[cabfpub] Updated Agenda for F2F Meeting 33
erwann.abalea at opentrust.com
Mon Sep 15 06:51:32 MST 2014
Le 15/09/2014 13:16, Håvard Molland a écrit :
> On 15. sep. 2014 11:15, Erwann Abalea wrote:
>> It would be hard to discuss about SM2/SM3 at CABForum level when
>> there's so few analysis and publications of these algorithms.
>> SM2 seems to be a set of asymetric cryptographic primitives working
>> on ECC, providing signature, key exchange, and encipherment
>> functions; respectively similar to ECDSA, ECDH, and maybe ECIES?.
>> There's also a new 256bits prime curve.
>> SM3 is a hash function, MD design, similar to SHA256 with a few
>> What could be discussed at CABF level:
>> - adoption of the new curve, can it be used with ECDSA to sign
>> certificates/CRLs/OCSP? (then we should also talk about Brainpool
>> family, ANSSI FRP256v1, Curve25519, and others)
>> - adoption of SM3 in signatures, with ECDSA? That's a more difficult
>> question, we don't already agree on what to do with SHA1, there's
>> little to no analysis of SM3. The team behind SM3 include some people
>> involved in the end of MD4/MD5/RIPEMD in 2004/2005, I guess they know
>> what they're doing, but the algo still needs to be challenged. If we
>> talk about SM3, we might as well talk about GOST R34.11-94, GOST
>> R34.11-2012, and maybe a lot of others...
>> - adoption of SM2 in signature mode (SM2 part 2)? On which curve,
>> with which hash algorithm? An even more difficult question; there's
>> more info about EC-Schnorr or EdDSA than there's about SM2. Again,
>> other algorithms such as GOST R34.10-2001 or GOST R34.10-2012 might
>> as well be discussed, and maybe ECKCDSA (Korean) or ECGDSA (German)
> Any new algorithm should offer improvements on the existing
> algorithms, such as improved security, new security features or speed.
> I'm not sure we should add new algorithms simply for the sake of being
I agree, that's what SHOULD drive the inclusion of algorithms or
parameters. Based on that, the CABF SHOULD NOT discuss about approval of
these new things (not yet).
Others MAY think differently, such as Russia, where GOST-approved
algorithms are mandatory. And we DO see GOST-approved hash algorithms
used in OCSP requests (to produce the issuerNameHash and issuerKeyHash).
What if China mandates the use of their own algorithms?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Public