Re: [Cfrg] Fwd: Rev RFC 7539?
John Mattsson <john.mattsson@ericsson.com> Wed, 18 January 2017 15:39 UTC
Return-Path: <john.mattsson@ericsson.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2C106129489 for <cfrg@ietfa.amsl.com>; Wed, 18 Jan 2017 07:39:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.221
X-Spam-Level:
X-Spam-Status: No, score=-4.221 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gQUuQ0vJY6-N for <cfrg@ietfa.amsl.com>; Wed, 18 Jan 2017 07:39:34 -0800 (PST)
Received: from sesbmg23.ericsson.net (sesbmg23.ericsson.net [193.180.251.37]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 08F8012948B for <cfrg@irtf.org>; Wed, 18 Jan 2017 07:39:33 -0800 (PST)
X-AuditID: c1b4fb25-9cfc898000002ee9-ea-587f8c34aad4
Received: from ESESSHC021.ericsson.se (Unknown_Domain [153.88.183.81]) by (Symantec Mail Security) with SMTP id 09.12.12009.43C8F785; Wed, 18 Jan 2017 16:39:32 +0100 (CET)
Received: from ESESSMB307.ericsson.se ([169.254.7.134]) by ESESSHC021.ericsson.se ([153.88.183.81]) with mapi id 14.03.0319.002; Wed, 18 Jan 2017 16:39:11 +0100
From: John Mattsson <john.mattsson@ericsson.com>
To: "Paterson, Kenny" <Kenny.Paterson@rhul.ac.uk>, Yoav Nir <ynir.ietf@gmail.com>, IRTF CFRG <cfrg@irtf.org>
Thread-Topic: [Cfrg] Fwd: Rev RFC 7539?
Thread-Index: AQHSbO0yanP4VK3KwkmmPh8qpORx7qE8fSmAgAHrAYA=
Date: Wed, 18 Jan 2017 15:39:10 +0000
Message-ID: <D4A549E8.581FE%john.mattsson@ericsson.com>
References: <46ECD4D0-07BB-4082-82AC-4B2AE656AE09@gmail.com> <A57288FC-C629-472F-8394-DB58C45EEC25@gmail.com> <D4A3AE19.7E167%kenny.paterson@rhul.ac.uk>
In-Reply-To: <D4A3AE19.7E167%kenny.paterson@rhul.ac.uk>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.7.1.161129
x-originating-ip: [153.88.183.150]
Content-Type: text/plain; charset="utf-8"
Content-ID: <9D9FA89B162A1B4991219A2681EFBE0A@ericsson.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprLIsWRmVeSWpSXmKPExsUyM2J7oK5JT32EwblFfBbdPw4yWXTdOclq sfTYByYHZo+ds+6ye0zeeJjN48vrVWwBzFFcNimpOZllqUX6dglcGW0dRxgLLmhXTL/dx9zA eECri5GTQ0LARKJ5+hr2LkYuDiGBdYwS257MY4RwljBKrGk6xAZSxSZgIDF3TwOYLSKQJ7Fq w3IWEFtYQF2i6d9hFoi4hkT3xWdQNVYSx+b/BLNZBFQlPhxbwgpi8wqYSyxpnMMCsWAOo8Tp PwuAEhwcnECJXz/UQWoYBcQkvp9awwRiMwuIS9x6Mp8J4lIBiSV7zjND2KISLx//A5spKqAn sfz5Gqi4ksSK7ZcYQUYyC2hKrN+lDzHGWuJY3x9mCFtRYkr3Q3aIcwQlTs58wjKBUWwWkm2z ELpnIemehaR7FpLuBYysqxhFi1OLk3LTjYz1Uosyk4uL8/P08lJLNjECI+3glt+qOxgvv3E8 xCjAwajEw/uhqT5CiDWxrLgy9xCjBAezkgjvmw6gEG9KYmVValF+fFFpTmrxIUZpDhYlcV6z lffDhQTSE0tSs1NTC1KLYLJMHJxSDYzMfifkt7BGHjg6Z1nWZuNZqttPHNc0fsM6P8Wdb+mK V118pv5rjkfXbnlTmlIlva3Mx6mxe+82hobKhRPe/mv606C4btfxSB+9GSvarjxJy1a3F2k8 ZyTbf97j8yKb+VvtObZKHt6Xq7d09ZpD2x78SjMsXM5a2tFpPqVF/bCMYI5WtV2UaLwSS3FG oqEWc1FxIgAry3/asAIAAA==
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/5kGosrJWXCY6SHar8BrW3BfCc4s>
Subject: Re: [Cfrg] Fwd: Rev RFC 7539?
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Jan 2017 15:39:36 -0000
Hi, Looks good. Some comments: - "RFC 7539, The predecessor of this document, did not introduce any new crypto, but was meant to serve as a stable reference and an implementation guide. It was a product of the Crypto Forum Research Group (CFRG). This document merges the errata filed against RFC 7539 and adds a little text to the Security Considerations section.” I think "did not introduce new crypto" is wrong (nonce length, counter length, key derivation, AEAD etc.), I think the paragraph can be shortened to something like: "This document merges the errata filed against RFC 7539 and adds a little text to the Security Considerations section." - ChaCha20-Poly1305 has several good properties that the draft does not mention. I think the draft should mention that ChaCha20-Poly1305 is Online and Parallelizable. - I think the discussions on TLS, IPsec and PRF distracts and would be better in a separate section or appendix. More editorial comments: - OLD: "RFC 7539, The" NEW: "RFC 7539, the" - The following sentences I think should have references: - OLD "They have been defined in scientific papers by D. J. Bernstein, which are referenced by this document" NEW "They have been defined in scientific papers by D. J. Bernstein [X][Y]" - OLD "This follows the use of these terms in Professor Bernstein's paper." NEW "This follows the use of these terms in Professor Bernstein's paper [X]." - "QUARTERROUND ( 3, 4, 9,14)" Spacing around functions are inconsistent (several places). - chacha20_block(key, counter, nonce): state = constants | key | counter | nonce working_state = state for i=1 upto 10 inner_block(working_state) end state += working_state return serialize(state) end I suggest changing to: chacha20_block(key, counter, nonce): state = constants | key | counter | nonce inital_state = state for i=1 upto 10 inner_block(state) end state += initial_state return serialize(state) end This align with text and make the state parameter to actually be state - "ChaCha20 block operation" vs "ChaCha20 block operation was applied" The two bullets have different text. - "the key" Which key? - OLD "to generate the one-time Poly1305 pseudorandomly" NEW "to generate the one-time Poly1305 key pseudorandomly" - "64-bit cipher" "128-bit cipher" "256-bit cipher" Could mention that this is block size (not key size) Cheers, John On 2017-01-17, 12:21, "Cfrg on behalf of Paterson, Kenny" <cfrg-bounces@irtf.org on behalf of Kenny.Paterson@rhul.ac.uk> wrote: >Dear Yoav, > >Thanks for your work on this. Alexey and I have are asking the CFRG review >panel to take a look at the revised document. > >And if anyone else from the CFRG wants to take a look at the document and >provide comments, that would be great. > >Cheers, > >Kenny > > >On 12/01/2017 06:24, "Cfrg on behalf of Yoav Nir" <cfrg-bounces@irtf.org >on behalf of ynir.ietf@gmail.com> wrote: > >>Reminder. >> >> >>Is there interest in pushing this forward? >> >> >>Yoav >> >> >>Begin forwarded message: >> >>From: Yoav Nir <ynir.ietf@gmail.com> >> >>Subject: Re: [Cfrg] Rev RFC 7539? >> >>Date: 16 November 2016 at 9:09:11 GMT+2 >> >>To: Sean Turner <sean@sn3rd.com> >> >>Cc: IRTF CFRG <cfrg@irtf.org> >> >> >>Cycles found. >> >> >>Attached please find two files: >> 1. rfc7539_long.txt is RFC 7539 with page breaks and page numbers >>removed. >> 2. draft-nir-cfrg-rfc7539bis-00.raw.txt >> is the unpaginated form of the new draft. >> >> >>Couldn’t do much about the boilerplate, but this makes it easy to >>compare. >> >> >>Yoav > >_______________________________________________ >Cfrg mailing list >Cfrg@irtf.org >https://www.irtf.org/mailman/listinfo/cfrg
- [Cfrg] Rev RFC 7539? Yoav Nir
- Re: [Cfrg] Rev RFC 7539? Eric Rescorla
- Re: [Cfrg] Rev RFC 7539? Alexey Melnikov
- Re: [Cfrg] Rev RFC 7539? John Mattsson
- Re: [Cfrg] Rev RFC 7539? Sean Turner
- Re: [Cfrg] Rev RFC 7539? Yoav Nir
- [Cfrg] Fwd: Rev RFC 7539? Yoav Nir
- Re: [Cfrg] Fwd: Rev RFC 7539? Paterson, Kenny
- Re: [Cfrg] Fwd: Rev RFC 7539? John Mattsson
- Re: [Cfrg] Fwd: Rev RFC 7539? Russ Housley
- Re: [Cfrg] Fwd: Rev RFC 7539? Stanislav V. Smyshlyaev
- Re: [Cfrg] Fwd: Rev RFC 7539? Blumenthal, Uri - 0553 - MITLL
- Re: [Cfrg] Rev RFC 7539? Paterson, Kenny