draft-ietf-lamps-pkix-shake-14.txt   draft-ietf-lamps-pkix-shake-15.txt 
LAMPS WG P. Kampanakis LAMPS WG P. Kampanakis
Internet-Draft Cisco Systems Internet-Draft Cisco Systems
Updates: 3279 (if approved) Q. Dang Updates: 3279 (if approved) Q. Dang
Intended status: Standards Track NIST Intended status: Standards Track NIST
Expires: January 22, 2020 July 21, 2019 Expires: January 22, 2020 July 21, 2019
Internet X.509 Public Key Infrastructure: Additional Algorithm Internet X.509 Public Key Infrastructure: Additional Algorithm
Identifiers for RSASSA-PSS and ECDSA using SHAKEs Identifiers for RSASSA-PSS and ECDSA using SHAKEs
draft-ietf-lamps-pkix-shake-14 draft-ietf-lamps-pkix-shake-15
Abstract Abstract
Digital signatures are used to sign messages, X.509 certificates and Digital signatures are used to sign messages, X.509 certificates and
CRLs. This document updates the "Algorithms and Identifiers for the CRLs. This document updates the "Algorithms and Identifiers for the
Internet X.509 Public Key Infrastructure Certificate and Certificate Internet X.509 Public Key Infrastructure Certificate and Certificate
Revocation List Profile" (RFC3279) and describes the conventions for Revocation List Profile" (RFC3279) and describes the conventions for
using the SHAKE function family in Internet X.509 certificates and using the SHAKE function family in Internet X.509 certificates and
revocation lists as one-way hash functions with the RSA Probabilistic revocation lists as one-way hash functions with the RSA Probabilistic
signature and ECDSA signature algorithms. The conventions for the signature and ECDSA signature algorithms. The conventions for the
skipping to change at page 2, line 34 skipping to change at page 2, line 34
9. References . . . . . . . . . . . . . . . . . . . . . . . . . 11 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 11
9.1. Normative References . . . . . . . . . . . . . . . . . . 11 9.1. Normative References . . . . . . . . . . . . . . . . . . 11
9.2. Informative References . . . . . . . . . . . . . . . . . 12 9.2. Informative References . . . . . . . . . . . . . . . . . 12
Appendix A. ASN.1 module . . . . . . . . . . . . . . . . . . . . 13 Appendix A. ASN.1 module . . . . . . . . . . . . . . . . . . . . 13
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 17 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 17
1. Change Log 1. Change Log
[ EDNOTE: Remove this section before publication. ] [ EDNOTE: Remove this section before publication. ]
o draft-ietf-lamps-pkix-shake-15:
* Minor editorial nits.
o draft-ietf-lamps-pkix-shake-14: o draft-ietf-lamps-pkix-shake-14:
* Fixing error with incorrect preimage resistance bits for SHA128 * Fixing error with incorrect preimage resistance bits for SHA128
and SHA256. and SHA256.
o draft-ietf-lamps-pkix-shake-13: o draft-ietf-lamps-pkix-shake-13:
* Addressing one applicable comment from Dan M. about sec levels * Addressing one applicable comment from Dan M. about sec levels
while in secdir review of draft-ietf-lamps-cms-shakes. while in secdir review of draft-ietf-lamps-cms-shakes.
skipping to change at page 10, line 43 skipping to change at page 10, line 43
documents can be used as guides to choose appropriate key sizes for documents can be used as guides to choose appropriate key sizes for
various security scenarios. various security scenarios.
SHAKE128 with output length of 256-bits offers 128-bits of collision SHAKE128 with output length of 256-bits offers 128-bits of collision
and preimage resistance. Thus, SHAKE128 OIDs in this specification and preimage resistance. Thus, SHAKE128 OIDs in this specification
are RECOMMENDED with 2048 (112-bit security) or 3072-bit (128-bit are RECOMMENDED with 2048 (112-bit security) or 3072-bit (128-bit
security) RSA modulus or curves with group order of 256-bits (128-bit security) RSA modulus or curves with group order of 256-bits (128-bit
security). SHAKE256 with 512-bits output length offers 256-bits of security). SHAKE256 with 512-bits output length offers 256-bits of
collision and preimage resistance. Thus, the SHAKE256 OIDs in this collision and preimage resistance. Thus, the SHAKE256 OIDs in this
specification are RECOMMENDED with 4096-bit RSA modulus or higher or specification are RECOMMENDED with 4096-bit RSA modulus or higher or
curves with group order of 521-bits (256-bit security) or higher. curves with group order of at least 521-bits (256-bit security).
Note that we recommended 4096-bit RSA because we would need 15360-bit Note that we recommended 4096-bit RSA because we would need 15360-bit
modulus for 256-bits of security which is impractical for today's modulus for 256-bits of security which is impractical for today's
technology. technology.
8. Acknowledgements 8. Acknowledgements
We would like to thank Sean Turner, Jim Schaad and Eric Rescorla for We would like to thank Sean Turner, Jim Schaad and Eric Rescorla for
their valuable contributions to this document. their valuable contributions to this document.
The authors would like to thank Russ Housley for his guidance and The authors would like to thank Russ Housley for his guidance and
 End of changes. 3 change blocks. 
2 lines changed or deleted 6 lines changed or added

This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/