Re: [DNSOP] A new draft on SM2 digital signature algorithm for DNSSEC

2022-04-12 Thread zhangcuiling 

Many thanks for reading the draft.

> from: "Paul Wouters"  on Mon, 2022-04-11
> to: zhangcuiling 
> cc: dnsop 
> subject: Re: [DNSOP] A new draft on SM2 digital signature algorithm for DNSSEC
> 
> On Mon, 11 Apr 2022, zhangcuiling wrote:
> 
> > And the main purpose is to improve the diversity of DNSSEC algorithms, and 
> > to make it convenient for people who want to use SM2
> > digital signature algorithm as an alternative for DNSSEC.
> 
> We actually want to prevent as much diversity as we can, to avoid
> creating more new long tails of deployment of algorithms. So a new

That sounds reasonable. It does need additional work to support 
SM2 Digital Signature Algorithm for DNS software implementation. 
The good news is that Openssl has supported it since version 1.1.1. 
And I think Openssl is widely used among DNS software.

> algorithm should really offer something the others do not. Also having
> a number of ECC based algorithms would likely mean if one ends up
> broken, all of them end up broken.
> 
> So based on:
> 
>   Due to the similarity between SM2 and ECDSA with curve P-256, some
>   of the material in this document is copied liberally from RFC 6605
>   [RFC6605].
> 
> I don't see a strong reason to adopt another ECC type of algorithm.

Sorry that maybe I didn't make it clear. 

About SM2 and ECDSA:
SM2 and ECDSA are similar in the following aspects: the length of the 
private key (32 octets), public key (64 octets) and the signature 
(64 octets) are the same. 
But there is an important difference between these two algorithms, 
which is the process of signature calculation. So SM2 is a different 
algorithm from ECDSA.
By the way, compared to a totally different algorithm, 
the similarity between SM2 and ECDSA can reduce the complication of 
supporting SM2 to some extent.

About the security of ECC-based algorithms:
As far as I know, the security of ECC-based algorithms is strongly 
influenced by the curve it uses. Sometimes it's hard to say which 
curve is much safer. Elliptic curve secp256r1 (for DNSSEC) and 
secp256k1 (for blockchain) are relatively popular for ECDSA. 

SM2 uses a different curve and has different process with the signature
generation and validation, so I'd like to consider it as an alternative
to ECDSA.

> 
> Additionally, in this case SM2/SM3 seems to be ISO standards that are
> not freely available, so these are additionally problematic.
> 

I agree with you. I should specify a document that could be downloaded freely.
Here is another one introducing SM2/SM3 in detail:
"Information security technology --- Public key cryptographic algorithm 
SM2 based on elliptic curves --- Part 2: Digital signature algorithm"
http://www.gmbz.org.cn/upload/2018-07-24/1532401673138056311.pdf
It's written in English, but unfortunately it's not an international standard.
I will keep on trying to find a more proper document.

Thank you again for your time and your helpful comment.

Best regards,

Cathy Zhang
___
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

Re: [DNSOP] A new draft on SM2 digital signature algorithm for DNSSEC

2022-04-11 Thread Paul Wouters 

On Mon, 11 Apr 2022, zhangcuiling wrote:


And the main purpose is to improve the diversity of DNSSEC algorithms, and to 
make it convenient for people who want to use SM2
digital signature algorithm as an alternative for DNSSEC.


We actually want to prevent as much diversity as we can, to avoid
creating more new long tails of deployment of algorithms. So a new
algorithm should really offer something the others do not. Also having
a number of ECC based algorithms would likely mean if one ends up
broken, all of them end up broken.

So based on:

Due to the similarity between SM2 and ECDSA with curve P-256, some
of the material in this document is copied liberally from RFC 6605
[RFC6605].

I don't see a strong reason to adopt another ECC type of algorithm.

Additionally, in this case SM2/SM3 seems to be ISO standards that are
not freely available, so these are additionally problematic.

Paul

___
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

[DNSOP] A new draft on SM2 digital signature algorithm for DNSSEC

2022-04-10 Thread zhangcuiling 
Hi dnsop,
 
My coworkers and I have written a draft on SM2 digital signature algorithm for 
DNSSEC.
 
The main content is to introduce the format of DNSKEY/RRSIG RRs using SM2 
digital signature algorithm with SM3 digest algorithm, and the format of 
DS/NSEC3 RRs using SM3 digest algorithm.
 
And the main purpose is to improve the diversity of DNSSEC algorithms, and to 
make it convenient for people who want to use SM2 digital signature algorithm 
as an alternative for DNSSEC.
 
I would love to hear comments and suggestions from you.

Thanks in advance.

Name: draft-cuiling-dnsop-sm2-alg
Revision: 00
Title: SM2 Digital Signature Algorithm for DNSSEC
Document date: 2022-04-07
Group: Individual Submission
Pages: 5
URL:
https://www.ietf.org/archive/id/draft-cuiling-dnsop-sm2-alg-00.txt
Status: https://datatracker.ietf.org/doc/draft-cuiling-dnsop-sm2-alg/
Htmlized:   
https://datatracker.ietf.org/doc/html/draft-cuiling-dnsop-sm2-alg
 
Abstract:
  This document describes how to specify SM2 Digital Signature
  Algorithm keys and signatures in DNS Security (DNSSEC). It lists
  the curve and uses SM3 as hash algorithm for signatures.
 
Best regards,
 
Cathy Zhang

2022-04-11

___
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop