Re: [pkcs11] Proposal: CKM_SHA512_224, CKM_SHA512_256, CKM_SHA512_T

[Michael StJohns <msj@nthpermutation.com>]

I took a look at this.  I don't have a problem with the general addition of SHA512/224 and SHA512/256 to the pot, but I think I'm still not happy (as previously discussed) with adding a set of mechanism types that does nothing but truncate the result of the other mechanisms.

I note also that this proposal has new key types CKK_SHA512_224_HMAC et al - I think I agree with this, but did we actually agree to do these changes with 2.40?  (E.g. adding mechanism specific typing for keys?)  I was under the impression that it was a substantial enough change that affected a lot of things that it was deferred to 3.0.

If this goes to ballot for 2.40, I'd like it to be a split ballot with yes/no for the two different groups of mechanisms. 

I'm not sure what to do about the new CKK_ stuff.

Mike


On 8/2/2013 7:12 PM, Dina Kurktchi wrote:

Proposal: CKM_SHA512_224, CKM_SHA512_256, CKM_SHA512_T


Addition of new hash algorithms defined in FIPS 180-4:
SHA-512/224, SHA-512/256, and general case SHA-512/t.

FIPS PUB 180-4, "Secure Hash Standard (SHS)", March 2012
http://www.nist.gov/manuscript-publication-search.cfm?pub_id=910977


The text attached can be inserted immediately after what
is now section 2.21 in "PKCS #11 Cryptographic Token
Interface Current Mechanisms Specification Version 2.40".
The general case SHA-512/t is included for completeness.

This proposal is independent of Robert Burns' "Proposal:
Update references to FIPS PUB 180".  The two ought to be
complementary though.


Thanks,
D.

---------------------------------------------------------------------
To unsubscribe from this mail list, you must leave the OASIS TC that 
generates this mail.  Follow this link to all your TCs in OASIS at:
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php