[Cfrg] Dragonfly has advantages -> was Re: Requesting removal of CFRG co-chair

Paul Lambert <paul@marvell.com> Sat, 04 January 2014 10:53 UTC

Return-Path: <paul@marvell.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com []) by ietfa.amsl.com (Postfix) with ESMTP id 7BD201ADE85 for <cfrg@ietfa.amsl.com>; Sat, 4 Jan 2014 02:53:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.567
X-Spam-Status: No, score=-1.567 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, IP_NOT_FRIENDLY=0.334, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id rBsQZw3rct10 for <cfrg@ietfa.amsl.com>; Sat, 4 Jan 2014 02:53:11 -0800 (PST)
Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com []) by ietfa.amsl.com (Postfix) with ESMTP id 1B3B61ADDD0 for <cfrg@irtf.org>; Sat, 4 Jan 2014 02:53:10 -0800 (PST)
Received: from pps.filterd (m0045851.ppops.net []) by mx0b-0016f401.pphosted.com (8.14.5/8.14.5) with SMTP id s04Ar2UM027348; Sat, 4 Jan 2014 02:53:02 -0800
Received: from sc-owa01.marvell.com ([]) by mx0b-0016f401.pphosted.com with ESMTP id 1h566d7vfx-10 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NOT); Sat, 04 Jan 2014 02:53:01 -0800
Received: from SC-vEXCH2.marvell.com ([]) by SC-OWA01.marvell.com ([]) with mapi; Sat, 4 Jan 2014 02:52:54 -0800
From: Paul Lambert <paul@marvell.com>
To: Trevor Perrin <trevp@trevp.net>, David McGrew <mcgrew@cisco.com>
Date: Sat, 04 Jan 2014 02:52:52 -0800
Thread-Topic: Dragonfly has advantages -> was Re: [Cfrg] Requesting removal of CFRG co-chair
Thread-Index: Ac8JOx4o7pd4QgrnSfm10tWR1siLig==
Message-ID: <CEED247E.2B845%paul@marvell.com>
Accept-Language: en-US
Content-Language: en-US
user-agent: Microsoft-MacOutlook/
acceptlanguage: en-US
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.11.87, 1.0.14, 0.0.0000 definitions=2014-01-04_01:2014-01-03, 2014-01-04, 1970-01-01 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 suspectscore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=7.0.1-1305240000 definitions=main-1401040027
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
Subject: [Cfrg] Dragonfly has advantages -> was Re: Requesting removal of CFRG co-chair
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sat, 04 Jan 2014 10:53:12 -0000

On 1/3/14, 6:43 PM, "Trevor Perrin" <trevp@trevp.net> wrote:


>But there's a bigger picture:  Regardless of timing attacks, Dragonfly
>is inferior to alternatives already standardized

No. The Dragonfly proposal was submitted by Dan as an IPR free
This has considerable value and makes it implementable in consumer

It is also closely related to other work adopted in commercial sytems and
should be pursued as an RFC to ensure it¹s continued vetting.

The discussion has resulted in mitigating risks.  To date I have not seen
any indication that the protocol is Œbroken¹.

I agree that it has more complexity and message exchanges that other
approaches.  These other protocols have NOT been viable to ship in the
products I build.

>or found in the
Please write an RFC then.

>This opinion was well-expressed on the TLS and CFRG mailing lists when
>Dragonfly was proposed.  This opinion was probably shared by many more
>people than expressed it (like me),

I believe that you have expressed your opinion 12 to 15 times on this
list about Dragonfly based on comments and analysis made by other
knowledgeable individuals.

Please let others speak for themselves.


> and was never adequately
>addressed.  By Dec 2012, I assume most people had tuned-out a
>discussion about an non-useful protocol that was proceeding without
>regard to group opinion.
>Cfrg mailing list