Ballot Details: Approve ck-ecdh2-derive-params for inclusion in PKCS#11 v3.0 (CLOSED)

Ballot Question Do you approve the proposal for ck-ecdh2-derive-params for inclusion in PKCS#11 v3.0?
Ballot Description Proposal made to the PKCS#11 TC on November 8, 2017 in response to comments received for PKCS#11 2.40 Errata.
This proposal relates to Item 13 - ck-ecdh2-derive-params - https://www.oasis-open.org/apps/org/workgroup/pkcs11/download.php/61980/latest/ck-ecdh2-derive-params_tc.docx
Ballot Options
VOTING CLOSED: Monday, 27 November 2017 @ 6:00 pm PST
Yes 5 62.5
No 3 37.5
Abstain 0
Open Date Monday, 13 November 2017 @ 6:00 am PST
Close Date Monday, 27 November 2017 @ 6:00 pm PST
Ballot Type Official, as defined by organization policies and procedures

Referenced Items

Name Type Date

ck-ecdh2-derive-params_tc.docx

  • Folder: Documents
  • Group: OASIS PKCS 11 TC
  • State: Draft
  • 14K
  • 11 downloads
page=ballotrefitems&type=document
v2.40 Errata - Item 16 - ck-ecdh2-derive-params Document 2017-11-07

Voting Statistics

Number of votes cast (excluding abstentions) 8
Eligible members who have voted 8 of 13 61.538%
Eligible members who have not voted 5 of 13 38.462%

Voting Summary by Option

Options with highest number of votes are bold
Option # Votes % of Total
Yes 5 62.5%
No 3 37.5%
Abstain 0

Voting Details

Voter Name Company Vote * Time (UTC) Comments
* Bong, Dieter Utimaco IS GmbH Yes 2017-11-14 12:28:00 1
* Corlett, Justin Cryptsoft Pty Ltd. Yes 2017-11-22 23:19:00
* Hudson, Tim Cryptsoft Pty Ltd. Yes 2017-11-22 21:17:00
* Relyea, Robert Red Hat Yes 2017-11-13 23:02:00 1
* Scott, Greg Cryptsoft Pty Ltd. Yes 2017-11-14 01:12:00
* Fenwick, Valerie Intel Corporation No 2017-11-21 23:34:00 1
* Johnson, Darren SafeNet, Inc. No 2017-11-17 03:42:00 1
* Rich, Bruce Cryptsoft Pty Ltd. No 2017-11-22 21:31:00 1
* Cox, Tony Cryptsoft Pty Ltd. --
* Fitzgerald, Indra Micro Focus --
* Janssen, Gershon Individual --
* Minder, Daniel Utimaco IS GmbH --
* Stueve, Gerald Fornetix --

Voter Comments

Submitter Vote Comment
Relyea, Robert
Red Hat
Yes Do we want to point to the other hash kdf's we now have for other derive functions?
Bong, Dieter
Utimaco IS GmbH
Yes I support Bobs comment. Maybe the text can reference the extended table 34 from https://www.oasis-open.­org/apps/org/workgroup/p­kcs11/download.php/61152­/PKCS11_KDF_Proposal_App­roved.zip
Fenwick, Valerie
Intel Corporation
No sounds like this still needs some work.
Rich, Bruce
Cryptsoft Pty Ltd.
No Too many outstanding issues. Bob's might be editorial (bit of a stretch on that), but Darren's are not.
Johnson, Darren
SafeNet, Inc.
No Sorry for the long comment, but I can only make one comment per ballot.

I also support Bob's comment. It may be easier moving forward if we updated the test for all the ECDH mechanisms so that they read "if the derivation function is CKD_NULL, else...". That way we do not need to update the list of KDFs if/when additional ones are added.

The proposal states that CK_ECDH2_DERIVE_PARAMS provides the parameters to CKM_ECMQV_DERIVE. Was that intentional? CKM_ECMQV_DERIVE already has a parameter CK_ECMQV_DERIVE_PARAMS and references X9.63 as the algorithm used. I expected to see the text for CKM_ECDH1_DERIVE and CKM_ECDH1_COFACTOR_DERI­VE updated to account for CK_ECDH2_DERIVE_PARAMS. Or additional mechanisms (For example CKM_ECDH2_DERIVE and CKM_ECDH2_COFACTOR_DERI­VE) created that used CK_ECDH2_DERIVE_PARAMS. And I think we need to call out a standard that defines how to use the two key pairs, either SP800-56Ar1 or some other standard that defines 2-key ECDH.