibaba-inc.com>
X-Mailer: [Alimail-Mailagent][W4_5657687][DEFAULT][Chrome]
MIME-Version: 1.0
x-aliyun-mail-creator: W4_5657687_DEFAULT_M3LTW96aWxsYS81LjAgKE1hY2ludG9zaDsgSW50ZWwgTWFjIE9TIFggMTBfMTRfNSkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzc2LjAuMzgwOS4xMDAgU2FmYXJpLzUzNy4zNg==vN
Content-Type: multipart/alternative; boundary="----=ALIBOUNDARY_18741_4cf23940_5d5657a8_194a316"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/aaFEDm_K7IdLve7p2Ukd-XlnKiA>
Subject: [TLS] =?utf-8?q?Re=EF=BC=9A_Draft_for_SM_cipher_suites_used_in_T?= =?utf-8?q?LS1=2E3?=
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Aug 2019 07:13:57 -0000

Hi Rene and all,

> Since the ISO documents are not available to the general 
> public without payment, it would be helpful to have a freely available 
> document (in English) from an authoritative source. Having such a 
> reference available would be helpful to the IETF community (and 
> researchers).
About the references to ISO documens, I think it is a general issue for IETF drafts.

How does the other IETF drafts make the references to ISO documents? ISO documents are often referenced by IETF drafts.

Thanks,

Kind Regards
Kepeng
——————————————————————————————————————————————————————————————————
Re: [TLS] Draft for SM cipher suites used in TLS1.3
Rene Struik <rstruik.ext@gmail.com>; Thu, 15 August 2019 15:34 UTCShow header
Hi Paul:

I tried and look up the documents GMT.0009-2012 and GBT.32918.5-2016 on 
the (non-secured) websites you referenced, but only found Chinese 
versions (and Chinese website navigation panels [pardon my poor language 
skills here]). Since the ISO documents are not available to the general 
public without payment, it would be helpful to have a freely available 
document (in English) from an authoritative source. Having such a 
reference available would be helpful to the IETF community (and 
researchers). Please note that BSI provides its specifications in German 
and English, so as to foster use/study by the community. If the Chinese 
national algorithms would be available in similar form, this would serve 
a similar purpose.

FYI - I am interested in full details and some time last year I tried to 
download specs, but only Parts 2, 4, and 5 were available [1], [2], [3], 
not Parts 1 and 3.

Best regards, Rene

[1] China ECC - Public Key Cryptographic Algorithm SM2 Based on ECC - 
Part 5 - Parameter Definition (SEMB, July 24, 2018)
[2] China ECC - Public Key Cryptographic Algorithm SM2 Based on ECC - 
Part 2 - Digital Signature Algorithm (SEMB, July 24, 2018)
[3] China ECC - Public Key Cryptographic Algorithm SM2 Based on ECC - 
Part 4 - Public Key Encryption Algorithm (SEMB, July 24, 2018)

On 8/15/2019 10:16 AM, Paul Yang wrote:
> Hi all,
>
> I have submitted a new internet draft to introduce the SM cipher 
> suites into TLS 1.3 protocol.
>
> https://tools.ietf.org/html/draft-yang-tls-tls13-sm-suites-00
>
> SM cryptographic algorithms are originally a set of Chinese national 
> algorithms and now have been (or being) accepted by ISO as 
> international standards, including SM2 signature algorithm, SM3 hash 
> function and SM4 block cipher. These algorithms have already been 
> supported some time ago by several widely used open source 
> cryptographic libraries including OpenSSL, BouncyCastle, Botan, etc.
>
> Considering TLS1.3 is being gradually adopted in China's internet 
> industry, it's important to have a normative definition on how to use 
> the SM algorithms with TLS1.3, especially for the mobile internet 
> scenario. Ant Financial is the company who develops the market leading 
> mobile app 'Alipay' and supports payment services for Alibaba 
> e-commerce business. We highly are depending on the new TLS1.3 
> protocol for both performance and security purposes. We expect to have 
> more deployment of TLS1.3 capable applications in China's internet 
> industry by this standardization attempts.
>
> It's very appreciated to have comments from the IETF TLS list :-)
>
> Many thanks!
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls