Bob,

The FIPS-180-2 with Change notice 1 that I downloaded from the
specified URL, defines SHA-1, SHA-224, SHA-256, SHA-384, and
SHA-512. Because of the way the change notice is applied, I
am inclined to believe the goal is that all SHA-x variants
will be defined in FIPS-180-x.

Certainly, the list in FIPS-180-2 would appear to keep SCSI
in SHA-x algorithms for many years to come.

For this reason, I would like to avoid having to specifically
define each SHA-x instance differently. If you have any specific
suggestions on how to otherwise improve the existing text,
please let me know about them or bring them to the CAP meeting.

Thanks,

.Ralph

Bob.Nixon@Emulex.Com wrote: 
Hi, Ralph, my concerns with this are two (and both very minor): 

First, SHA-256 is a proper name, while SHA, which is certainly well-defined, is a generic term.  Although the obvious similarity would likely lead from the proper to the generic, there is no statement that formally ties the proper to the generic (i.e., that says "SHA-256 is a Secure Hash Algorithm"). It is identified only as an Auxiliary function used with NIST SP 800-56A.

Second is the implication that any Secure Hash Function used in SCSI shall be defined in FIPS-189-2. This may or may not have been your intent.

I think for completeness, the reference in table x3 should simply be extended to "SHA-256 (see FIPS-189-2".

   - bob

-----Original Message-----
From: owner-t10@t10.org [mailto:owner-t10@t10.org]On Behalf Of Ralph
Weber
Sent: Saturday, August 26, 2006 7:23 PM
To: t10@t10.org
Subject: Re: 06-369r2 -- Security Association Model for SPC-4


* From the T10 Reflector (t10@t10.org), posted by:
* Ralph Weber <roweber@ieee.org>
*
Bob,

I have addressed all of your comments except one in the
draft r3. The one comment not addressed is:
  
SHA-256 seems to be used normatively (tables 44 and x1), but is not 
defined anywhere in SPC-4. Is its relevance to SPC-4 fully defined 
and/or referenced in NIST SP 800-56A?
    
I believe this issue is already addressed in r2 as follows.

1) The following is proposed for addition to the NIST Normative References.

FIPS 180-2 with Change Notice 1 dated February 25, 2004, Secure Hash 
Standard

2) The glossary entry for SHA clearly states that secure hash algorithms
are specified in FIPS 180-2 ...

All the best,

.Ralph


Bob.Nixon@Emulex.Com wrote:
  
Hi, Ralph, here, for public review, is the Security Association nit 
list I transmitted privately, sanitized as you requested  ;-) 

3.1.s defines Security Hash Algorithm (SHA). 3.2 defines SHA as a 
Secure Hash Algorithm. I think "Secure" is correct.

SHA-256 seems to be used normatively (tables 44 and x1), but is not 
defined anywhere in SPC-4. Is its relevance to SPC-4 fully defined 
and/or referenced in NIST SP 800-56A?

In table x2, definition of DS_NONCE, 2nd line, 2nd "and" should be "an".

Table x2 footnote d suggests nonces should be "at least" half the 
length of the key seed, suggesting that they might be longer than 
that. Although it isn't logically inconsistent, is there a reason to 
limit nonces to 32 bytes while key seeds can be up to 64 bytes?

5.13.3.3 item a: I'm not sure what an "SA lifetime value..." is. At 
first I thought it was an agreed timeout on an SA, but after more 
thought (and seeing no other reference to timeouts), I presume it 
means "value that is fixed for the lifetime of the SA..." Is that 
correct?

    

*
* For T10 Reflector information, send a message with
* 'info t10' (no quotes) in the message body to majordomo@t10.org