Date: Mon, 28 Aug 2006 14:22:11 -0500 From: Ralph Weber <roweber@ieee.org> To: t10@t10.org Subject: Re: 06-369r2 -- Security Association Model for SPC-4 X-Message-Number: 7190 Formatted message: HTML-formatted message Bob, The FIPS-180-2 with Change notice 1 that I downloaded from the specified URL, defines SHA-1, SHA-224, SHA-256, SHA-384, and SHA-512. Because of the way the change notice is applied, I am inclined to believe the goal is that all SHA-x variants will be defined in FIPS-180-x. Certainly, the list in FIPS-180-2 would appear to keep SCSI in SHA-x algorithms for many years to come. For this reason, I would like to avoid having to specifically define each SHA-x instance differently. If you have any specific suggestions on how to otherwise improve the existing text, please let me know about them or bring them to the CAP meeting. Thanks, .Ralph Bob.Nixon@Emulex.Com wrote: > Hi, Ralph, my concerns with this are two (and both very minor): > > First, SHA-256 is a proper name, while SHA, which is certainly well-defined, is a generic term. Although the obvious similarity would likely lead from the proper to the generic, there is no statement that formally ties the proper to the generic (i.e., that says "SHA-256 is a Secure Hash Algorithm"). It is identified only as an Auxiliary function used with NIST SP 800-56A. > > Second is the implication that any Secure Hash Function used in SCSI shall be defined in FIPS-189-2. This may or may not have been your intent. > > I think for completeness, the reference in table x3 should simply be extended to "SHA-256 (see FIPS-189-2". > > - bob > > -----Original Message----- > From: owner-t10@t10.org [mailto:owner-t10@t10.org]On Behalf Of Ralph > Weber > Sent: Saturday, August 26, 2006 7:23 PM > To: t10@t10.org > Subject: Re: 06-369r2 -- Security Association Model for SPC-4 > > > * From the T10 Reflector (t10@t10.org), posted by: > * Ralph Weber <roweber@ieee.org> > * > Bob, > > I have addressed all of your comments except one in the > draft r3. The one comment not addressed is: > >> SHA-256 seems to be used normatively (tables 44 and x1), but is not >> defined anywhere in SPC-4. Is its relevance to SPC-4 fully defined >> and/or referenced in NIST SP 800-56A? >> > I believe this issue is already addressed in r2 as follows. > > 1) The following is proposed for addition to the NIST Normative References. > > FIPS 180-2 with Change Notice 1 dated February 25, 2004, Secure Hash > Standard > > 2) The glossary entry for SHA clearly states that secure hash algorithms > are specified in FIPS 180-2 ... > > All the best, > > .Ralph > > > Bob.Nixon@Emulex.Com wrote: > >> Hi, Ralph, here, for public review, is the Security Association nit >> list I transmitted privately, sanitized as you requested ;-) >> >> 3.1.s defines Security Hash Algorithm (SHA). 3.2 defines SHA as a >> Secure Hash Algorithm. I think "Secure" is correct. >> >> SHA-256 seems to be used normatively (tables 44 and x1), but is not >> defined anywhere in SPC-4. Is its relevance to SPC-4 fully defined >> and/or referenced in NIST SP 800-56A? >> >> In table x2, definition of DS_NONCE, 2nd line, 2nd "and" should be "an". >> >> Table x2 footnote d suggests nonces should be "at least" half the >> length of the key seed, suggesting that they might be longer than >> that. Although it isn't logically inconsistent, is there a reason to >> limit nonces to 32 bytes while key seeds can be up to 64 bytes? >> >> 5.13.3.3 item a: I'm not sure what an "SA lifetime value..." is. At >> first I thought it was an agreed timeout on an SA, but after more >> thought (and seeing no other reference to timeouts), I presume it >> means "value that is fixed for the lifetime of the SA..." Is that >> correct? >> >> > > * > * For T10 Reflector information, send a message with > * 'info t10' (no quotes) in the message body to majordomo@t10.org > > > > >