| draft-ietf-lamps-pkix-shake-14.txt | draft-ietf-lamps-pkix-shake-15.txt | |||
|---|---|---|---|---|
| LAMPS WG P. Kampanakis | LAMPS WG P. Kampanakis | |||
| Internet-Draft Cisco Systems | Internet-Draft Cisco Systems | |||
| Updates: 3279 (if approved) Q. Dang | Updates: 3279 (if approved) Q. Dang | |||
| Intended status: Standards Track NIST | Intended status: Standards Track NIST | |||
| Expires: January 22, 2020 July 21, 2019 | Expires: January 22, 2020 July 21, 2019 | |||
| Internet X.509 Public Key Infrastructure: Additional Algorithm | Internet X.509 Public Key Infrastructure: Additional Algorithm | |||
| Identifiers for RSASSA-PSS and ECDSA using SHAKEs | Identifiers for RSASSA-PSS and ECDSA using SHAKEs | |||
| draft-ietf-lamps-pkix-shake-14 | draft-ietf-lamps-pkix-shake-15 | |||
| Abstract | Abstract | |||
| Digital signatures are used to sign messages, X.509 certificates and | Digital signatures are used to sign messages, X.509 certificates and | |||
| CRLs. This document updates the "Algorithms and Identifiers for the | CRLs. This document updates the "Algorithms and Identifiers for the | |||
| Internet X.509 Public Key Infrastructure Certificate and Certificate | Internet X.509 Public Key Infrastructure Certificate and Certificate | |||
| Revocation List Profile" (RFC3279) and describes the conventions for | Revocation List Profile" (RFC3279) and describes the conventions for | |||
| using the SHAKE function family in Internet X.509 certificates and | using the SHAKE function family in Internet X.509 certificates and | |||
| revocation lists as one-way hash functions with the RSA Probabilistic | revocation lists as one-way hash functions with the RSA Probabilistic | |||
| signature and ECDSA signature algorithms. The conventions for the | signature and ECDSA signature algorithms. The conventions for the | |||
| skipping to change at page 2, line 34 ¶ | skipping to change at page 2, line 34 ¶ | |||
| 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 11 | 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 11 | |||
| 9.1. Normative References . . . . . . . . . . . . . . . . . . 11 | 9.1. Normative References . . . . . . . . . . . . . . . . . . 11 | |||
| 9.2. Informative References . . . . . . . . . . . . . . . . . 12 | 9.2. Informative References . . . . . . . . . . . . . . . . . 12 | |||
| Appendix A. ASN.1 module . . . . . . . . . . . . . . . . . . . . 13 | Appendix A. ASN.1 module . . . . . . . . . . . . . . . . . . . . 13 | |||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 17 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 17 | |||
| 1. Change Log | 1. Change Log | |||
| [ EDNOTE: Remove this section before publication. ] | [ EDNOTE: Remove this section before publication. ] | |||
| o draft-ietf-lamps-pkix-shake-15: | ||||
| * Minor editorial nits. | ||||
| o draft-ietf-lamps-pkix-shake-14: | o draft-ietf-lamps-pkix-shake-14: | |||
| * Fixing error with incorrect preimage resistance bits for SHA128 | * Fixing error with incorrect preimage resistance bits for SHA128 | |||
| and SHA256. | and SHA256. | |||
| o draft-ietf-lamps-pkix-shake-13: | o draft-ietf-lamps-pkix-shake-13: | |||
| * Addressing one applicable comment from Dan M. about sec levels | * Addressing one applicable comment from Dan M. about sec levels | |||
| while in secdir review of draft-ietf-lamps-cms-shakes. | while in secdir review of draft-ietf-lamps-cms-shakes. | |||
| skipping to change at page 10, line 43 ¶ | skipping to change at page 10, line 43 ¶ | |||
| documents can be used as guides to choose appropriate key sizes for | documents can be used as guides to choose appropriate key sizes for | |||
| various security scenarios. | various security scenarios. | |||
| SHAKE128 with output length of 256-bits offers 128-bits of collision | SHAKE128 with output length of 256-bits offers 128-bits of collision | |||
| and preimage resistance. Thus, SHAKE128 OIDs in this specification | and preimage resistance. Thus, SHAKE128 OIDs in this specification | |||
| are RECOMMENDED with 2048 (112-bit security) or 3072-bit (128-bit | are RECOMMENDED with 2048 (112-bit security) or 3072-bit (128-bit | |||
| security) RSA modulus or curves with group order of 256-bits (128-bit | security) RSA modulus or curves with group order of 256-bits (128-bit | |||
| security). SHAKE256 with 512-bits output length offers 256-bits of | security). SHAKE256 with 512-bits output length offers 256-bits of | |||
| collision and preimage resistance. Thus, the SHAKE256 OIDs in this | collision and preimage resistance. Thus, the SHAKE256 OIDs in this | |||
| specification are RECOMMENDED with 4096-bit RSA modulus or higher or | specification are RECOMMENDED with 4096-bit RSA modulus or higher or | |||
| curves with group order of 521-bits (256-bit security) or higher. | curves with group order of at least 521-bits (256-bit security). | |||
| Note that we recommended 4096-bit RSA because we would need 15360-bit | Note that we recommended 4096-bit RSA because we would need 15360-bit | |||
| modulus for 256-bits of security which is impractical for today's | modulus for 256-bits of security which is impractical for today's | |||
| technology. | technology. | |||
| 8. Acknowledgements | 8. Acknowledgements | |||
| We would like to thank Sean Turner, Jim Schaad and Eric Rescorla for | We would like to thank Sean Turner, Jim Schaad and Eric Rescorla for | |||
| their valuable contributions to this document. | their valuable contributions to this document. | |||
| The authors would like to thank Russ Housley for his guidance and | The authors would like to thank Russ Housley for his guidance and | |||
| End of changes. 3 change blocks. | ||||
| 2 lines changed or deleted | 6 lines changed or added | |||
This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||