draft-ietf-lamps-pkix-shake-13.txt   draft-ietf-lamps-pkix-shake-14.txt 
LAMPS WG P. Kampanakis LAMPS WG P. Kampanakis
Internet-Draft Cisco Systems Internet-Draft Cisco Systems
Updates: 3279 (if approved) Q. Dang Updates: 3279 (if approved) Q. Dang
Intended status: Standards Track NIST Intended status: Standards Track NIST
Expires: January 22, 2020 July 21, 2019 Expires: January 22, 2020 July 21, 2019
Internet X.509 Public Key Infrastructure: Additional Algorithm Internet X.509 Public Key Infrastructure: Additional Algorithm
Identifiers for RSASSA-PSS and ECDSA using SHAKEs Identifiers for RSASSA-PSS and ECDSA using SHAKEs
draft-ietf-lamps-pkix-shake-13 draft-ietf-lamps-pkix-shake-14
Abstract Abstract
Digital signatures are used to sign messages, X.509 certificates and Digital signatures are used to sign messages, X.509 certificates and
CRLs. This document updates the "Algorithms and Identifiers for the CRLs. This document updates the "Algorithms and Identifiers for the
Internet X.509 Public Key Infrastructure Certificate and Certificate Internet X.509 Public Key Infrastructure Certificate and Certificate
Revocation List Profile" (RFC3279) and describes the conventions for Revocation List Profile" (RFC3279) and describes the conventions for
using the SHAKE function family in Internet X.509 certificates and using the SHAKE function family in Internet X.509 certificates and
revocation lists as one-way hash functions with the RSA Probabilistic revocation lists as one-way hash functions with the RSA Probabilistic
signature and ECDSA signature algorithms. The conventions for the signature and ECDSA signature algorithms. The conventions for the
skipping to change at page 2, line 13 skipping to change at page 2, line 13
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Change Log . . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Change Log . . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 4 2. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 5
3. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 5 3. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 5
4. Identifiers . . . . . . . . . . . . . . . . . . . . . . . . . 5 4. Identifiers . . . . . . . . . . . . . . . . . . . . . . . . . 5
5. Use in PKIX . . . . . . . . . . . . . . . . . . . . . . . . . 6 5. Use in PKIX . . . . . . . . . . . . . . . . . . . . . . . . . 6
5.1. Signatures . . . . . . . . . . . . . . . . . . . . . . . 6 5.1. Signatures . . . . . . . . . . . . . . . . . . . . . . . 6
5.1.1. RSASSA-PSS Signatures . . . . . . . . . . . . . . . . 7 5.1.1. RSASSA-PSS Signatures . . . . . . . . . . . . . . . . 7
5.1.2. ECDSA Signatures . . . . . . . . . . . . . . . . . . 8 5.1.2. ECDSA Signatures . . . . . . . . . . . . . . . . . . 8
5.2. Public Keys . . . . . . . . . . . . . . . . . . . . . . . 8 5.2. Public Keys . . . . . . . . . . . . . . . . . . . . . . . 9
6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9
7. Security Considerations . . . . . . . . . . . . . . . . . . . 10 7. Security Considerations . . . . . . . . . . . . . . . . . . . 10
8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 10 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 10
9. References . . . . . . . . . . . . . . . . . . . . . . . . . 10 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 11
9.1. Normative References . . . . . . . . . . . . . . . . . . 10 9.1. Normative References . . . . . . . . . . . . . . . . . . 11
9.2. Informative References . . . . . . . . . . . . . . . . . 11 9.2. Informative References . . . . . . . . . . . . . . . . . 12
Appendix A. ASN.1 module . . . . . . . . . . . . . . . . . . . . 12 Appendix A. ASN.1 module . . . . . . . . . . . . . . . . . . . . 13
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 16 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 17
1. Change Log 1. Change Log
[ EDNOTE: Remove this section before publication. ] [ EDNOTE: Remove this section before publication. ]
o draft-ietf-lamps-pkix-shake-14:
* Fixing error with incorrect preimage resistance bits for SHA128
and SHA256.
o draft-ietf-lamps-pkix-shake-13: o draft-ietf-lamps-pkix-shake-13:
* Addressing one applicable comment from Dan M. about sec levels * Addressing one applicable comment from Dan M. about sec levels
while in secdir review of draft-ietf-lamps-cms-shakes. while in secdir review of draft-ietf-lamps-cms-shakes.
* Addressing comment from Scott B.'s opsdir review about * Addressing comment from Scott B.'s opsdir review about
references in the abstract. references in the abstract.
o draft-ietf-lamps-pkix-shake-12: o draft-ietf-lamps-pkix-shake-12:
skipping to change at page 10, line 17 skipping to change at page 10, line 37
This document updates [RFC3279]. The security considerations section This document updates [RFC3279]. The security considerations section
of that document applies to this specification as well. of that document applies to this specification as well.
NIST has defined appropriate use of the hash functions in terms of NIST has defined appropriate use of the hash functions in terms of
the algorithm strengths and expected time frames for secure use in the algorithm strengths and expected time frames for secure use in
Special Publications (SPs) [SP800-78-4] and [SP800-107]. These Special Publications (SPs) [SP800-78-4] and [SP800-107]. These
documents can be used as guides to choose appropriate key sizes for documents can be used as guides to choose appropriate key sizes for
various security scenarios. various security scenarios.
SHAKE128 with output length of 256-bits offers 128-bits of collision SHAKE128 with output length of 256-bits offers 128-bits of collision
and 256-bits of preimage resistance. Thus, SHAKE128 OIDs in this and preimage resistance. Thus, SHAKE128 OIDs in this specification
specification are RECOMMENDED with 2048 (112-bit security) or are RECOMMENDED with 2048 (112-bit security) or 3072-bit (128-bit
3072-bit (128-bit security) RSA modulus or curves with group order of security) RSA modulus or curves with group order of 256-bits (128-bit
256-bits (128-bit security). SHAKE256 with 512-bits output length security). SHAKE256 with 512-bits output length offers 256-bits of
offers 256-bits of collision and 512-bits of preimage resistance. collision and preimage resistance. Thus, the SHAKE256 OIDs in this
Thus, the SHAKE256 OIDs in this specification are RECOMMENDED with specification are RECOMMENDED with 4096-bit RSA modulus or higher or
4096-bit RSA modulus or higher or curves with group order of 384-bits curves with group order of 521-bits (256-bit security) or higher.
(256-bit security) or higher. Note that we recommended 4096-bit RSA Note that we recommended 4096-bit RSA because we would need 15360-bit
because we would need 15360-bit modulus for 256-bits of security modulus for 256-bits of security which is impractical for today's
which is impractical for today's technology. technology.
8. Acknowledgements 8. Acknowledgements
We would like to thank Sean Turner, Jim Schaad and Eric Rescorla for We would like to thank Sean Turner, Jim Schaad and Eric Rescorla for
their valuable contributions to this document. their valuable contributions to this document.
The authors would like to thank Russ Housley for his guidance and The authors would like to thank Russ Housley for his guidance and
very valuable contributions with the ASN.1 module. very valuable contributions with the ASN.1 module.
9. References 9. References
 End of changes. 6 change blocks. 
18 lines changed or deleted 23 lines changed or added

This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/