I am not sure that I completely agree with that. First adding SHAKE other than as a hash function would mean that this is not a standalone hash algorithm document. Second, I am not sure at this point of all of the different varieties and locations where SHAKE should be added.
Hash Functions: Do we have just the two versions or do we have a truncated 64-bit version as well. Not sure about where the variant that had a small b would fall in here, but for now it might just be ignored. Signature Algorithms: At this point I don't know if there would need to be any RSA versions or not. Not sure what to say about DH versions. ECDSA maybe makes some sense. Message Authentication Algorithms: Do we put in a KMAC here or not? Key Derivation Functions: Do we just do HMAC with a KMAC drop in here or does NIST have a different recommended way to do KDF with SHAKE functions? We should definitely be able to get rid of HMAC when doing this as SHAKE already has length extension attacks solved. Key Agreement Functions: Since you need to have a combined key agreement algorithm and KDF for COSE, how many of these are we going to define. Encryption and Key Wrap algorithms: I sorta hope that this can be avoided for now, but I know that there are some AEAD algorithms which are built using Keccak as an underlying primitive and I am not personally ready to try and figure out how it works, but it is something that might need to be discussed here (and in CFRG). Given that the object is to get the hash algorithm assignments done for the SUIT developers, I am not sure that doing this work in this document makes sense. I will also note that the CMS work in LAMPS and CURDLE ignored the issues of new KDFs w/ SHAKE entirely so that maybe groundbreaking work here. Jim > -----Original Message----- > From: Russ Housley <[email protected]> > Sent: Tuesday, February 26, 2019 7:04 AM > To: Jim Schaad <[email protected]> > Cc: cose <[email protected]> > Subject: Re: [COSE] Call for Consensus: Standalone Hash Algorithms > Document > > Jim: > > It would probably be easy to add SHAKE now. The equivalent document for > CMS is draft-ietf-lamps-cms-shakes. > > Russ > > > > On Feb 25, 2019, at 7:38 PM, Jim Schaad <[email protected]> wrote: > > > > A version of what this document would look like can be found here > > https://tools.ietf.org/html/draft-schaad-cose-hash-algs-01 > > > > Jim > > > > > >> -----Original Message----- > >> From: COSE <[email protected]> On Behalf Of Matthew A. Miller > >> Sent: Monday, February 25, 2019 4:16 PM > >> To: cose <[email protected]> > >> Subject: [COSE] Call for Consensus: Standalone Hash Algorithms > >> Document > >> > >> This messages starts a call for consensus to separate the COSE hash > >> algorithms into a separate document, ending on 2018-03-10. > >> > >> In the virtual interim on 02-15, it was proposed to separate them > >> from draft- ietf-cose-x509, to allow the hash algorithm registrations > >> to stabilize more quickly than the rest of the X.509 draft. If the > >> working group agrees with separating the algorithms, then a document > >> will be published that consists of Section 4 (Hash Algorithm > >> Identifiers) and Section 5.3 (COSE Algorithm > >> Registry) from draft-ietf-cose-x509. > >> > >> Please respond with whether or not you support separating the hash > >> algorithms into a separate document. If you do not support this, > >> please indicate why not. > >> > >> > >> - Ivaylo and Matthew > >> COSE Chairs > > > > > > _______________________________________________ > > COSE mailing list > > [email protected] > > https://www.ietf.org/mailman/listinfo/cose _______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
