Re: [Cfrg] Fwd: Rev RFC 7539?

John Mattsson <john.mattsson@ericsson.com> Wed, 18 January 2017 15:39 UTC

Return-Path: <john.mattsson@ericsson.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2C106129489 for <cfrg@ietfa.amsl.com>; Wed, 18 Jan 2017 07:39:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.221
X-Spam-Level:
X-Spam-Status: No, score=-4.221 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gQUuQ0vJY6-N for <cfrg@ietfa.amsl.com>; Wed, 18 Jan 2017 07:39:34 -0800 (PST)
Received: from sesbmg23.ericsson.net (sesbmg23.ericsson.net [193.180.251.37]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 08F8012948B for <cfrg@irtf.org>; Wed, 18 Jan 2017 07:39:33 -0800 (PST)
X-AuditID: c1b4fb25-9cfc898000002ee9-ea-587f8c34aad4
Received: from ESESSHC021.ericsson.se (Unknown_Domain [153.88.183.81]) by (Symantec Mail Security) with SMTP id 09.12.12009.43C8F785; Wed, 18 Jan 2017 16:39:32 +0100 (CET)
Received: from ESESSMB307.ericsson.se ([169.254.7.134]) by ESESSHC021.ericsson.se ([153.88.183.81]) with mapi id 14.03.0319.002; Wed, 18 Jan 2017 16:39:11 +0100
From: John Mattsson <john.mattsson@ericsson.com>
To: "Paterson, Kenny" <Kenny.Paterson@rhul.ac.uk>, Yoav Nir <ynir.ietf@gmail.com>, IRTF CFRG <cfrg@irtf.org>
Thread-Topic: [Cfrg] Fwd: Rev RFC 7539?
Thread-Index: AQHSbO0yanP4VK3KwkmmPh8qpORx7qE8fSmAgAHrAYA=
Date: Wed, 18 Jan 2017 15:39:10 +0000
Message-ID: <D4A549E8.581FE%john.mattsson@ericsson.com>
References: <46ECD4D0-07BB-4082-82AC-4B2AE656AE09@gmail.com> <A57288FC-C629-472F-8394-DB58C45EEC25@gmail.com> <D4A3AE19.7E167%kenny.paterson@rhul.ac.uk>
In-Reply-To: <D4A3AE19.7E167%kenny.paterson@rhul.ac.uk>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.7.1.161129
x-originating-ip: [153.88.183.150]
Content-Type: text/plain; charset="utf-8"
Content-ID: <9D9FA89B162A1B4991219A2681EFBE0A@ericsson.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprLIsWRmVeSWpSXmKPExsUyM2J7oK5JT32EwblFfBbdPw4yWXTdOclq sfTYByYHZo+ds+6ye0zeeJjN48vrVWwBzFFcNimpOZllqUX6dglcGW0dRxgLLmhXTL/dx9zA eECri5GTQ0LARKJ5+hr2LkYuDiGBdYwS257MY4RwljBKrGk6xAZSxSZgIDF3TwOYLSKQJ7Fq w3IWEFtYQF2i6d9hFoi4hkT3xWdQNVYSx+b/BLNZBFQlPhxbwgpi8wqYSyxpnMMCsWAOo8Tp PwuAEhwcnECJXz/UQWoYBcQkvp9awwRiMwuIS9x6Mp8J4lIBiSV7zjND2KISLx//A5spKqAn sfz5Gqi4ksSK7ZcYQUYyC2hKrN+lDzHGWuJY3x9mCFtRYkr3Q3aIcwQlTs58wjKBUWwWkm2z ELpnIemehaR7FpLuBYysqxhFi1OLk3LTjYz1Uosyk4uL8/P08lJLNjECI+3glt+qOxgvv3E8 xCjAwajEw/uhqT5CiDWxrLgy9xCjBAezkgjvmw6gEG9KYmVValF+fFFpTmrxIUZpDhYlcV6z lffDhQTSE0tSs1NTC1KLYLJMHJxSDYzMfifkt7BGHjg6Z1nWZuNZqttPHNc0fsM6P8Wdb+mK V118pv5rjkfXbnlTmlIlva3Mx6mxe+82hobKhRPe/mv606C4btfxSB+9GSvarjxJy1a3F2k8 ZyTbf97j8yKb+VvtObZKHt6Xq7d09ZpD2x78SjMsXM5a2tFpPqVF/bCMYI5WtV2UaLwSS3FG oqEWc1FxIgAry3/asAIAAA==
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/5kGosrJWXCY6SHar8BrW3BfCc4s>
Subject: Re: [Cfrg] Fwd: Rev RFC 7539?
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Jan 2017 15:39:36 -0000

Hi,

Looks good.


Some comments:

- "RFC 7539, The predecessor of this document, did not introduce any new
   crypto, but was meant to serve as a stable reference and an
   implementation guide.  It was a product of the Crypto Forum Research
   Group (CFRG).  This document merges the errata filed against RFC 7539
   and adds a little text to the Security Considerations section.”

   
   I think "did not introduce new crypto" is wrong (nonce length,
    counter length, key derivation, AEAD etc.), I think the paragraph
    can be shortened to something like:

   "This document merges the errata filed against RFC 7539
    and adds a little text to the Security Considerations section."

- ChaCha20-Poly1305 has several good properties that the draft does not
mention. I think the draft should mention that ChaCha20-Poly1305 is Online
and Parallelizable.

- I think the discussions on TLS, IPsec and PRF distracts and would be
better in a separate section or appendix.


More editorial comments:

- OLD: "RFC 7539, The"
  NEW: "RFC 7539, the"

- The following sentences I think should have references:

- OLD "They have been defined in scientific papers by D. J. Bernstein,
       which are referenced by this document"
  NEW "They have been defined in scientific papers by D. J.
       Bernstein [X][Y]"

- OLD "This follows the use of these terms in Professor Bernstein's
       paper."
  NEW "This follows the use of these terms in Professor Bernstein's
       paper [X]."


- "QUARTERROUND ( 3, 4, 9,14)"
  Spacing around functions are inconsistent (several places).


-       chacha20_block(key, counter, nonce):
         state = constants | key | counter | nonce
         working_state = state
         for i=1 upto 10
            inner_block(working_state)
            end
         state += working_state
         return serialize(state)
         end

  I suggest changing to:
  

        chacha20_block(key, counter, nonce):
         state = constants | key | counter | nonce
         inital_state = state
         for i=1 upto 10
            inner_block(state)
            end
         state += initial_state
         return serialize(state)
         end

  This align with text and make the state parameter to actually be state

- "ChaCha20 block operation" vs "ChaCha20 block operation was applied"
  The two bullets have different text.

  
- "the key"
  Which key?

- OLD "to generate the one-time Poly1305 pseudorandomly"
  NEW "to generate the one-time Poly1305 key pseudorandomly"

- "64-bit cipher" "128-bit cipher" "256-bit cipher"
Could mention that this is block size (not key size)

Cheers,


John

On 2017-01-17, 12:21, "Cfrg on behalf of Paterson, Kenny"
<cfrg-bounces@irtf.org on behalf of Kenny.Paterson@rhul.ac.uk> wrote:

>Dear Yoav,
>
>Thanks for your work on this. Alexey and I have are asking the CFRG review
>panel to take a look at the revised document.
>
>And if anyone else from the CFRG wants to take a look at the document and
>provide comments, that would be great.
>
>Cheers,
>
>Kenny
>
>
>On 12/01/2017 06:24, "Cfrg on behalf of Yoav Nir" <cfrg-bounces@irtf.org
>on behalf of ynir.ietf@gmail.com> wrote:
>
>>Reminder.
>>
>>
>>Is there interest in pushing this forward?
>>
>>
>>Yoav
>>
>>
>>Begin forwarded message:
>>
>>From: Yoav Nir <ynir.ietf@gmail.com>
>>
>>Subject: Re: [Cfrg] Rev RFC 7539?
>>
>>Date: 16 November 2016 at 9:09:11 GMT+2
>>
>>To: Sean Turner <sean@sn3rd.com>
>>
>>Cc: IRTF CFRG <cfrg@irtf.org>
>>
>>
>>Cycles found.
>>
>>
>>Attached please find two files:
>>  1. rfc7539_long.txt is RFC 7539 with page breaks and page numbers
>>removed. 
>> 2. draft-nir-cfrg-rfc7539bis-00.raw.txt
>> is the unpaginated form of the new draft.
>>
>>
>>Couldn’t do much about the boilerplate, but this makes it easy to
>>compare.
>>
>>
>>Yoav
>
>_______________________________________________
>Cfrg mailing list
>Cfrg@irtf.org
>https://www.irtf.org/mailman/listinfo/cfrg