[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [pkcs11] Proposal: CKM_DSA_FIPS_186_4
Oscar, Thanks for picking up the FIPS 186-4 update. Definitely worth while considering this for the most recent update, as it appears that 186-3 has come and gone since PKCS #11 2.20 without any P11 doc updates. The previous versions of P11 referred to FIPS 186-2 throughout the document. It was the definition of DSA (Section 4 of v2.20 spec), the basis for CKM_DSA, (Section 12.2.7), and CKM_DSA_SHA1 (Section 12.2.8). So, we are in the current situation where the proposed OASIS spec references 186-2 for DSA mechanisms (only), and has no updated references for 186-3, or now 186-4. So it seems that the FIPS 186-4 release needs a bit more careful consideration for specification update rather than adding a new mechanisms. Specifically, how DSA itself is defined, whether or not the previous CKM_DSA*** mechanisms are compatible with 186-4, and how to handle it if they are not. My recommendation is as follows: 1) Update the DSA definition/reference to correspond to FIPS 186-4 2) Investigate the difference between how 186-2 and 186-4 defines and describes the DSA mechanisms. 3) For those mechanisms which are compatible, update the mechanism/parameter descriptions to indicate the versions of specification compatibility, (e.g. "based on the Digital Signature Algorithm defined in FIPS PUB 186-2 through FIPS PUB 186-4." -- or similar). 4) For those mechanisms which are NOT compatible, then we have to consider defining the legacy mechanisms as compatible with a specific version only, and then introduce new mechanism enumerations which match the latest specification. By the by, FIPS 186-4 consists of primarily editorial and clarification updates so is largely (e.g. functionally) compatible with FIPS 186-3, for what it's worth. I will respond with my analysis corresponding to #2 above, but would still like a second set of eyes on it to corroborate. Thanks, Bob P.S. Your recommendation limits the magnitude of 'p' to 1024 bits, but FIPS 186-3/4 allow 'p' to be 1024, 2048, or 3072 -- it might also be important to note that the magnitude of 'N' (magnitude of q, x, and k -- the length of the input hash) can be 160, 224, or 256 -- so if we're thinking of having any sort of profile describing FIPS 186 compatibility, we should consider both the magnitude of 'p', as well as 'N'. P.P.S. I happened to notice we're in the same situation for the SHA standard, FIPS 180-4 which replaced FIPS 180-3 -- and sometime in the near future will be replaced with FIPS 180-5 to cover SHA3 mechanisms. Although, I suspect these should be easier to handle given they are directly compatible. > -----Original Message----- > From: pkcs11@lists.oasis-open.org [mailto:pkcs11@lists.oasis-open.org] On > Behalf Of Oscar K So Jr. > Sent: Wednesday, July 31, 2013 5:14 PM > To: pkcs11@lists.oasis-open.org > Subject: [pkcs11] Proposal: CKM_DSA_FIPS_186_4 > > Proposal: CKM_DSA_FIPS_186_4 > > FIPS-186-4 algorithms: > http://www.ofr.gov/OFRUpload/OFRData/2013-17396_PI.pdf > > This mechanism is equivalent to: CKM_DSA > > -- > > Best, > Oscar
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]