RE: [pkcs11] Groups - Add descriptions for ECDSA SHA2 and SHA3 mechanism

All,

Browsing through the items for PKCS#11 V3.00, I missed any follow-up on Bob’s proposal for ECDSA-SHA mechanisms, and Daniel’s comments to this proposal. Looking at meeting minutes,

· Item #16 was on the agenda for the meeting May 10: “provide proposal for the proposed documentation content for header file items noted (Bob R)”

· Item #16 was on the agenda for the meeting May 24: “decided on option 3 to write more text”

· Bob provided a proposal on May 25

· Daniel commented on May 30

· And since the meeting of June 7, it has not anymore been on the agenda, nor have there been any further comments to Bob’s proposal or Daniel’s feedback

Or did I miss anything? If not, can we please bring item #16 back onto the agenda for the next meeting, and have additional comments (if any) by then?

My comments:

· Change CKM_ECDSA_SHA223 to CKM_ECDSA_SHA224 on page 2, last line

· Change CKM_ECDSA_SHA3_244 to CKM_ECDSA_SHA3_224 on page 3, line 4

· I support Daniel’s proposal to “compress” the many new sections into a single section.

Thanks,

Dieter

From: pkcs11@lists.oasis-open.org [mailto:pkcs11@lists.oasis-open.org] On Behalf Of Daniel Minder
Sent: Dienstag, 30. Mai 2017 11:48
To: Robert Relyea <rrelyea@redhat.com>; pkcs11@lists.oasis-open.org
Subject: RE: [pkcs11] Groups - Add descriptions for ECDSA SHA2 and SHA3 mechanisms. uploaded

Bob, all,

Last mail from myself for today…

In my opinion, the proposal is a bit chatty. Is it necessary to describe all 9 SHA mechanisms in separate sections although the text is always the same – except for the name of the mechanism? The current standard is not consistent here: For example, PKCS #1 RSA PSS signatures (sect. 2.1.17) does it in one section, DSA (sect. 2.2.12, 2.2.14 – 2.2.17) uses several sections.

So, similar to PKCS #1 RSA PSS, the following could be added to the “ECDSA with SHA-1” section (which needs to be renamed then) after the first paragraph:

“The ECDSA with SHA-224, SHA-256, SHA-384, SHA-512, SHA3-224, SHA3-256, SHA3-384, and SHA3-512 mechanisms denoted CKM_ECDSA_SHA224, CKM_ECDSA_SHA256, CKM_ECDSA_SHA384, CKM_ECDSA_SHA512, CKM_ECDSA_SHA3_224, CKM_ECDSA_SHA3_256, CKM_ECDSA_SHA3_384, and CKM_ECDSA_SHA3_512 respectively, perform the same operations using the SHA-224, SHA-256, SHA-384, SHA-512, SHA3-224, SHA3-256, SHA3-384, and SHA3-512 hash functions.”

And all other new sections are obsolete.

Best regards,

Daniel

From: pkcs11@lists.oasis-open.org [mailto:pkcs11@lists.oasis-open.org] On Behalf Of Robert Relyea
Sent: Donnerstag, 25. Mai 2017 00:49
To: pkcs11@lists.oasis-open.org
Subject: [pkcs11] Groups - Add descriptions for ECDSA SHA2 and SHA3 mechanisms. uploaded

Submitter's message
Here's the text to resolve issue #16.
-- Mr. Robert Relyea

Document Name: Add descriptions for ECDSA SHA2 and SHA3 mechanisms.

Description
Issue #16

Definitions of CKM_ECDSA_SHA224, CKM_ECDSA_SHA256, CKM_ECDSA_SHA384 and
CKM_ECDSA_SHA512 are completely new in v2.40e1 headers.
They were not present in any older version and currently are not described
in the docs.
This may be a leftover from v2.30 headers (see #2).

This is still an issue.
Option 1: remove CKM_ECDSA_SHA224, CKM_ECDSA_SHA256, CKM_ECDSA_SHA384 and
CKM_ECDSA_SHA512 from the header.
Option 2: Add definitions in the document for these mechanism.
Option 3: Option 2 plus add definitions for the SHA3 equivalents.
Recommendation: Option 3
Download Latest Revision
Public Download Link

Submitter: Mr. Robert Relyea
Group: OASIS PKCS 11 TC
Folder: Working Drafts
Date submitted: 2017-05-24 15:48:11

Utimaco IS GmbH
Germanusstr. 4, D.52080 Aachen, Germany, Tel: +49-241-1696-0, www.utimaco.com
Seat: Aachen – Registergericht Aachen HRB 18922
VAT ID No.: DE 815 496 496
Managementboard: Malte Pollmann (Chairman) CEO, Dr. Frank J. Nellissen CFO

This communication is confidential. We only send and receive email on the basis of the terms set out at https://www.utimaco.com/en/e-mail-disclaimer/

pkcs11 message