[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [pkcs11] Comments from Darren J (repost)
Tony, all, These comments have all been solved since they were about the Edwards/Montgomery curves and we discussed this during the F2F. The result is included in latest base and mech working draft
â see upload mails of March 26 (https://lists.oasis-open.org/archives/pkcs11/201903/msg00014.html
and
https://lists.oasis-open.org/archives/pkcs11/201903/msg00015.html). No comments so far.
What has not been discussed are Darrenâs comments to the
mechanisms specific (upload mail
https://lists.oasis-open.org/archives/pkcs11/201902/msg00001.html). There was a short discussion between Darren and myself (https://lists.oasis-open.org/archives/pkcs11/201902/msg00006.html
and
https://lists.oasis-open.org/archives/pkcs11/201902/msg00007.html) but no TC agreement. Regards, Daniel From: pkcs11@lists.oasis-open.org <pkcs11@lists.oasis-open.org>
On Behalf Of Tony Cox Hi folks, At our last meeting I undertook to re-post the last round of comments from Darren Johnson. Please find them below: 1. Was it intentional not to include CKF_EC_CURVENAME in Table 34? Although we mention this flag later on in the text, it's neither defined in the header files nor used anywhere
else. [DJ] No, I donât think it was intentionally left out. The last three versions of the proposal included CKF_EC_CURVENAME. I think we just missed it
during the editorial phase. 2. RFC 8410 now defines four OIDs for Ed25519, Ed448, X25519 and X448. Note that this not only denotes the curve but also the algorithm. This was a conscious decision (see e.g.
https://mailarchive.ietf.org/arch/msg/curdle/OL3Y4ohwleOukV8CMkE9kgrFPZg). Our WD08 refers to "a curve name as defined in RFC 8032" and gives as example "Edwards25519". (The same holds for Montgomery curves, but no example is given.) Thus, it does not make
the distinction between the different algorithms. Instead, the CKM_EDDSA mechanism gets a parameter that specifies the algorithm. 2a. Shall we keep this approach? 2b. Shall be also allow to use the four OIDs defined in RFC 8410 to identify a curve? Then, the mechanism would be restricted to the "Pure" version and no mechanism parameter is
allowed. These OIDs are more inline with my other proposal where key+params+alg are 3. There is the Extended Triple Diffie-Hellman algorithm working on Montgomery curves, but I'm missing the "normal" ECDH mechanism working on curve25519/curve448 as described in
RFC 7748 section 6. Or shall CKM_ECDH1_DERIVE with KDF_NULL and empty sharedData be used? Or better introduce a new mechanism? [DJ] In the proposal, a small table was added to section 2.3.17 and 2.3.18, which defined the key types supported for CKM_ECDH1_DERIVE and CKM_ECDH1_COFACTOR_DERIVE.
The table listed both CKK_EC and CKK_EC_MONTGOMERY. The intent was that those tables would show that the existing ECDH mechanisms could be used with the Montgomery curves. Maybe we need more information than just the tables? Or a new mechanism as you suggest? Those tables were not added to the working draft. 4. For the non-prehashed EdDSA variants the message needs to be processed twice by the function. Therefore,
they are single-shot and cannot be used with update/final. Shall we mention this explicitly and agree on an error code? [DJ] Is single-part vs multi-part something the spec should be dictating? I know it does today. But for the most part, the question of single-part vs multi-part really comes down to a specific implementations
complexity and resource constraints. Would it make sense to introduce some mechanism flags to let vendors define if each mechanism supports single-part or multi-part (or both) calling conventions?
Best Regards, Utimaco IS GmbH Germanusstr. 4, D.52080 Aachen, Germany, Tel: +49-241-1696-0, www.utimaco.com Seat: Aachen â Registergericht Aachen HRB 18922 VAT ID No.: DE 815 496 496 Managementboard: Stefan Auerbach (Chairman) CEO, Malte Pollmann CSO, Dr. Frank J. Nellissen CFO This communication is confidential. If you are not the intended recipient, any use, interference with, disclosure or copying of this material is unauthorised and prohibited. Please inform us immediately and destroy the email. |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]