Re: [TLS] SHA-3 in SignatureScheme

Gilles Van Assche <gilles.vanassche@st.com> Tue, 06 September 2016 11:53 UTC

Return-Path: <gilles.vanassche@st.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9430512B019 for <tls@ietfa.amsl.com>; Tue, 6 Sep 2016 04:53:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level:
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dMgGzqL0AvIw for <tls@ietfa.amsl.com>; Tue, 6 Sep 2016 04:53:26 -0700 (PDT)
Received: from mx07-00178001.pphosted.com (mx08-00178001.pphosted.com [91.207.212.93]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8449612B507 for <tls@ietf.org>; Tue, 6 Sep 2016 04:47:37 -0700 (PDT)
Received: from pps.filterd (m0046660.ppops.net [127.0.0.1]) by mx08-00178001.pphosted.com (8.16.0.11/8.16.0.11) with SMTP id u86Bk6M2002748 for <tls@ietf.org>; Tue, 6 Sep 2016 13:47:36 +0200
Received: from beta.dmz-eu.st.com (beta.dmz-eu.st.com [164.129.1.35]) by mx08-.pphosted.com with ESMTP id 257kn5jnd9-1 (version=TLSv1 cipher=ECDHE-RSA-AES256-SHA bits=256 verify=NOT) for <tls@ietf.org>; Tue, 06 Sep 2016 13:47:36 +0200
Received: from zeta.dmz-eu.st.com (zeta.dmz-eu.st.com [164.129.230.9]) by beta.dmz-eu.st.com (STMicroelectronics) with ESMTP id 6480A38 for <tls@ietf.org>; Tue, 6 Sep 2016 11:47:35 +0000 (GMT)
Received: from Webmail-eu.st.com (safex1hubcas6.st.com [10.75.90.73]) by zeta.dmz-eu.st.com (STMicroelectronics) with ESMTP id 0390D25B5 for <tls@ietf.org>; Tue, 6 Sep 2016 11:47:35 +0000 (GMT)
Received: from [10.137.2.67] (10.137.2.67) by webmail-eu.st.com (10.75.90.73) with Microsoft SMTP Server id 8.3.444.0; Tue, 6 Sep 2016 13:47:34 +0200
To: <tls@ietf.org>
References: <7755682.Cma8FBTrvx@pintsize.usersys.redhat.com>
From: Gilles Van Assche <gilles.vanassche@st.com>
X-Enigmail-Draft-Status: N1110
Message-ID: <57CEACE4.2090900@st.com>
Date: Tue, 6 Sep 2016 13:47:48 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0
MIME-Version: 1.0
In-Reply-To: <7755682.Cma8FBTrvx@pintsize.usersys.redhat.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2016-09-06_04:, , signatures=0
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/jCWSYrWDpAsLD_PIA_1GNSIVX2c>
Subject: Re: [TLS] SHA-3 in SignatureScheme
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Sep 2016 11:53:27 -0000

Hello,

For RSA PSS, I would suggest to consider:
rsa_pss_shake128
rsa_pss_shake256
where SHAKE128 (or 256), as an exendable output function (XOF), directly
replaces the mask generating function MGF.

This would make RSA PSS simpler and more efficient.

Kind regards,
Gilles


On 01/09/16 19:38, Hubert Kario wrote:
> The SHA-3 standard is already published and accepted[1], shouldn't TLSv1.3 
> include signatures with those hashes then?
>
> I think at least the following signature algorithms should be added:
> ecdsa_secp256r1_sha3_256
> ecdsa_secp384r1_sha3_384
> ecdsa_secp521r1_sha3_512
>
> rsa_pss_sha3_256
> rsa_pss_sha3_384
> rsa_pss_sha3_512
>
>  1 - https://www.federalregister.gov/articles/2015/08/05/2015-19181/
> announcing-approval-of-federal-information-processing-standard-fips-202-sha-3-
> standard