<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">On 15. sep. 2014 11:15, Erwann Abalea
wrote:<br>
</div>
<blockquote cite="mid:5416AE20.4070105@opentrust.com" type="cite">
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
<div class="moz-cite-prefix">It would be hard to discuss about
SM2/SM3 at CABForum level when there's so few analysis and
publications of these algorithms.<br>
<br>
SM2 seems to be a set of asymetric cryptographic primitives
working on ECC, providing signature, key exchange, and
encipherment functions; respectively similar to ECDSA, ECDH, and
maybe ECIES?. There's also a new 256bits prime curve.<br>
SM3 is a hash function, MD design, similar to SHA256 with a few
modifications.<br>
<br>
What could be discussed at CABF level:<br>
- adoption of the new curve, can it be used with ECDSA to sign
certificates/CRLs/OCSP? (then we should also talk about
Brainpool family, ANSSI FRP256v1, Curve25519, and others)<br>
- adoption of SM3 in signatures, with ECDSA? That's a more
difficult question, we don't already agree on what to do with
SHA1, there's little to no analysis of SM3. The team behind SM3
include some people involved in the end of MD4/MD5/RIPEMD in
2004/2005, I guess they know what they're doing, but the algo
still needs to be challenged. If we talk about SM3, we might as
well talk about GOST R34.11-94, GOST R34.11-2012, and maybe a
lot of others...<br>
- adoption of SM2 in signature mode (SM2 part 2)? On which
curve, with which hash algorithm? An even more difficult
question; there's more info about EC-Schnorr or EdDSA than
there's about SM2. Again, other algorithms such as GOST
R34.10-2001 or GOST R34.10-2012 might as well be discussed, and
maybe ECKCDSA (Korean) or ECGDSA (German)<br>
</div>
</blockquote>
<br>
Any new algorithm should offer improvements on the existing
algorithms, such as improved security, new security features or
speed. I'm not sure we should add new algorithms simply for the sake
of being alternatives.<br>
<br>
Håvard<br>
<br>
<br>
<blockquote cite="mid:5416AE20.4070105@opentrust.com" type="cite">
<div class="moz-cite-prefix"> <br>
Before their eventual adoptions, all these algorithms need to
described in english, challenged, correctly parameterized
(unlike the GOST-* things), and identified (OIDs). Adoption is
far away in this process.<br>
<br>
Looking for OIDs led me to <a moz-do-not-send="true"
class="moz-txt-link-freetext"
href="http://wenku.baidu.com/view/12cb9bc608a1284ac8504318.html">http://wenku.baidu.com/view/12cb9bc608a1284ac8504318.html</a><br>
Do really someone in China use 1.2.156.197.1.310 for RSA, or
1.2.156.197.1.411 for SHA256?<br>
<br>
<pre class="moz-signature" cols="72">--
Erwann ABALEA
</pre>
Le 12/09/2014 11:41, Richard@WoSign a écrit :<br>
</div>
<blockquote
cite="mid:84AFFBBCB7046F44B89AAD7AC09C4A061530E480@ex2.corp.wosign.com"
type="cite">
<pre wrap="">Yes, this is my topic that SM2 is a China standard algorithm and plan to adapt
in China. It is kind of asymmetric cryptographic algorithm which is based on
elliptic curves cryptography (ECC).
I sent email to Ben that maybe we need to cancel this topic since I can't find
a SM2 specialist to make the speech in the meeting in English. If someone
still have interesting, I can talk some, a little.
And I wish Firefox can support this algorithm that we can do the coding work
for NSS, we can talk about this privately.
Best Regards,
Richard
-----Original Message-----
From: <a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:public-bounces@cabforum.org">public-bounces@cabforum.org</a> [<a moz-do-not-send="true" class="moz-txt-link-freetext" href="mailto:public-bounces@cabforum.org">mailto:public-bounces@cabforum.org</a>] On
Behalf Of Gervase Markham
Sent: Friday, September 12, 2014 5:33 PM
To: Ben Wilson; CABFPub
Subject: Re: [cabfpub] Updated Agenda for F2F Meeting 33
On 11/09/14 20:41, Ben Wilson wrote:
</pre>
<blockquote type="cite">
<pre wrap="">Here is the updated agenda. Please let me know if you have any
corrections that need to be made.
</pre>
</blockquote>
<pre wrap="">Can someone explain the "Discussion of SM2 Algorithm" item? What are we
discussing about it? Its technical features and security properties?
When and if browsers and other clients are going to support it? Or something
else?
Gerv
_______________________________________________
Public mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:Public@cabforum.org">Public@cabforum.org</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="https://cabforum.org/mailman/listinfo/public">https://cabforum.org/mailman/listinfo/public</a>
</pre>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Public mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:Public@cabforum.org">Public@cabforum.org</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="https://cabforum.org/mailman/listinfo/public">https://cabforum.org/mailman/listinfo/public</a>
</pre>
</blockquote>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Public mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Public@cabforum.org">Public@cabforum.org</a>
<a class="moz-txt-link-freetext" href="https://cabforum.org/mailman/listinfo/public">https://cabforum.org/mailman/listinfo/public</a>
</pre>
</blockquote>
<br>
<br>
<pre class="moz-signature" cols="72">--
---
Opera Software</pre>
</body>
</html>