Re: [CFRG] IRTF Chair review of draft-irtf-cfrg-vrf-12
Leonid Reyzin <reyzin@cs.bu.edu> Wed, 15 June 2022 20:22 UTC
Return-Path: <leonid.reyzin@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EDC5BC14F72E; Wed, 15 Jun 2022 13:22:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.408
X-Spam-Level:
X-Spam-Status: No, score=-6.408 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.25, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.25, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id O75XhP-y-1IS; Wed, 15 Jun 2022 13:22:25 -0700 (PDT)
Received: from mail-ed1-f47.google.com (mail-ed1-f47.google.com [209.85.208.47]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 48C44C159481; Wed, 15 Jun 2022 13:22:25 -0700 (PDT)
Received: by mail-ed1-f47.google.com with SMTP id n28so17797321edb.9; Wed, 15 Jun 2022 13:22:25 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=BFvWKotG52J2fgHeAlD5fdzuTdqxRPfpcwUMOe/v2D0=; b=bG+cLIjVBa+ocB+/sayWrdb/1TFQ42oWUUE6vO+PtUppy2QUEs6zWfp8n5fs4cwPSo d4xPgbjz0hI0sRrvNfeN/maF3eIOcF5GGRjQB/A/H8fq3ymZ4hwgUjCSOpDlgnKYnfXs 8CPacoF/mfCM5D2uW6CZXgfl/MML7RNpVZTN7z9iLipUTcHwW0W6xyY8E/YuZOfyGARJ h0g62KE/FCgNcIV8Z//6cZYEHTdjIZh2zvK5ZxYdin4sAgGidwjeC2UIGkzm+wBPAHem 3H4RsUctT0Kc0m2acp8QBgGaY1CBtHrNlRZavA93ppePJRKQEZQM4DhO4LUbhf7wLnGG onuQ==
X-Gm-Message-State: AJIora/3S8+lrtkADnJk8DXnF1LegPlBE6Z4VcdrbGLAZl7eB/BzVgNe HSkWjYqRCDp6Cb/xs2hJX573/azBNoWDXrPyRKq92nPMgDA=
X-Google-Smtp-Source: AGRyM1vpcHtVHx3eh3AVxg7L/ULOEdnM3AxoRRCmpkr2n1065fyAlg7vWvss/xuB5bJCKfZv0cqC5lHJ5GCo1vGbKDY=
X-Received: by 2002:a50:ee9a:0:b0:42d:cdf4:9501 with SMTP id f26-20020a50ee9a000000b0042dcdf49501mr1986252edr.226.1655324543655; Wed, 15 Jun 2022 13:22:23 -0700 (PDT)
MIME-Version: 1.0
References: <527361AC-2443-41B0-B74C-8534D816CCC2@csperkins.org>
In-Reply-To: <527361AC-2443-41B0-B74C-8534D816CCC2@csperkins.org>
From: Leonid Reyzin <reyzin@cs.bu.edu>
Date: Wed, 15 Jun 2022 16:21:56 -0400
Message-ID: <CAHZ6D0v5NtY__Ymuj42osPDFVoPhc8xjy=+OTG3DK-gCYSTSkg@mail.gmail.com>
To: Colin Perkins <csp@csperkins.org>
Cc: draft-irtf-cfrg-vrf@ietf.org, cfrg@ietf.org
Content-Type: multipart/alternative; boundary="00000000000069a2e405e18247a0"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/5JXwyzEqpqRECIppRDX21Qejwqw>
Subject: Re: [CFRG] IRTF Chair review of draft-irtf-cfrg-vrf-12
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Jun 2022 20:22:29 -0000
Dear Colin, Thank you for your feedback. We addressed all your comments. Specifically, for Section 5.4.5, we explained that this algorithm MAY be used, and added a considerable amount of rationale for its design, including the rationale for the choice of bad_y2. For deciding which algorithm to use, we added a paragraph to Section 1 that points to security differences among the algorithms as addressed in Sections 3 and 7. As far as the test vectors, the entire section is generated directly by the reference implementation, which directly outputs xml2rfc version 3. The reference implementation itself has been extensively debugged and tested against other implementations of relevant components. We uploaded the new version (-13) to https://datatracker.ietf.org/doc/draft-irtf-cfrg-vrf/ Finally, regarding IPR disclosures, we are not aware of any IPR claims. Thanks for your work, Leo On Wed, Jun 15, 2022 at 9:28 AM Colin Perkins <csp@csperkins.org> wrote: > The CFRG chairs have requested that draft-irtf-cfrg-vrf-12 be published as > an RFC on the IRTF stream. The IRTF publication process is described in RFC > 5743, and comprises a review by the IRSG to ensure technical and editorial > quality, followed by a check by the IESG to ensure the work does not > conflict with IETF standards activities. > > As IRTF Chair, I perform an initial review of all drafts submitted for > publication on the IRTF stream before sending them for detailed review by > the IRSG. This note provides my review comments, for discussion. > > Authors, please can you also respond to this message to confirm that all > necessary IPR disclosures, as described on https://irtf.org/policies/ipr, > have been made? > > Result: Almost Ready > > RFC 5743 compliance: The draft follows the guidelines in RFC 5743 > > Comments: > > Thank you for preparing this draft. On the whole, I found it clearly > written and easy to follow. I have some minor questions for clarification, > and a couple of nits to address: > > - > > Nit: I suggest to remove the §1.1 sub-heading, and to move the > sentence “This document represents the consensus of the Crypto Forum > Research Group (CFRG)” to follow the two paragraphs that currently comprise > Section 1.1. > - > > Nit: RFC 8174 updates RFC 2119 and suggests a slightly different > phrasing for the key words section. Suggest updating to use that reference > instead of RFC 2119. > - > > Section 5.4.5 defines bad_y2 = > 2707385501144840649318225287225658788936804267575313519463743609750303402022. > It’s not clear why this particular value was chosen. The discussion at the > end of the section hints at an answer, but I wonder if it should be more > specific? > - > > Section 5.4.5 says “For example, the following algorithm may be > used…”. This seems imprecise. How important is the choice of algorithm? > - > > As a general point, I found that the draft clearly describes the > algorithms to be used, but was less clear in describing when to use each of > them, and what are the trade-offs between the different choices. It may be > worth expanding the Introduction a little to outline applicability of the > different options. > - > > The appendix contains extensive test vectors. Has there been some test > performed to compare these with known-correct outputs, to make sure no > typos have been introduced when preparing the draft? > > Colin Perkins > IRTF Chair >
- [CFRG] IRTF Chair review of draft-irtf-cfrg-vrf-12 Colin Perkins
- Re: [CFRG] IRTF Chair review of draft-irtf-cfrg-v… Leonid Reyzin
- Re: [CFRG] IRTF Chair review of draft-irtf-cfrg-v… Colin Perkins