IETF Logo Mail Archive

[art] Re: AD Evaluation: draft-barnes-sframe-iana-256-00

Aron Rosenberg <aron.rosenberg@apple.com> Fri, 16 January 2026 16:41 UTC

Return-Path: <aron.rosenberg@apple.com>
X-Original-To: art@mail2.ietf.org
Delivered-To: art@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id D6034A8ABF8B for <art@mail2.ietf.org>; Fri, 16 Jan 2026 08:41:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.797
X-Spam-Level:
X-Spam-Status: No, score=-2.797 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_NONE=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=apple.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4KbKjzJYO8TZ for <art@mail2.ietf.org>; Fri, 16 Jan 2026 08:41:55 -0800 (PST)
Received: from ma-mx04.apple.com (ma-mx04.apple.com [17.23.4.22]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 6A63CA8ABF6D for <art@ietf.org>; Fri, 16 Jan 2026 08:41:55 -0800 (PST)
Received: from mr55p01nt-mtap02.apple.com (mr55p01nt-mtap02.ise.apple.com [10.170.185.211]) by st47p01nt-mxp04.apple.com (Oracle Communications Messaging Server 8.1.0.28.20250821 64bit (built Aug 21 2025)) with ESMTPS id <0T8Y1IXWEUDUKX10@st47p01nt-mxp04.apple.com> for art@ietf.org; Fri, 16 Jan 2026 16:41:55 +0000 (GMT)
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1121,Hydra:6.1.9,FMLib:17.12.100.49 definitions=2026-01-16_06,2026-01-15_02,2025-10-01_01
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=apple.com; h=cc : content-type : date : from : in-reply-to : message-id : mime-version : references : subject : to; s=20180706; bh=HsCxSyrm0Hv3TxdwycKQDHmSoHLg+7J4KtgjiZ9bDws=; b=bK4fhJxPWDL+TawmhUHa70xzykPgpJetwRTYW0s+JJHFRy12c8lkN2xgcLcM9TBbJagi TuIxz1qxs9vQQghm4tAiNRFtrGIusocnqa6KrRSxqSGY9YdCW87JJIHSEf+eJ1Q8cd9C vnfvrjeswqBCxfXLCco3wiNrK/H9bu8r98CY14UrkH0PvBPNvfCZw9FODkH7nAmCKNit 1LDVAGuKYSDUPvPFnX2xcgI5jL6DtQ8zmqIXzksMQo6wODGT1eBKSZAxm14NekbejoUE NP61a/13AkQ8nlxOKP8lNurAbmx7nOdr8kwxOWA2rxLi/edhjRu8KPesbyNXHxcJEXKa cw==
Received: from mr55p01nt-mmpp07.apple.com (mr55p01nt-mmpp07.ise.apple.com [10.170.185.196]) by mr55p01nt-mtap02.apple.com (Oracle Communications Messaging Server 8.1.0.28.20250821 64bit (built Aug 21 2025)) with ESMTPS id <0T8Y1PWZ9UDUE4H0@mr55p01nt-mtap02.apple.com>; Fri, 16 Jan 2026 16:41:54 +0000 (GMT)
Received: from process_milters-daemon.mr55p01nt-mmpp07.apple.com by mr55p01nt-mmpp07.apple.com (Oracle Communications Messaging Server 8.1.0.28.20250821 64bit (built Aug 21 2025)) id <0T8Y24Y00U2ZMY00@mr55p01nt-mmpp07.apple.com>; Fri, 16 Jan 2026 16:41:54 +0000 (GMT)
X-Va-A:
X-Va-T-CD: b6877a52170044d2e8264ba15c4e99d2
X-Va-E-CD: a9a3b4cd9c55f84e78b5392deda4f767
X-Va-R-CD: 6a029f6cfbbbc156f26d9407c3eef7e9
X-Va-ID: 3596659c-7022-4287-9761-2d5620c5bd9e
X-Va-CD: 0
X-V-A:
X-V-T-CD: b6877a52170044d2e8264ba15c4e99d2
X-V-E-CD: a9a3b4cd9c55f84e78b5392deda4f767
X-V-R-CD: 6a029f6cfbbbc156f26d9407c3eef7e9
X-V-ID: c5508636-6b1d-4ac1-afad-a4290febc5cd
X-V-CD: 0
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1121,Hydra:6.1.9,FMLib:17.12.100.49 definitions=2026-01-16_06,2026-01-15_02,2025-10-01_01
Received: from smtpclient.apple (unknown [17.11.91.171]) by mr55p01nt-mmpp07.apple.com (Oracle Communications Messaging Server 8.1.0.28.20250821 64bit (built Aug 21 2025)) with ESMTPSA id <0T8Y2563MUDTO900@mr55p01nt-mmpp07.apple.com>; Fri, 16 Jan 2026 16:41:53 +0000 (GMT)
From: Aron Rosenberg <aron.rosenberg@apple.com>
Message-id: <B66DD02C-E808-479C-98F5-D4632AF020DE@apple.com>
Content-type: multipart/alternative; boundary="Apple-Mail=_C005E8CF-5BF0-430D-AFA5-1BFDF41685B0"
MIME-version: 1.0 (Mac OS X Mail 16.0 \(3864.400.12\))
Date: Fri, 16 Jan 2026 08:41:44 -0800
In-reply-to: <CAMzqgowjOg4vmYoOx-UFNWtaiSrUf=GPK5LFC4cg6_H0+yiHNQ@mail.gmail.com>
To: Orie <orie@or13.io>
References: <CAMzqgoxa3wgBXMeSm0LiT+=7drs9nYjWVcG5EQ=qeGgRDDbHAw@mail.gmail.com> <CAMzqgownWtueaas4YWKgfPRqdk4Zqqy9Nz8fezcVE4t2UUWzzA@mail.gmail.com> <46863F88-C011-4D76-8F9E-A4BF8B376E38@apple.com> <CAMzqgowjOg4vmYoOx-UFNWtaiSrUf=GPK5LFC4cg6_H0+yiHNQ@mail.gmail.com>
X-Mailer: Apple Mail (2.3864.400.12)
Message-ID-Hash: 5XBGF7QKHVZ4Z72GDKOBJLYVUE7HIAA2
X-Message-ID-Hash: 5XBGF7QKHVZ4Z72GDKOBJLYVUE7HIAA2
X-MailFrom: aron.rosenberg@apple.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-art.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Emad Omara <eomara@apple.com>, ART Area <art@ietf.org>, Security ADs <sec-ads@ietf.org>, draft-barnes-sframe-iana-256@ietf.org
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [art] Re: AD Evaluation: draft-barnes-sframe-iana-256-00
List-Id: Applications and Real-Time Area Discussion <art.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/art/H7zqJReAKvpLu4i44PChxkKIpMU>
List-Archive: <https://mailarchive.ietf.org/arch/browse/art>
List-Help: <mailto:art-request@ietf.org?subject=help>
List-Owner: <mailto:art-owner@ietf.org>
List-Post: <mailto:art@ietf.org>
List-Subscribe: <mailto:art-join@ietf.org>
List-Unsubscribe: <mailto:art-leave@ietf.org>

>> > 
>> > ## Discuss worthy
>> > 
>> > ### Change controller
>> > 
>> > ```
>> > The "Change Controller" entry should be removed.
>> > ```
>> > 
>> > Why? These registries were established with the IETF as the change controller.
>> > 
>> > The registration policy is Spec Required with a call out per rfc9605:
>> > 
>> > ```
>> > Recommended: Whether support for this cipher suite is recommended by the IETF. Valid values are "Y", "N", and "D" as described in Section 17.1 of [MLS-PROTO]. The default value of the "Recommended" column is "N". Setting the Recommended item to "Y" or "D", or changing an item whose current value is "Y" or "D", requires Standards Action [RFC8126].
>> > ```
>> > 
>> > In my reading, IETF remains the change controller regardless of the column given the note about standards action.
>> > 
>> > What motivated the decision to remove the change controller column?

We changed the Change Controller portion of the registry because it was not actually the original intent of the original authors to require a new RFC for introducing a new cipher suite definition. They had originally intended it to be expert review only. This got lost during the original process and the writing of the IANA considerations section in RFC 9605 and wasn’t discovered until I tried to register the new cipher suites that this draft defines. We then decided to formally update this since we had to write an RFC anyway given the current registry rules. Since SFrame is not creating its own crypto or hash algorithms and uses them only in terms of RFC 5869 HKDF usage, we felt this would simplify the process in the future for others.

>> > 
>> > ## Comments
>> > 
>> > ### auth subkey?
>> > 
>> > ```
>> >    *  enc_key: The encryption subkey produced by the derive_subkeys()
>> >       algorithm
>> > 
>> >    *  auth_key: The encryption subkey produced by the derive_subkeys()
>> >       algorithm
>> > ```
>> >

This is a typo and should say "authentication" subkey and will be fixed in the updated draft. This is also a typo in the original RFC 9605, and I submitted an errata for that today.

>> > ### Why typically?
>> > 
>> > ```
>> >    *  Nt: The overhead in bytes of the encryption algorithm (typically
>> >       the size of a "tag" that is added to the plaintext)
>> > ```
>> > 
>> > In which cases is this not the size of the tag? Why the optionality here?
>> > 
>> 

This was the exact language from RFC9605, so I left it as is. With all the current Hash and Auth tag algorithms used in the current and proposed cipher suites (GCM and the hash as tag for the CTR modes), it is correct that it is *only* the tag length. If somebody came up with a new hash or tag computation approach it might not be true, hence why "typically" was used.

v2.46.0 | Report a Bug | By Email | System Status