[cabfpub] Updated Agenda for F2F Meeting 33

Håvard Molland haavardm at opera.com
Mon Sep 15 08:08:52 MST 2014 

On 15. sep. 2014 15:51, Erwann Abalea wrote:
> Le 15/09/2014 13:16, Håvard Molland a écrit :
>> On 15. sep. 2014 11:15, Erwann Abalea wrote:
>>> It would be hard to discuss about SM2/SM3 at CABForum level when 
>>> there's so few analysis and publications of these algorithms.
>>>
>>> SM2 seems to be a set of asymetric cryptographic primitives working 
>>> on ECC, providing signature, key exchange, and encipherment 
>>> functions; respectively similar to ECDSA, ECDH, and maybe ECIES?. 
>>> There's also a new 256bits prime curve.
>>> SM3 is a hash function, MD design, similar to SHA256 with a few 
>>> modifications.
>>>
>>> What could be discussed at CABF level:
>>>  - adoption of the new curve, can it be used with ECDSA to sign 
>>> certificates/CRLs/OCSP? (then we should also talk about Brainpool 
>>> family, ANSSI FRP256v1, Curve25519, and others)
>>>  - adoption of SM3 in signatures, with ECDSA? That's a more 
>>> difficult question, we don't already agree on what to do with SHA1, 
>>> there's little to no analysis of SM3. The team behind SM3 include 
>>> some people involved in the end of MD4/MD5/RIPEMD in 2004/2005, I 
>>> guess they know what they're doing, but the algo still needs to be 
>>> challenged. If we talk about SM3, we might as well talk about GOST 
>>> R34.11-94, GOST R34.11-2012, and maybe a lot of others...
>>>  - adoption of SM2 in signature mode (SM2 part 2)? On which curve, 
>>> with which hash algorithm? An even more difficult question; there's 
>>> more info about EC-Schnorr or EdDSA than there's about SM2. Again, 
>>> other algorithms such as GOST R34.10-2001 or GOST R34.10-2012 might 
>>> as well be discussed, and maybe ECKCDSA (Korean) or ECGDSA (German)
>>
>> Any new algorithm should offer improvements on the existing 
>> algorithms, such as improved security, new security features or 
>> speed. I'm not sure we should add new algorithms simply for the sake 
>> of being alternatives.
>
> I agree, that's what SHOULD drive the inclusion of algorithms or 
> parameters. Based on that, the CABF SHOULD NOT discuss about approval 
> of these new things (not yet) 
>
> Others MAY think differently, such as Russia, where GOST-approved 
> algorithms are mandatory
You mean it's mandatory for servers to offer GOST? Surely they can't 
demand browser support?

> . And we DO see GOST-approved hash algorithms used in OCSP requests 
> (to produce the issuerNameHash and issuerKeyHash). Now.
>
> What if China mandates the use of their own algorithms?
If every regime wants their own ciphers, it will be impossible to 
manage. Instead of adding a new cipher suit per country/regime, the list 
should consist of relatively few ciphers everyone could agree on. 
Hopefully the current ciphers would be such a list, although it might be 
a bit US centric.  This discussion is a bit to big for CA/B forum alone 
though.


>
> -- 
> Erwann ABALEA
>
>
>
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public


-- 
---
Opera Software

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/public/attachments/20140915/80dc4646/attachment.html

More information about the Public mailing list