OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

pkcs11 message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [pkcs11] Agenda Item: TLS mechanisms for ECDH-type cipher suites

On 09/10/2014 01:52 PM, Dina Kurktchi wrote:
Hi all,

I'd like to request an agenda item for the next meeting
to discuss adding some new mechanisms in support of other
cipher suites beyond simply 'original' and 'DH' types,
for example:

We're seeing some confusion in consumers of our PKCS#11
implementation about which to use for ECDH type cipher

It looks like some have chosen the 'original' to derive
master keys because of the "fixed-length" phrase in
PKCS#11 description.  Then others have chosen the 'DH'
type because ECDH is DH-ish, if you will.  In those cases,
we have run afoul of a strip-leading-zeroes problem in
some implementations of DH.

The inclination is to create a new family of TLS mechanisms
specifically for ECDH, to avoid the guessing, such as:
No, We shouldn't do that. CKM_TLS_MASTER_KEY_DERIVE_DH was created because of differing interpretations about what it means to derive a DH key.

Unforunately the same issue was mirrored in ECDH implementations. A CKM_TLS_MASTER_KEY_DERIVE_ECDH would be identical to CKM_TLS_MASTER_KEY_DERIVE_DH. You can verify this by checking interoperability against openssl or Microsoft.

In an ideal world there would only be one. We probably should be more specific in the spec.

I'd like solicit the group's thoughts on this.  Please
feel free to reply and share your opinions.  We can
discuss at next meeting possibly.


To unsubscribe from this mail list, you must leave the OASIS TC that generates this mail. Follow this link to all your TCs in OASIS at:

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]