[CFRG] IRTF Chair review of draft-irtf-cfrg-opaque-16
Colin Perkins <csp@csperkins.org> Wed, 11 September 2024 16:42 UTC
Return-Path: <csp@csperkins.org>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 06015C16941E for <cfrg@ietfa.amsl.com>; Wed, 11 Sep 2024 09:42:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=csperkins.org
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7eu9XOTVPp_V for <cfrg@ietfa.amsl.com>; Wed, 11 Sep 2024 09:42:27 -0700 (PDT)
Received: from mx1.mythic-beasts.com (mx1.mythic-beasts.com [IPv6:2a00:1098:0:86:1000:0:2:1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BF537C169430 for <cfrg@irtf.org>; Wed, 11 Sep 2024 09:42:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=csperkins.org; s=mythic-beasts-k1; h=Date:Subject:To:From; bh=vQ7sWjKzh0bq08rSwGFkRTvJEwI4jqPGNPs5dchifpU=; b=U1X0O+958yNcQzVcdQyplOmMYw mtgihZ9N61FGH/krBNpEwx4y+soajkYZjCA49ayy5YFlNeODBzD26I0x/4iqrCGj3mKLpCzWOxxy0 HNv9NfD5r7zLxqPXX7c/TYbCAJhf1M9qwIgpYMOw3NVyT1NGYWZNj5lcelq3n68ApYqjGKrOsfIvi 7WyzoEl/zTHDkruKVsceVZWYmUSsh1DoHB7mQH9WEUJ3/06D8mXxq/InVXexHz2umZVmVWalMCcno +G3SV0zEUZD3Wk+IUC3ycPJLYRw6TRL9ww9taV7EMjlhPQyOqBS2ggIAwEeUkJbnLZI5tqsZtmAM5 yw8hJrYg==;
Received: by mailhub-cam-d.mythic-beasts.com with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <csp@csperkins.org>) id 1soQQE-00B4VR-E3; Wed, 11 Sep 2024 17:42:26 +0100
From: Colin Perkins <csp@csperkins.org>
To: draft-irtf-cfrg-opaque@ietf.org, cfrg-chairs@ietf.org
Date: Wed, 11 Sep 2024 17:42:21 +0100
X-Mailer: MailMate (1.14r6065)
Message-ID: <ED4B24C7-4D93-4F17-B5CC-2AE1F818A2E5@csperkins.org>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="=_MailMate_61223CFE-91FC-49DB-B994-04EEE62FD7EC_="
Content-Transfer-Encoding: 8bit
X-BlackCat-Spam-Score: 0
Message-ID-Hash: UJEBQ37J4ZWVGVNAYUMVR2MGRS3WAGVR
X-Message-ID-Hash: UJEBQ37J4ZWVGVNAYUMVR2MGRS3WAGVR
X-MailFrom: csp@csperkins.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-cfrg.irtf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: cfrg <cfrg@irtf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [CFRG] IRTF Chair review of draft-irtf-cfrg-opaque-16
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/-uUk5XjBIcXqOiDcoW0e3fyskHg>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Owner: <mailto:cfrg-owner@irtf.org>
List-Post: <mailto:cfrg@irtf.org>
List-Subscribe: <mailto:cfrg-join@irtf.org>
List-Unsubscribe: <mailto:cfrg-leave@irtf.org>
The CFRG chairs have requested that draft-irtf-cfrg-opaque-16 be published as an RFC on the IRTF stream. The IRTF publication process is described in RFC 5743, and comprises a review by the IRSG to ensure technical and editorial quality, followed by a check by the IESG to ensure the work does not conflict with IETF standards activities. As IRTF Chair, I perform an initial review of all drafts submitted for publication on the IRTF stream before sending them for detailed review by the IRSG. This note provides my review comments, for discussion. The document shepherd write-up states that the authors have made all necessary IPR disclosures, as described at https://irtf.org/policies/ipr. **Result:** Ready with nits **RFC 5743 compliance:** The draft does not follow the guidelines in RFC 5743 **Comments:** Thank you for preparing this draft. Apologies for the delay in my review. Overall this looks good, and I thank the authors and others in the group for the effort they have spent developing and reviewing the work. I have two procedural details that should be resolved: * Please add a sentence to the end of the Introduction to say “This document is not an IETF product and is not a standard” to meet the requirements of RFC 5743. * The Discussion Venues section is marked “to be removed before publishing”. That’s appropriate, but the CFRG Chairs should add a link to the GitHub page in the “Additional resources” part of https://datatracker.ietf.org/doc/draft-irtf-cfrg-opaque/ so it can be found after publication. While reviewing the draft, I also noted areas where I thought clarifications might be helpful. I’m a generalist, and very much not a security expert, so none of these should be considered blocking comments – I’m happy to be told that the draft follows the usual conventions in the field and the description will be clear to the intended audience: * Section 2.1: some of the APIs reference specific sections of RFC 9497, some do not. To avoid confusion, would it make sense to consistently reference RFC 9497 in cases when the APIs are defined there? * Section 2.2: “`Expand(prk, info, L)`: Expand a pseudorandom key prk using the optional string info…” – will it be clear to readers what to do if the optional string is not provided? * Section 2.3: the definition of `Stretch(msg)` doesn’t specify the size of the output. Should it? Similar issues occur elsewhere, e.g., `auth_tag` in section 4.1.1, so if this is important it may be worth checking that the sizes are consistently specified. * Section 3.2: for clarity, I suggest to change “The registration flow is shown below” to “The registration message flow is shown below and the process is described in detail in Section 5”. * Section 4.1.2: I found the syntax `Create Envelope envelope with (envelope_nonce, auth_tag)` confusing since it reads like pseudo code but is in the middle of a more precise description. It wasn’t immediately obvious to me that it was referring to previously defined types. Would it be clearer to say `envelope = Envelope(envelope_nonce, auth_tag)` or similar? (There is similar phrasing in a number of other places) * Section 5: what happens to the results that are not sent to the peer? For example, `CreateRegistrationRequest()` returns `(request, blind)` and it looks like `request` is sent to the server, but what is done with `blind`? (Similar issue with the ladder diagrams elsewhere in this section and in Section 6) Finally, I note that the appendices contain a number of test vectors. Has the latest version of the draft been verified against a reference implementation to ensure these are correct? Regards, Colin
- [CFRG] IRTF Chair review of draft-irtf-cfrg-opaqu… Colin Perkins
- [CFRG] Re: IRTF Chair review of draft-irtf-cfrg-o… Kevin Lewi
- [CFRG] Re: IRTF Chair review of draft-irtf-cfrg-o… stef
- [CFRG] Re: IRTF Chair review of draft-irtf-cfrg-o… Daniel Bourdrez
- [CFRG] Re: IRTF Chair review of draft-irtf-cfrg-o… Colin Perkins
- [CFRG] Re: IRTF Chair review of draft-irtf-cfrg-o… Kevin Lewi
- [CFRG] Re: IRTF Chair review of draft-irtf-cfrg-o… Hugo Krawczyk
- [CFRG] Re: IRTF Chair review of draft-irtf-cfrg-o… Daniel Bourdrez