Re: [Cfrg] Help with the use of contexts

Yoav Nir <ynir.ietf@gmail.com> Tue, 17 January 2017 15:56 UTC

Return-Path: <ynir.ietf@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7FA4B129553 for <cfrg@ietfa.amsl.com>; Tue, 17 Jan 2017 07:56:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mgEkslwRc16j for <cfrg@ietfa.amsl.com>; Tue, 17 Jan 2017 07:56:10 -0800 (PST)
Received: from mail-wm0-x243.google.com (mail-wm0-x243.google.com [IPv6:2a00:1450:400c:c09::243]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 93C8512954F for <cfrg@irtf.org>; Tue, 17 Jan 2017 07:56:10 -0800 (PST)
Received: by mail-wm0-x243.google.com with SMTP id c85so6919915wmi.1 for <cfrg@irtf.org>; Tue, 17 Jan 2017 07:56:10 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=PSfuEOjf3SlNrX9ajRh1vybqcLjSIKGuAW/2/1XDkKI=; b=UGNsxg/NeU3Li6Q5dMo/zgJMOkml5OeUVOwBYgsO9K6hoBHH1BD4vlnT2Q1L00IrfU wrPat/Jz1xXuvzdi/BC1OAUX17V0JTYWh7TU2ozPijm9z4CqP+8api9qp/pfHD5/j8F8 qa46YAQSPVAGvUzsHlcEBRwdbY84z5c3ub5LNuZxl6r+4CdCBmjWVmRhdBwMBgHQfqSd k/aN+8VNzcFaj7NHx96kUv8SmKsIlkn46p78Q3bp6+RegMC6+0JFkbSUwODCmjVPa6LJ 5dFQjmZlkWlgb2LoCo7XotCJptLK0Yk17/X4Qsw5ThSA2OdJMUg0leiue6mFvY82twMt T0xQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=PSfuEOjf3SlNrX9ajRh1vybqcLjSIKGuAW/2/1XDkKI=; b=gOvaOWiJiiPFOEfQM0TffgKh1iCWiHUJUm4oPB5AVAQWr4bKJJkzec2VD32I+IXQv5 HeVE90zr7BPzRcau0jbe0DG5vsELHDrlC14JXdDDv07Wep5IdjPVZKO4xxHcIEQ8XJmc lF0aK75npmXVR9juy8GZbi4Y5P1DE14EcUrflSYhHA9uAsWxPlibdr8YRjt6ChVxJKCp LvppaK39LfkiJ6BSew8/fza229BQwnj93xSetY54M9XN1g4nPPSjJYnujC6sVM2jXss2 LsmEhWEe05aIzURVBS0rwSE6ggX2My5t+VC/L1giY7P++/6RkkvfOsgu5G7PtjNmF1S2 Kelg==
X-Gm-Message-State: AIkVDXKimksKoearwjQM9uY21kYXTRElrndqYj9XJaQNnnQHh+vCXzFT37hHTp9gFg/ymA==
X-Received: by 10.28.183.5 with SMTP id h5mr16502566wmf.39.1484668568981; Tue, 17 Jan 2017 07:56:08 -0800 (PST)
Received: from [172.24.249.163] (dyn32-131.checkpoint.com. [194.29.32.131]) by smtp.gmail.com with ESMTPSA id l74sm37866583wmg.2.2017.01.17.07.56.07 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 17 Jan 2017 07:56:08 -0800 (PST)
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 10.2 \(3259\))
From: Yoav Nir <ynir.ietf@gmail.com>
In-Reply-To: <5eeb3d4d-1fc0-35ba-6f47-87fa0d808edc@cs.tcd.ie>
Date: Tue, 17 Jan 2017 17:56:06 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <AA42E783-43FC-4C9B-A387-623B5B18B4FB@gmail.com>
References: <20170116200948.6535.qmail@cr.yp.to> <5eeb3d4d-1fc0-35ba-6f47-87fa0d808edc@cs.tcd.ie>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
X-Mailer: Apple Mail (2.3259)
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/0sCYoQxTB0IP_wAPmko8mk9H6Jc>
Cc: cfrg@irtf.org
Subject: Re: [Cfrg] Help with the use of contexts
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Jan 2017 15:56:12 -0000

> On 17 Jan 2017, at 13:48, Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote:
> 
> 
> 
> On 16/01/17 20:09, D. J. Bernstein wrote:
>> I would really like to see this unnecessary complexity eliminated from
>> CFRG's signature specifications.
> 
> I'm relatively neutral on the use or non-use of contexts,
> but lean more towards Dan's position that the API changes
> involved mean that practically, it's better to not demand
> contexts.

Me too.

> However, I really do wish that CFRG specs would not offer
> both choices - that will simply lead to repeating this
> discussion each time an IETF protocol wants to use the CFRG
> spec. And of course, different decisions will be made over
> time,

Not over time. In the next few months the IESG is going to get documents about EdDSA signatures from TLS, IPsecME and curdle for signatures in TLS, IKE, and PKIX respectively.  If the decision is not the same in all of them, I think (hope) that the IESG would ask why.

> leading to slightly more mess than would otherwise
> exist. That's not a showstopper thing, but life will be
> better if the choice is not offered.
> 
> So, I'd support eliminating contexts from CFRG specs and
> saying something like "if you want that, and it's not a
> bad idea for avoiding cross-protocol attacks, then do it
> at a layer above the crypto API."
> 
> Cheers,
> S.
> 
> PS: random idea - I wonder if analysis of wireshark
> dissector source code, or some application calling
> such code, might be a fine way to spot potential
> cross-protocol attacks - anyone know if that's been
> tried?
> 
> _______________________________________________
> Cfrg mailing list
> Cfrg@irtf.org
> https://www.irtf.org/mailman/listinfo/cfrg