Re: [Cfrg] [irsg] IRSG review request: draft-irtf-cfrg-randomness-improvements-11

Marie-Jose Montpetit <marie@mjmontpetit.com> Mon, 04 May 2020 22:15 UTC

Return-Path: <marie@mjmontpetit.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 60D5A3A1168 for <cfrg@ietfa.amsl.com>; Mon, 4 May 2020 15:15:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.895
X-Spam-Level:
X-Spam-Status: No, score=-1.895 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=mjmontpetit-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rAXNo8HB32k7 for <cfrg@ietfa.amsl.com>; Mon, 4 May 2020 15:15:57 -0700 (PDT)
Received: from mail-lf1-x12d.google.com (mail-lf1-x12d.google.com [IPv6:2a00:1450:4864:20::12d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 22F423A108F for <cfrg@ietf.org>; Mon, 4 May 2020 15:15:56 -0700 (PDT)
Received: by mail-lf1-x12d.google.com with SMTP id a4so4756260lfh.12 for <cfrg@ietf.org>; Mon, 04 May 2020 15:15:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mjmontpetit-com.20150623.gappssmtp.com; s=20150623; h=from:in-reply-to:references:mime-version:date:message-id:subject:to :cc; bh=dO0Yp9V6zBzi1UjJ8O2TAPQ9CpxG7q23XmDZ+O5wWmA=; b=fUk5XwTgQuyY9n5hGNIPZCmh7+XjzzS9+8bE/4B8eb2X5oOeLPyuk+y2WHi28QOEaq WMbSVvZLC+/RNddoOPMMX353cdVyeBkuqnzZ5JCWjAMIi5ltQJRMUIzq9O3KOuaOXU9p ycnbzZDVb2EE6RD0yCZputDXGL5G+jWCviTiNBctXvb87dFjuBoMpAtEBS/2SrkVcJO6 WzzAtJ62xlO5Ho3Q/gT45yWVElrBocShC5UYriM8W+EweOseGIt2TiXwzjgaB8wUMRpN STUYOfxVqtNvNrAX8U9dVsW4d3SQj9i41ohAH9XMfRDXnD24mDhSRjyerGEFmgRsydTn Pz8Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:in-reply-to:references:mime-version:date :message-id:subject:to:cc; bh=dO0Yp9V6zBzi1UjJ8O2TAPQ9CpxG7q23XmDZ+O5wWmA=; b=mb0M2uBFsYQC5ofZjLtWrEmNbX7sitUTAKoRGKNFNPueZcliMZdY+n+dvzab8YgfnH Bx17b0MpmRZ4hEuUjDCmser5BZ3EeVPSbfr65aUk6yb7kLVhCxD7HkA+UjEefGs0Ppak RGwLtAk1UTUfS+GSDQB3+qBUghNKaOkmI2tf+6zBqih6BqYThzHGLrq7GVN6WlvYbDj8 GIGxT4sc7pLEvhIcnoTn3HgmRIPTP6Y5oFckfvIPwkpGNDfssWzPbtpWfg12j0SfIHBf 14e4Y6eQoSJLqi2fNVxrAx+A18bw3cd24P5Ga7EAs2bb9xlPdayKRgDUBl6eOZF3PFxj 05Hw==
X-Gm-Message-State: AGi0PuZT3yC6LW56Cd8uLRpQkglEVAJt4mFKLsMbXoyWdxFWEiE/pB1V pZ9ByhdytUNbrQYBDOjXS1efHo/MPFe3ljTNncwt5A==
X-Google-Smtp-Source: APiQypLW2FX8tQID1dpB6Av45v7QCBMtibrGmwtdzFI+8jh9JElM9LxVeELyNiqlnTVzwkYexjLPip8+/Ia+4P5+xuY=
X-Received: by 2002:a19:d97:: with SMTP id 145mr11876222lfn.193.1588630554948; Mon, 04 May 2020 15:15:54 -0700 (PDT)
Received: from 1058052472880 named unknown by gmailapi.google.com with HTTPREST; Mon, 4 May 2020 18:15:54 -0400
From: Marie-Jose Montpetit <marie@mjmontpetit.com>
In-Reply-To: <51036D5B-DCAF-4496-B8FD-7E36231AE704@csperkins.org>
References: <4B969EA9-C230-4CC6-A20B-B5F7552716AA@csperkins.org> <CAGVFjMKOSEVZu_R0ZpaCZvpW6wJwfPz=5yVmFvkSXbGr6bF-kQ@mail.gmail.com> <51036D5B-DCAF-4496-B8FD-7E36231AE704@csperkins.org>
MIME-Version: 1.0
Date: Mon, 4 May 2020 18:15:54 -0400
Message-ID: <CAPjWiCSWd+TJ5zS327nBaiaZXxkv7PWQ4yScjAXFL1ZZ8Lfy2g@mail.gmail.com>
To: Colin Perkins <csp@csperkins.org>, Mallory Knodel <mknodel@cdt.org>
Cc: cfrg@ietf.org, Internet Research Steering Group <irsg@irtf.org>
Content-Type: multipart/alternative; boundary="000000000000e847bb05a4d9dff8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/07Gof_bSXDZSk7Lvb5oO3OA7FFo>
Subject: Re: [Cfrg] [irsg] IRSG review request: draft-irtf-cfrg-randomness-improvements-11
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 May 2020 22:15:59 -0000

Hello lists:

My review of draft-irtf-cfrg-randomness-improvements-11

Overall:
The draft is well written and the solution very understandable. The
comparison to the existing RFC is 6979 is a very good idea. While the
application to TLS was most likely the reason the draft was written I am
aware of issues with PRGs elsewhere notably the FRECFRAME RLC that was
delayed due to PRG issues. This does not require to be addressed in the
draft but shows that PRG bugs that impact randomness do need to be taken
into account.

In the NITs category I found the following missing acronyms definitions:
DBRG
EC
HKDF
HMAC
HSM
TLS

mjm


Marie-José Montpetit, Ph.D.
marie@mjmontpetit.com



On May 4, 2020 at 6:10:47 PM, Colin Perkins (csp@csperkins.org) wrote:

Thanks, Mallory!
Colin



On 28 Apr 2020, at 19:21, Mallory Knodel <mknodel@cdt.org> wrote:

HI all,

I did an IRSG review for this document. I think that the editorial quality
is high; this is not a deep technical review. As I read and noted
questions, they were all answered later within the text and with clarity.

For the last two citations there exist URLs even if the documents being
cited aren't openly published. I recommend linking to these pages anyway
for verification purposes.

Thanks,
-Mallory

On Mon, Apr 20, 2020 at 6:44 PM Colin Perkins <csp@csperkins.org> wrote:

> IRSG members,
>
> The Crypto Forum Research Group has requested that
> draft-irtf-cfrg-randomness-improvements-11
> <https://datatracker.ietf.org/doc/draft-irtf-cfrg-randomness-improvements/> be
> considered for publication as an IRTF RFC. To progress this draft,
> we now need *at least one* IRSG member to volunteer to provide a detailed
> review of the draft, as follows:
>
> The purpose of the IRSG review is to ensure consistent editorial and
> technical quality for IRTF publications. IRSG review is not a deep
> technical review. (This should take place within the RG.) At least one IRSG
> member other than the chair of the RG bringing the work forth must review
> the document and the RG’s editorial process.
>
> IRSG reviewers should look for clear, cogent, and consistent writing. An
> important aspect of the review is to gain a critical reading from reviewers
> who are not subject matter experts and, in the process, assure the document
> will be accessible to those beyond the authoring research group. Also,
> reviewers should assess whether sufficient editorial and technical review
> has been conducted and the requirements of this process document, such as
> those described in IRTF-RFCs have been met. Finally, reviewers should check
> that appropriate citations to related research literature have been made.
>
> Reviews should be written to be public. Review comments should be sent to
> the IRSG and RG mailing lists and entered into the tracker. All IRSG review
> comments must be addressed. However, the RG need not accept every comment.
> It is the responsibility of the shepherd to understand the comments and
> ensure that the RG considers them including adequate dialog between the
> reviewer and the author and/or RG. Reviews and their resolution should be
> entered into the tracker by the document shepherd.
>
> The IRSG review often results in the document being revised. Once the
> reviewer(s), authors, and shepherd have converged on review comments, the
> shepherd starts the IRSG Poll on whether the document should be published.
>
>
> Please respond to this message if you’re able to perform such a review,
> and indicate the approximate time-frame by which you’ll be able to complete
> it. The document shepherd write-up is available at
> https://datatracker.ietf.org/doc/draft-irtf-cfrg-randomness-improvements/shepherdwriteup/
>
> Thanks!
> Colin (as IRTF chair)
>
>
> --
> Colin Perkins
> https://csperkins.org/
>
>
>
>
>

-- 
Mallory Knodel
CTO, Center for Democracy and Technology
gpg fingerprint :: E3EB 63E0 65A3 B240 BCD9 B071 0C32 A271 BD3C C780