[auth48] Re: AUTH48: RFC-to-be 9563 for your review

[Independent Submissions Editor (Eliot Lear) via auth48archive]

Approved.

On 27.11.2024 04:14, Sandy Ginoza wrote:

Hi Authors and Eliot,

Cathy, thank you for your efforts to get the references translated and posted.  
We have updated the references.  Please see the revised files here:
    https://www.rfc-editor.org/authors/rfc9563.xml
    https://www.rfc-editor.org/authors/rfc9563.txt
    https://www.rfc-editor.org/authors/rfc9563.pdf
    https://www.rfc-editor.org/authors/rfc9563.html

Diffs showing the most recent updates only:
    https://www.rfc-editor.org/authors/rfc9563-lastdiff.html
    https://www.rfc-editor.org/authors/rfc9563-lastrfcdiff.html (side by side)

AUTH48 diff:
    https://www.rfc-editor.org/authors/rfc9563-auth48diff.html

Comprehensive diffs:
    https://www.rfc-editor.org/authors/rfc9563-diff.html
    https://www.rfc-editor.org/authors/rfc9563-rfcdiff.html (side by side)

Authors, please review the files above and let us know if any additional 
updates are needed or if you approve the RFC for publication.

Eliot, please let us know when/if this document is ready for publication.

Thank you,
RFC Editor/sg

On Nov 19, 2024, at 4:41 AM, Independent Submissions Editor (Eliot 
Lear)<rfc-...@rfc-editor.org> wrote:

Hi Cathy,

This looks pretty good.  RFC Editor, can you update the AUTH48 document to 
include these URLs?

Eliot

On 18.11.2024 08:54, zhangcuiling wrote:

Hi Sandy and Eliot,

CSTC has uploaded the translated standards, and the links are as follows:

GMT-0003.1
SM2 Public Key Cryptographic Algorithms Based on Elliptic Curves Part 1: General
http://www.gmbz.org.cn/upload/2024-11-18/1731899501687024253.pdf

GMT-0003.2
SM2 Public Key Cryptographic Algorithms Based on Elliptic Curves Part 2: 
Digital Signature Algorithm
http://www.gmbz.org.cn/upload/2024-11-18/1731899583359013934.pdf

GMT-0004
SM3 Cryptographic Hash Algorithm
http://www.gmbz.org.cn/upload/2024-11-18/1731899426565012428.pdf

And [GBT-32918.1-2016], [GBT-32918.2-2016] and [GBT-32905-2016] could be removed from 
"9.1. Normative References" list.

Thanks a lot for your patience.

Best regards,
Cathy

From: Independent Submissions Editor (Eliot Lear)

Date: 2024-10-22 23:15
To: zhangcuiling; Sandy Ginoza
CC: rfc-editor; 刘昱琨; lengfeng; zhaoqi; hezh; Alexis Rossi; auth48archive
Subject: Re: AUTH48: RFC-to-be 9563 <draft-cuiling-dnsop-sm2-alg-15> for your 
review
Thank you, Cathy.  We await your update.



Eliot



On 22.10.2024 11:00, zhangcuiling wrote:

Hi Sandy and Eliot,

I've checked with CSTC about the progress again.
The translated standards need a final confirmation review, which probably will 
be held in two weeks.
The standards will be published onhttp://gmbz.org.cn shortly after the meeting.
I'll submit the links as soon as possible.
Sorry for the long wait and thanks for your patience.

Regards,

Cathy

From: Independent Submissions Editor (Eliot Lear)

Date: 2024-10-22 14:34
To: Sandy Ginoza
CC: zhangcuiling; RFC Editor; 刘昱琨; lengfeng; zhaoqi; hezh; Alexis Rossi; 
auth48archive
Subject: Re: AUTH48: RFC-to-be 9563 <draft-cuiling-dnsop-sm2-alg-15> for your 
review
Hi Sandy,

I am waiting for those references as well.

Eliot

On 22.10.2024 01:13, Sandy Ginoza wrote:

Hi Eliot and Cathy,
We’re checking the status of this document.  Are any updates required?
Cathy, please let us know when and where the referenced translations are 
available.
Thanks,
RFC Editor/sg

On Sep 20, 2024, at 4:05 AM, Independent Submissions Editor (Eliot 
Lear)<rfc-...@rfc-editor.org>
  wrote:
Ok.  Thank you, Cathy.
Sandy, I intend to send a note to SAAG about this draft on Monday.  Please HOLD 
for publication for now but I expect to sign off by later next week.
Regards,
Eliot
On 20.09.2024 12:47, zhangcuiling wrote:

Hi Sandy,
Thanks for your work.
And no objection to the suggestions.
Regards,
Cathy

From: Independent Submissions Editor (Eliot Lear)

Date: 2024-09-20 15:28
To: Sandy Ginoza; zhangcuiling
CC: RFC Editor; 刘昱琨; lengfeng; zhaoqi; hezh; Alexis Rossi; auth48archive
Subject: Re: AUTH48: RFC-to-be 9563 <draft-cuiling-dnsop-sm2-alg-15> for your 
review
Sandy,
Thank you.  Cathy, please respond with your concurrence or proposed edits.
Eliot
On 19.09.2024 23:28, Sandy Ginoza wrote:

Hi all,
We have updated the document as described.  However, we have a couple of 
followup questions.
1) Use of “as well as” makes it sound as though the national standards for 
China and the ISO/IEC standards are different.  We think the intent is to say 
that this specification uses SM cryptographic algorithms, which are national 
standards for China and are used in ISO/IEC standards.  If this is correct, 
please consider the following update:
Current:
    It makes use of cryptographic algorithms that
    are national standards for China, as well as ISO/IEC standards (ISO/
    IEC 14888:3-2018 [ISO-IEC14888-3_2018] and ISO/IEC 10118:3-2018
    [ISO-IEC10118-3_2018]).
Perhaps:
    It makes use of SM cryptographic algorithms, which
    are national standards for China and are used in ISO/IEC standards
    (ISO/IEC 14888:3-2018 [ISO-IEC14888-3_2018] and ISO/IEC 10118:3-2018
    [ISO-IEC10118-3_2018]).
2) With the addition of the following text, we have included an informative 
reference to RFC 6840.  Please let us know if it should be normative instead.
    Many implementations may not support SM2 signatures and SM3 digests.
    Section 5.2 of [RFC6840] specifies handling of answers in such cases.
Diffs of the recent updates only:

https://www.rfc-editor.org/authors/rfc9563-lastdiff.html

https://www.rfc-editor.org/authors/rfc9563-lastrfcdiff.html

Comprehensive diffs:

https://www.rfc-editor.org/authors/rfc9563-diff.html

https://www.rfc-editor.org/authors/rfc9563-rfcdiff.html

AUTH48 diff:

https://www.rfc-editor.org/authors/rfc9563-auth48diff.html

Thanks,
RFC Editor/sg

On Sep 12, 2024, at 2:21 AM, zhangcuiling<zhangcuil...@cnnic.cn>

  wrote:
Hi Eliot,
Thanks for your reminding.
Hi Sandy,
Please kindly add two new paragraphs to Introduction section.

Many implementations may not support SM2 signatures and SM3 digests.  RFC 6840 
Section 5.2 specifies handling of answers in such cases.
Caution: This specification is not a standard and does not have IETF community 
consensus. It makes use of cryptographic algorithms that are national standards 
for China, as well as ISO/IEC standards (ISO/IEC 14888:3-2018 and ISO/IEC 
10118:3-2018). Neither the IETF nor the IRTF has analyzed that algorithm for 
suitability for any given application, and it may contain either intended or 
unintended weaknesses.

Thanks a lot.
Regards,
Cathy
From: Independent Submissions Editor (Eliot Lear)
Date: 2024-09-11 18:01
To: zhangcuiling; Sandy Ginoza
CC: rfc-editor; 刘昱琨; lengfeng; zhaoqi; hezh; Alexis Rossi; auth48archive
Subject: Re: AUTH48: RFC-to-be 9563 <draft-cuiling-dnsop-sm2-alg-15> for your 
review
Actually, Cathy, if we can ask for the assistance of the RFC Editor, they can 
make the changes from here.  Just tell them what you want.
On 11.09.2024 11:01, zhangcuiling wrote:

Hi Eliot,
Thanks for your prompt reply.
I would make the following two modifications in the next version of the draft.
Regards,
Cathy

From: Independent Submissions Editor (Eliot Lear)

Date: 2024-09-11 15:58
To: zhangcuiling; Sandy Ginoza
CC: rfc-editor; 刘昱琨; lengfeng; zhaoqi; hezh; Alexis Rossi; auth48archive
Subject: Re: AUTH48: RFC-to-be 9563 <draft-cuiling-dnsop-sm2-alg-15> for your 
review

Hi Cathy,

On 11.09.2024 08:51, zhangcuiling wrote:
Hi Eliot and Sandy,
About the new comment:
   Many implementations may not support SM2 signatures and digests.  RFC 6840 
Section 5.2 specifies handling of answers in such cases.
The example is pretty clear and it's OK to add it to the document. One small 
change:
   Many implementations may not support SM2 signatures and SM3 digests.  RFC 
6840 Section 5.2 specifies handling of answers in such cases.

That's fine.

I'm not sure about the location of this part, because I just found RFC 9558 has 
similar description in section 6 Implementation Considerations, not in section 
1 Introduction.

Yes, that's right.  I would suggest that it's not necessary to create a new 
section for two sentences, but if you want to, you can.  Your call.  What is 
important is that implementers understand what the expected behavior will be 
from implementations that do not understand SM2/SM3.

I'll add these sentences to the introduction section.

About the 'caution' paragragh:
Most of this statement is OK for us, except one detail.
Although ShangMi (SM) cryptographic algorithms haven't been analyzed by the 
IETF and the IRTF, SM2 and SM3 algorithms have been added to ISO/IEC standards.
So is it possible to remove the third sentence, to avoid the misunderstanding 
that these algorithms are just national standards instead of international 
standards?
Or is it possible to change the second sentence to:
   It makes use of cryptographic algorithms that are national standards for 
China, as well as ISO/IEC standards (ISO/IEC 14888:3-2018 and ISO/IEC 
10118:3-2018).

I'm sorry, but that's not possible.  This came about as an interim means to 
address IETF and IAB concerns about national cryptography.  However, it is fine 
to add a sentence above to refer to the ISO standard.  FWIW, your document will 
probably be the last crypto I publish for a good period of time, while the IETF 
tries to figure out what the long term approach should be.

And the following paragragh, too.
Caution: This specification is not a standard and does not have IETF community 
consensus. It makes use of cryptographic algorithms that are national standards 
for China, as well as ISO/IEC standards (ISO/IEC 14888:3-2018 and ISO/IEC 
10118:3-2018). Neither the IETF nor the IRTF has analyzed that algorithm for 
suitability for any given application, and it may contain either intended or 
unintended weaknesses.

Eliot

-- 
auth48archive mailing list -- auth48archive@rfc-editor.org
To unsubscribe send an email to auth48archive-le...@rfc-editor.org