IANA has already assigned the value 0x0708 with the name "sm2sig_sm3" to the "TLS SignatureScheme" registry and value 41 with the name "curveSM2" to the "TLS Supported Groups" registry according to RFC8998(https://www.rfc-editor.org/rfc/rfc8998.html#name-iana-considerations).these two both use SM2 as digital signature algorithm.
and In RFC8998, there is some references in (<https://www.rfc-editor.org/rfc/rfc8998.html#name-informative-references>https://www.rfc-editor.org/rfc/rfc8998.html#name-normative-references) like SM2 English language version(ISO-SM2).and in https://www.rfc-editor.org/rfc/rfc8998.html#name-informative-references,there are some documents referenced to Chinese Cryptography Standardization Technical Committee document like GM/T.0009-2012 which are Chinese language specifications. as above described, there is already a English language specification as ISO-SM2,IANA allowed Chinese language specifications, CurveSM2 and sm2sig_sm3 had already been registerd in https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml. So I think it's enough to register SM2 Digital Signature Algorithmin in the IANA COSE Algorithms registry. Thanks a lot. ________________________________ 发件人: lgl island-resort.com <[email protected]> 发送时间: 2023年6月29日 1:57:08 收件人: Roman Danyliw 抄送: Russ Housley; 张志磊; [email protected] 主题: Re: [COSE] how to add SM2 Digital Signature Algorithm In addition to Roman’s comments… I don’t think “specification required” registration requires the specification to be published by the IETF. If there’s a English language publication, perhaps by the Chinese Academy of Science, or Chinese language specifications are allowed by IANA, no RFC be needed at all. The IANA registration might be able to reference a Chinese Academy of Science document. Note also that RFC 8391 (HPKE) and such are NOT IETF standards. They are published as informational RFCs. (It seems crypto published by the IETF is information, but protocols that rely on crypto are often standards track). You may prefer to publish SM2 as an Information RFC through the IETF because that brings it some weight and distribution. On the other hand if you want to get this done as fast and easy, maybe the Chinese Academy of Science publish SM2 in English and you do a “specification required” registration with IANA (which doesn’t require and RFC). Roman, maybe confirm that I got this right. LL On Jun 28, 2023, at 7:52 AM, Roman Danyliw <[email protected]<mailto:[email protected]>> wrote: Hi! In my view, there is a bit of nuance to it being a straightforward publication path. To reuse the pattern of the cited examples of RFC5832, 7091, 8032, 8391, and 8554, these cryptographic algorithms are specified by the IRTF or ISE stream, not the IETF stream. If I understand draft-shen-sm2-ecdsa correctly, to follow the pattern, it should explore which one of these non-IETF streams to publish on. We typically wouldn’t publish any crypto algorithm in the IETF stream (and it isn’t in-scope for COSE to do so). To the question of what to do with a hypothetical, “very short standards-track RFC that says how to use SM2 with COSE”, that’s one very particular route. The Algorithms registry provides a wide array of options: Integer values from -65536 to -257 Specification Required Integer values between -256 and 255 Standards Action With Expert Review Integer values from 256 to 65535 Specification Required Integer values greater than 65535 Expert Review Using the option of “very short standards-track RFC that says how to use SM2 with COSE”, could meet the bar for an “Integer values between -256 and 255”, but it couldn’t be done in the COSE WG unless CFRG publishes draft-shen-sm2-ecdsa or there is a re-chater. Per the charter: ==[ snip ]== The WG will evaluate, and potentially adopt, documents dealing with algorithms that would fit the criteria of being IETF consensus algorithms. Potential candidates would include those algorithms that have been evaluated by the CFRG and algorithms which have gone through a public review and evaluation process such as was done for the NIST SHA-3 algorithms. Potential candidates would not include national-standards-based algorithms that have not gone through a similar public review process. ==[ snip ]== If shopped to another WG, it would need to surmount the same challenges of the IETF conducting a security analysis of a national crypto algorithm. If published in another stream, this would meet the “Specification Required” bar. Roman From: COSE <[email protected]<mailto:[email protected]>> On Behalf Of Russ Housley Sent: Wednesday, June 28, 2023 10:02 AM To: 张志磊 <[email protected]<mailto:[email protected]>> Cc: [email protected]<mailto:[email protected]> Subject: Re: [COSE] how to add SM2 Digital Signature Algorithm It would seem very straightforward to progress draft-shen-sm2-ecdsa as an Information RFC, and then write a very short standards-track RFC that says how to use SM2 with COSE. It would look similar to RFC 8778. Russ P.S. I encourage you to also write a short standards-track RFC about the use of SM2 with PKIX. It would look similar to RFC 8410. I encourage you to also write a short standards-track RFC about the use of SM2 with CMS. It would look similar to RFC 8708. On Jun 28, 2023, at 9:00 AM, 张志磊 <[email protected]<mailto:[email protected]>> wrote: Thanks for your reply. There is already a draft(https://datatracker.ietf.org/doc/html/draft-shen-sm2-ecdsa-02) explains the algorithm. and some crypto project like linux kernel、openssl、libgcrpt have implemented SM2 Digital Signature Algorithm. IANA has assigned the value 0x0708 with the name "sm2sig_sm3" to the "TLS SignatureScheme" registry and IANA has assigned the value 41 with the name "curveSM2" to the "TLS Supported Groups" registry according to RFC8998 (https://www.rfc-editor.org/rfc/rfc8998.html#name-iana-considerations). Is it enough to register SM2 Digital Signature Algorithm? hope for your reply. Thanks a lot. ________________________________ 发件人: Russ Housley <[email protected]<mailto:[email protected]>> 发送时间: 2023年6月28日 20:39:38 收件人: 张志磊 抄送: [email protected]<mailto:[email protected]> 主题: Re: [COSE] how to add SM2 Digital Signature Algorithm I support the registration of the SM2 Digital Signature Algorithm. It would be very helpful to implementers if there was an Information RFC that explains the algorithm. This has been done for mny other signature algorithms: RFC 2437 - PKCS #1: RSA Cryptography Specifications (Version 2.0). RFC 3447 - PKCS #1: RSA Cryptography Specifications (Version 2.1). RFC 5832 - GOST R 34.10-2001 Digital Signature Algorithm. RFC 7091 - GOST R 34.10-2012 Digital Signature Algorithm. RFC 8017 - PKCS #1: RSA Cryptography Specifications (Version 2.2). RFC 8032 - Edwards-Curve Digital Signature Algorithm (EdDSA). RFC 8391 - XMSS: eXtended Merkle Signature Scheme. RFC 8554 - Leighton-Micali Hash-Based Signatures. Russ On Jun 28, 2023, at 5:28 AM, 张志磊 <[email protected]<mailto:[email protected]>> wrote: as discussed in https://github.com/w3c/webauthn/issues/1783 ,If we want to support SM2 in webauthn,we should register SM2 Digital Signature Algorithm in the IANA COSE Algorithms registry first. please help me to find any way to register SM2 Digital Signature Algorithmin in the IANA COSE Algorithms registry. Thanks a lot. _______________________________________________ COSE mailing list [email protected]<mailto:[email protected]> https://www.ietf.org/mailman/listinfo/cose
_______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
