Re: [Cfrg] draft-atkins-suit-cose-walnutdsa on the Independent Stream
Eric Rescorla <ekr@rtfm.com> Mon, 20 January 2020 13:31 UTC
Return-Path: <ekr@rtfm.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 24939120121 for <cfrg@ietfa.amsl.com>; Mon, 20 Jan 2020 05:31:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CPUG5ZewpuOp for <cfrg@ietfa.amsl.com>; Mon, 20 Jan 2020 05:31:10 -0800 (PST)
Received: from mail-lf1-x12b.google.com (mail-lf1-x12b.google.com [IPv6:2a00:1450:4864:20::12b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2617E12011C for <cfrg@irtf.org>; Mon, 20 Jan 2020 05:31:10 -0800 (PST)
Received: by mail-lf1-x12b.google.com with SMTP id y19so24062777lfl.9 for <cfrg@irtf.org>; Mon, 20 Jan 2020 05:31:10 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=GLqbt2W8s/Eu2IyFUyclVVqQdlclv9a5SBfXIV30LQo=; b=YmJG8WRgEBYzdwr1YxoqgUttqQX9WTK7kw4x5HFgpy8FAM0z8kJ+f8upPjH6R7QKrD HB9Z39YG3K1XaiOSQnOuekgcD0jaM6RbnG06CEI51owOv14DmKbb5U69109CnkJrLDub 1iUk+CupnrDaAQ5cJ/cub7m3gljS6SofNn9f88HY7OKxxwcTUUyaJPJbFI31I0Xph9nu oL2fv8kHynr9f+Dam5Fk9dxZ7/RgQUPvTZpxynSh3KqCIuvmbWGeZ/ES3OXUPM9rHzpd yZ5wqpIOZLTla1KsN6ZTOuXn8HhMJDywiNI3Uo9u0O/+m6FPGBm2ENYHjHhduPeKOALr E/Dg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=GLqbt2W8s/Eu2IyFUyclVVqQdlclv9a5SBfXIV30LQo=; b=mHgCzjcRSNk7rUIbDqsaHgdFo7/uo7++QEoKKodwpBK6AvgETwudZJKHkIIVwyeKFd vDHGnGfJjjIGyQSoasPVWHKApGwWad1SHQrIwNaIoiGDWAotU8u3zbibW3hEe69FLkjT 6NunpmIQu/7KQQm15eMXtF6UXQWfjDXyolEbWc7rAGUDzGkEqvvhZy0eZj4U2dpdE/Qg +elydKcRNw8JNq9psoUuwUNAxYcwYHanjbllfUhj4/gXtiuv+WHdl22US6PxOO0Rnx1c 84wIyfsgNyDazYS3BXTndIUSTftUQnnmhRoyCcKZVMutWBzoPTkko7wLGdl+cMGb4uJI c2LQ==
X-Gm-Message-State: APjAAAULM3s47kQ0WlkUGpwqRqpvluu9X0EUt2HoJ0tqTvbwRsJihxRt d98lP2f5T40eZWONHnLmeQAF47BmxkLvVF+jZfM+e/dxmcE=
X-Google-Smtp-Source: APXvYqykFasVz0l3XUzbJ6mZLFuv49rc2AqUFmFSwDzIkwpqhyf69nhWwK5G9sL+RjH1CajVjnqLVNDBaEFHfZ2eK9U=
X-Received: by 2002:a05:6512:284:: with SMTP id j4mr13223602lfp.109.1579527068350; Mon, 20 Jan 2020 05:31:08 -0800 (PST)
MIME-Version: 1.0
References: <087819e292adcd619684ac745a8a243f.squirrel@www.rfc-editor.org> <5F28BE43-1AB5-4CA6-9435-BB841778EBD8@inf.ethz.ch> <c7f97345-f272-4bb6-abed-beaa23814592@www.fastmail.com>
In-Reply-To: <c7f97345-f272-4bb6-abed-beaa23814592@www.fastmail.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Mon, 20 Jan 2020 05:30:32 -0800
Message-ID: <CABcZeBMEZxZnxuk=0YYk85SGCZNRMJ3nbURP459WUUtSJL3_2Q@mail.gmail.com>
To: Martin Thomson <mt@lowentropy.net>
Cc: cfrg <cfrg@irtf.org>
Content-Type: multipart/alternative; boundary="000000000000d28dd2059c924d6f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/8IFFkaQesxlO7-EPrwd6RWSmsWM>
Subject: Re: [Cfrg] draft-atkins-suit-cose-walnutdsa on the Independent Stream
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Jan 2020 13:31:16 -0000
Thanks for the summary, Martin. IMO it is harmful to the Internet for the ISE to publish RFCs containing cryptographic algorithms that have not gathered widespread use or analysis. It just creates confusion in an area where confusion is quite harmful. -Ekr On Sun, Jan 19, 2020 at 8:28 PM Martin Thomson <mt@lowentropy.net> wrote: > As a matter of formality, publication on the Independent Submissions > Stream wouldn't constitute a blessing by the CFRG, the IETF, or anyone > aside. The only blessing comes from from maybe the ISE within the bounds > of that stream. > > Let's say that this is "bad crypto" in the sense that it isn't > demonstrably good. It is the purpose of the Independent Submissions Stream > to occasionally publish dissenting views where the ISE believes that there > is sufficient benefit from doing so. So the question we might ask is: is > there any benefit to having this particular mechanism documented? > > If this were widely-deployed not-good crypto, that might change the > situation, but the potential for harm in terms of misunderstanding the > status of the mechanism seems significant enough to argue for not > publishing even then. In my view. But, as ISE, that is Adrian's choice > and Adrian's choice alone. > > I don't particularly like this situation, but that is the price the IETF > community previously decided to pay in return for having an outlet for > dissenting opinions on its proceedings and outputs. It's also a very > divisive issue where there is not universal agreement about either the > value of the outlet or the constraints under which it operates. > > On Mon, Jan 20, 2020, at 09:25, Paterson Kenneth wrote: > > Hi Adrian, > > > > I'm no longer a CFRG chair so I can say exactly what I think now :-) > > > > I don't think CFRG should "bless" any draft concerning the WalnutDSA > > scheme. Notably, this algorithm did not pass to the second round in the > > NIST competition due to the significant cryptanalysis that it suffered > > from prior to and in the early stages of the competition. > > > > It may be that the proposers of this algorithm are able to avoid all > > currently known attacks by setting parameters carefully, and through > > extensive modifications to the scheme. But the scheme's history does > > not inspire confidence. Moreover, my strong sense is that serious > > cryptanalysts have stopped working on it simply because it did not pass > > to the second round (put another way, they successfully killed it in > > the first round). > > > > Best wishes, > > > > Kenny > > > > > > -- > > Kenny Paterson > > Applied Cryptography Group > > > > ETH Zurich, Computer Science Dept. > > Universitätstrasse 6, CNB E 104.2 > > CH-8092 Zurich > > > > tel. +41 44 632 32 52 > > www.appliedcrypto.ethz.ch > > > > -----Original Message----- > > From: Cfrg <cfrg-bounces@irtf.org> on behalf of "RFC ISE (Adrian > > Farrel)" <rfc-ise@rfc-editor.org> > > Reply to: "rfc-ise@rfc-editor.org" <rfc-ise@rfc-editor.org> > > Date: Sunday, 19 January 2020 at 22:55 > > To: "cfrg@irtf.org" <cfrg@irtf.org> > > Cc: "draft-atkins-suit-cose-walnutdsa@ietf.org" > > <draft-atkins-suit-cose-walnutdsa@ietf.org>, Adrian Farrel > > <rfc-ise@rfc-editor.org> > > Subject: [Cfrg] draft-atkins-suit-cose-walnutdsa on the Independent > > Stream > > > > Hi CFRG, > > > > Derek Atkins has presented draft-atkins-suit-cose-walnutdsa to me for > > publication as an Independent Submission Informational RFC. > > > > I think this is the sort of draft that would benefit from the CFRG's > > wisdom and would appreciate any reviews or guidance that you're able > to > > give. > > > > The latest version of the draft can be found at > > https://datatracker.ietf.org/doc/draft-atkins-suit-cose-walnutdsa/ > > > > If you could cc me on any discussions (or send them off list) that > would > > be helpful. > > > > Many thanks, > > Adrian > > -- > > Adrian Farrel (ISE), > > rfc-ise@rfc-editor.org > > > > _______________________________________________ > > Cfrg mailing list > > Cfrg@irtf.org > > https://www.irtf.org/mailman/listinfo/cfrg > > > > > > _______________________________________________ > > Cfrg mailing list > > Cfrg@irtf.org > > https://www.irtf.org/mailman/listinfo/cfrg > > > > _______________________________________________ > Cfrg mailing list > Cfrg@irtf.org > https://www.irtf.org/mailman/listinfo/cfrg >
- [Cfrg] draft-atkins-suit-cose-walnutdsa on the In… RFC ISE (Adrian Farrel)
- Re: [Cfrg] draft-atkins-suit-cose-walnutdsa on th… Paterson Kenneth
- Re: [Cfrg] draft-atkins-suit-cose-walnutdsa on th… Martin Thomson
- Re: [Cfrg] draft-atkins-suit-cose-walnutdsa on th… Eric Rescorla
- Re: [Cfrg] draft-atkins-suit-cose-walnutdsa on th… Stephen Farrell
- Re: [Cfrg] draft-atkins-suit-cose-walnutdsa on th… Eric Rescorla
- Re: [Cfrg] draft-atkins-suit-cose-walnutdsa on th… Derek Atkins