IETF Logo Mail Archive

Re: [Cfrg] would it be a good idea for CFRG to try review algorithm documents?

Stephen Farrell <stephen.farrell@cs.tcd.ie> Thu, 10 December 2015 09:58 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 73B361A88BC for <cfrg@ietfa.amsl.com>; Thu, 10 Dec 2015 01:58:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.311
X-Spam-Level:
X-Spam-Status: No, score=-4.311 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id I-Ph_u7TKpgz for <cfrg@ietfa.amsl.com>; Thu, 10 Dec 2015 01:58:18 -0800 (PST)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DD2111A88B3 for <Cfrg@irtf.org>; Thu, 10 Dec 2015 01:58:17 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id A9C1ABE64; Thu, 10 Dec 2015 09:58:13 +0000 (GMT)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sQnG2P0eHVeQ; Thu, 10 Dec 2015 09:58:09 +0000 (GMT)
Received: from [10.0.10.19] (unknown [212.76.224.242]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 30BDABE49; Thu, 10 Dec 2015 09:58:09 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1449741489; bh=TeO9plKEu/B6G13J299JiP1B3s3oEc3/Pbg9X40Euxk=; h=Subject:To:References:Cc:From:Date:In-Reply-To:From; b=QSqmxmKUQ08BYCKq7cUxMiUW1FcbFpRNdxXSkLrIz4PSK8oWYoQTVvMPGwWsSHA7j 5+dH3PucoJKLbNDZ/cjPjq1JoIzmbu7JXDQGsfW+V8QKGDr7crltnaCERdBOR7m6cM Vg5B8DTZ9x0P9mbpdrNJ0AVEQxRt3bs6L5zM+Ns8=
To: Yoav Nir <ynir.ietf@gmail.com>
References: <5668D26F.2020200@cs.tcd.ie> <5668D7A3.1070103@cs.tcd.ie> <A03EFDDF-DDA7-49E0-B0F4-64B50D0BB8EF@gmail.com>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Openpgp: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url=
Message-ID: <56694CB0.4020503@cs.tcd.ie>
Date: Thu, 10 Dec 2015 09:58:08 +0000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.4.0
MIME-Version: 1.0
In-Reply-To: <A03EFDDF-DDA7-49E0-B0F4-64B50D0BB8EF@gmail.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/cfrg/BBB4Th6u_kZTtJICjJ0y2P3UQGc>
Cc: "cfrg@irtf.org" <Cfrg@irtf.org>, Nevil Brownlee <rfc-ise@rfc-editor.org>
Subject: Re: [Cfrg] would it be a good idea for CFRG to try review algorithm documents?
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Dec 2015 09:58:20 -0000

Hiya,

On 10/12/15 09:25, Yoav Nir wrote:
> Hi, Stephen.
> 
>> On 10 Dec 2015, at 3:38 AM, Stephen Farrell
>> <stephen.farrell@cs.tcd.ie> wrote:
>> 
>> 
>> But as a non-cryptographer, I'd be happier if in future things like
>> this (or non-national "vanity" algorithm descriptions) had gotten
>> some review from CFRG, however I'm not sure if folks here would be
>> generally willing to do that kind of review.
> 
> The kind of review you might get in an IETF WG or in a IRTF RG is
> somewhere between a few hours to a few days of work from several
> people.
> 
> That is likely enough to review some vanity crypto that someone
> thought up all by himself (example: [1]). It is not enough for a full
> analysis of cryptography that actually works. The draft you are
> talking about is GOST crypto. GOST has a team of good cryptographers
> working full-time on these algorithms. I doubt a cursory review by
> this list could find any new weaknesses. We might be able to point at
> previous work published about such an algorithm, or point out that
> the block cipher uses a 64-bit block. But I don’t think it’s likely
> to find new stuff.

Agreed.

Pointing at previous work that affects how to sensibly use an
algorithm in IETF protocols, or spotting details that are badly
documented, would be what we're after here, not new cryptanalytic
results. (If someone had those, and was gonna publish, they'd
publish elsewhere for sure.)

The reason I think that could be valuable though is that I do
think there's expertise on this list that's not available in
the IETF and I'd like to avoid a situation where cryptographers
come back to us some years later saying "WTF!!? the IETF has said
how to use <foo> for <bar>, but <biffle et al> showed years ago
that that's only safe for 2^N packets and the <blah> setting
has to be <fuffle>."

I figure it's reasonably likely that the proponents of the
<foo> algorithm might omit such details, not out of
crypto-badness but just for normal human-nature reasons or
because they assume that everyone using <foo> should know
that already.

Cheers,
S.




> 
> Yoav
> 
> [1] http://www.ietf.org/mail-archive/web/cfrg/current/msg06805.html
>

v2.23.0 | Report a Bug | By Email