IETF Logo Mail Archive

Re: [CFRG] Adoption Call: Guidelines for Writing Cryptography Specifications

Kai Mindermann <kai.mindermann@ic-consult.com> Tue, 13 June 2023 12:38 UTC

Return-Path: <kai.mindermann@ic-consult.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BBDF9C14CE4C for <cfrg@ietfa.amsl.com>; Tue, 13 Jun 2023 05:38:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.098
X-Spam-Level:
X-Spam-Status: No, score=-7.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ic-consult.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Wav9JKo_HICv for <cfrg@ietfa.amsl.com>; Tue, 13 Jun 2023 05:38:05 -0700 (PDT)
Received: from EUR03-AM7-obe.outbound.protection.outlook.com (mail-am7eur03on2120.outbound.protection.outlook.com [40.107.105.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 82637C14CE2E for <cfrg@ietf.org>; Tue, 13 Jun 2023 05:38:03 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ZRKeYCuiJG1i6qGC/nPZwnOYXYZ5AlKj9B+VfVt10mNTzT1tHdUlrEs4vfpwk1NTZ3UrsjKcVEm78p9ss6cf+IIVcxaEMafX1MdGMW38jsb+nMohDTRzZIlGU0w2PiHkjvvBBZTF+m1EPFRaQZZuPiM5plZVPWAu/PEpg5D//PZuZ/PjG2UUv7UvEutHA4o1WlVtfL8GFhvq0y5IB3z6TcRw6mL2KNmDOsgVYhycfmCwoD5mw0XJ7/uFwYnKij2ZsA1y9mDE2jlQ4XJyU353fVgey5woWAcg9WlpV1dsJfU0s5j1NMDT3RlDdcCmsfV9b4BhQqBSIyk2SuVr5nFZxg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=EQqv3QexUYtULo33QWCflKIkUwm4UySa+XrcQsL8LK4=; b=Ycv27cW3sGxaoRktonsIKScjkdZ1xIBFasJfv547pDX39IANeDXy+kgE7OuPb8YyPGXmN6hFC18rG5ks7o3F4HflXe6HNXkFYUDioqnoy6Rs27OrGJJtQeGsYQ2XTfhbbXFH3SffZpnmQ+joBjJbmFaXjc1lO3CwSZ0QZg1Hg1iiqTZX14ndJF8p+60aGSMV1DibFvZDi0mV723pkVU8GpEtd68t+HDwM4aQD3os7m+CEFy84wHcw3jHO3FB5v+CIokjjeWUxSiB88FXjTkx0O1YSOYqok0eJwCJvg7LdvdRf1gaQJUsAn6zduSfA+xps6XuHkCM66RVEvtRcdnlCA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ic-consult.com; dmarc=pass action=none header.from=ic-consult.com; dkim=pass header.d=ic-consult.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ic-consult.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=EQqv3QexUYtULo33QWCflKIkUwm4UySa+XrcQsL8LK4=; b=QozScWG50+BRcT0ddalZVv7XWtvk9OxB2p7xWikyY7k8bXqgD/qoQEK/KExksd3mCUuYBuLKU7t2Z7978SrfSbo3sXYtK7UQSgP/FX4pv1rkpMkZ+r0EQ3ZwcHGJ3FQB5t+JS/9MfR4kQiwcZG/+1awK4UiTDKIehhZqX977iA6lOQStDC2+Q4Em7Gz3/P8awQpwBPs0lQNEn6VDSZLKXm1qNF5qpqZftH3JGj/MbtKSMG8IJnACgbfEsm8pzlI6hLPplu0/9wX+Aq1KMjSBJgcC2Cz7mOeR38cDhVbjlsRBB8mkw7oRZj6IJGi4rifjdToVZZwu8qNISJxIMDD3MA==
Received: from AM9P194MB1265.EURP194.PROD.OUTLOOK.COM (2603:10a6:20b:3a9::10) by DBBP194MB1001.EURP194.PROD.OUTLOOK.COM (2603:10a6:10:1ea::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6477.29; Tue, 13 Jun 2023 12:38:01 +0000
Received: from AM9P194MB1265.EURP194.PROD.OUTLOOK.COM ([fe80::9fec:155b:583e:6d7]) by AM9P194MB1265.EURP194.PROD.OUTLOOK.COM ([fe80::9fec:155b:583e:6d7%4]) with mapi id 15.20.6477.028; Tue, 13 Jun 2023 12:38:00 +0000
From: Kai Mindermann <kai.mindermann@ic-consult.com>
To: "<cfrg@ietf.org>" <cfrg@ietf.org>
Thread-Topic: [CFRG] Adoption Call: Guidelines for Writing Cryptography Specifications
Thread-Index: AQHZlREhns11iBO8o0GZu5MDa/DZKa+ItsDQ
Date: Tue, 13 Jun 2023 12:38:00 +0000
Message-ID: <AM9P194MB126520433E9EFAA529041711B655A@AM9P194MB1265.EURP194.PROD.OUTLOOK.COM>
References: <CAMr0u6=oLzn1SzzuO5X4aLw2neRf=bqMJpMOB4h3ERTO4Ao-WA@mail.gmail.com>
In-Reply-To: <CAMr0u6=oLzn1SzzuO5X4aLw2neRf=bqMJpMOB4h3ERTO4Ao-WA@mail.gmail.com>
Accept-Language: de-DE, en-US
Content-Language: de-DE
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_8c03c5b4-cdb1-4af6-a3a7-6ba071b42a99_ActionId=4ace1260-4fa8-4182-ac6a-3ad7459c7376; MSIP_Label_8c03c5b4-cdb1-4af6-a3a7-6ba071b42a99_ContentBits=0; MSIP_Label_8c03c5b4-cdb1-4af6-a3a7-6ba071b42a99_Enabled=true; MSIP_Label_8c03c5b4-cdb1-4af6-a3a7-6ba071b42a99_Method=Standard; MSIP_Label_8c03c5b4-cdb1-4af6-a3a7-6ba071b42a99_Name=Public; MSIP_Label_8c03c5b4-cdb1-4af6-a3a7-6ba071b42a99_SetDate=2023-06-13T12:13:20Z; MSIP_Label_8c03c5b4-cdb1-4af6-a3a7-6ba071b42a99_SiteId=3ac65224-61ae-43a3-b5af-f6da3cac486c;
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ic-consult.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: AM9P194MB1265:EE_|DBBP194MB1001:EE_
x-ms-office365-filtering-correlation-id: 2557538a-a2d3-447b-824f-08db6c0b063b
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: CD7X5GPLvKk1uDI6jvFmYU+nOJad+2fo1WtGW9Lk2a5/nyoStasrcBUxsYNx7BNLPnhrKCsiWyjj9Yvvc7QqBAZpvU8WPRcCHBDx7wge6SnQP/jHuogrOpg9bUj0SlwNGAfAguRgimifAowQDwwC/W9gpyLjMXWolDtdYc+gK50NFbpDhzmZe3hsCg5xXD6aQg5u7WIZldLFHd6Ab5TwKfQYt/yt6WijiQoH7+uPN2prweNcexsCJ0ErwtIOrEHq78fdhlifqiJM/O58UnI1oDFjAsMc+kUO9SRe+QyKwKgI3IbE6wdou1PdQmYiL3SU8bJS3FROE8mT7a3pbjWx4BtBTFcGUYIJKLwv5lMWmiRFxdhBqwcmQFueml6aSolshd95G6TTrUzrLOwZdf0NBqcplvkeSwV389d7umOL5MedfCqqZQvUkGJQQuq6qmh7Bv1xIK6f9qCnO9U4FIPHPz+tH01bpmPqHlzWLkZLOZna6jkDis60ulp3IASt0fFx3HkPwZ59urSXLHEFEkewCdmyOpDVCgU8n9D/shdpPdDZ7gRzMcSuXCU0QEropC0enqW468sKwNIEsz4aOpMW+8qEV+WozYQIlCSH2cEIcEREJkw/wEi7RAWaeA4BSnZM
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM9P194MB1265.EURP194.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230028)(4636009)(376002)(366004)(39850400004)(346002)(396003)(136003)(451199021)(41300700001)(7696005)(316002)(966005)(5660300002)(52536014)(64756008)(71200400001)(66446008)(66946007)(76116006)(478600001)(19627235002)(8676002)(66556008)(8936002)(66476007)(38070700005)(86362001)(9686003)(186003)(66574015)(166002)(38100700002)(6506007)(33656002)(122000001)(2906002)(44832011)(83380400001)(55016003)(491001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: xoAn+ezhO7FUrVuvf6PwgjOPYHXKps/Gfk+2S2DJ1DiwpynCeqlIF+ukPNVNUDhI/x000Qdidyp66TC89BptgYK9x1jWte+HdcaqLx37BJt+CsQqq08cqa1aq95QgTBvIOWiVsypzz6LzV72fwk2h+yS7Ikyd2sy9a3Bp6HCFYflUKgI11IeMpS24hBrsuaf/JX37c3hRnV+YhQASsmcBeuCGroJr4vH0/GBCl79YsNQB/UIg4DVK4vJaGdWrbyGeJDePiBkuC1JTAjxb4C4I6XjGLGj+qGxb+ikz9/nE0y0ItcIjjWbl8wC1jiDNWML+SPrKm4EouJOHVaSvMMPjQomL8qEot6H6OAIVIWWBf/hXFYpNfzqHpYb5++I/7dc0tVJl5WYNSQDjWNLhxwTJ1KTOW06lrqb8tGXyOYmyP1J+UVG2EjDRN2821X5xSVvNdWdPF5MZTLqYQYHb/IA+t5Epay3OtIbL7YzRxAwofzIWCnmkgSzQPWqC1A1YKHLSLxGDO2a3KFLS2slIF9qjrgd4bKrbbFBnhxzf5EwQevK+fN0av39cJEoWtoJJA0mtPegwe3bDYqZZaerY6s8rb3bWj0mFgPYO4BCUTwbOr0PabN7whs2FheaU3R32rGIDrbASaXUxbS6eEGhQm+wTBromJBCEqE3mZhjyDyNPa3SuB1YhfRMYoM81EwLFHkQs00YhvhOP8Dphcwc92QDfuPhc+nzOgA8xqUUtytJWT7aL+XpTF9aMHvqXjJRGArPA603zA6ABL4sHzuaGxr8cjtMBr2IEZZSIt0x+tylhRCB2yOhVXtEqjnzgXK7HRt7ZbQ5o6pxBUdeovxJ+nePXFRvQzQWWC3gbg/fzTQYRjWroGtykHPFoKZ1TGxY4iLJj8jS2XDbOAoTOvBvGl2ajgSHM/SUp0uNIIrrRqBKRM6nJozpshHJ1rL89GhdH+BkrXotX9CxO4ovIIAxKnoer+Tfpi1l3j5m0SVK0XttF4GFOm4o+6ObT3lGk9Wn+uMJQ8EFK1pCAxc8SUzWNJAZy0iHeCenRDgojHcmIb3qI8YAWLNy1dAbg5XrPfwVKkDnHSXhBD97oYP39it28PeOuAg6DiftqnKQx/aglvK9fqCl2FV1+BZUI5gCtu210pkkjL9iBYwe0zz5ii7Rm5lo1TJWAjvV/lHE2hy6l7KFyboKbd/g29wCGMT4+ko58kxkj72mnhOCyG8QOKvFxLO/Yuez5YgOj1FORz2vAtdY3ap3zeDdHzhhe3NK/ezMLphTvaHjUlhxWxCwojtkUjSmdaZnhZZDxjRkohLll2+hibA/YtKMXPM1L+zX9EZ0TjyoFmxPr6cGhppZAPF7gXBY7nv03qSiB5W5v2/8xua7RlBe3Vw5uvfCbc2dVlbYCoAuOotAdYQBiH8YzANSFzXtyuKn54SYtl0rXzqepjVVxC2KoKKA2Zx1D/9NBRmB7J8eoh3yT9z/xAKqbLXFXPmhqB/c3X/R11yHKVPdvdvgYdS4kgjud/L3ugNmpN5N9gFsV76l1qidPi+yelkVrhiX96UGOCZcZoC90DMlaJqB95WWklZZP/BJVEgdg+i2YflGTvYL5H8kzfPnoLBDiaInK9k1uhgQ65flnsFrD1gG8adnjDpDcWsSPGziYkKxxbDMI+8jBQSQ19agO6KArG56EQ==
Content-Type: multipart/alternative; boundary="_000_AM9P194MB126520433E9EFAA529041711B655AAM9P194MB1265EURP_"
MIME-Version: 1.0
X-OriginatorOrg: ic-consult.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: AM9P194MB1265.EURP194.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 2557538a-a2d3-447b-824f-08db6c0b063b
X-MS-Exchange-CrossTenant-originalarrivaltime: 13 Jun 2023 12:38:00.7927 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 3ac65224-61ae-43a3-b5af-f6da3cac486c
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: IxKMtAGM8KxCwrcyMZs0v2dr1yBTnLR20IsKsn4AyFc4V3ia0gjT8r+CuWsRy6qdxAwiyw6I4nOGq7E77O7hRuq/iMM9ljUtVeK/kX8OdGY=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DBBP194MB1001
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/EKTCYRkFoJ_yCM36ePT2ZYgUz1c>
Subject: Re: [CFRG] Adoption Call: Guidelines for Writing Cryptography Specifications
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Jun 2023 12:38:09 -0000

Hi,

I like the idea and the approach! Thanks and already looking forward to the next draft 😊

Here are my first thoughts on it:

  *   Many of the guidelines/tips are very high-level and general and good! Yet, they lack concrete dos and don’ts like examples. (Yes, there is an overall example of ONE good RFC and ONE not so good one 😉)
  *   Also, the structuring is a lot of text. Bullet points for things to DO and things NOT to do would make it faster to go through or copy paste into a new draft as TODO items, like a checklist
  *   In general the tips are useful but can be more useful if they don’t leave decisions to think about:
     *   E.g. “Establish a consistent terminology: Develop a clear and consistent set of terms and definitions that will be used throughout the document.”
     *   =>
     *   Use terms exactly with the meaning defined in: RFC4949 and (etc, other standards that defined terminology). Only define a term differently if you absolutely need to.
  *   One of the biggest obstacles for implementation is the parameter choices. I’d like to see a section in every crypto algorithm RFC devoted to only that. Like what are the input parameters and how do I choose them. Especially providing reasonable default sets of parameters. (As its especially difficult to understand the relation and influences of one parameter choice on the others).
  *   This also leads to specifying the corresponding standardized algorithm and parameter identifiers like for example for CBOR, TLS etc. Like there shouldn’t be a separate specification for adding those sets to an IANA registry after the fact, it should be included right with the algorithm description. Experts can still choose what they want, but this would make implementation much easier and more secure from the source of this algorithm, the specification. Preventing all the other blog posts and “documentation” that will get the combination/choice of parameters wrong.

CBOR Object Signing and Encryption (COSE)<https://www.iana.org/assignments/cose/cose.xhtml>

AEAD Algorithms<https://www.iana.org/assignments/aead-parameters/aead-parameters.xhtml>

Named Information Hash Registry<https://www.iana.org/assignments/named-information/named-information.xhtml#hash-alg>

https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-4



  *   Maybe a single registry would be nice, but not achievable because of the different use cases….
  *   Maybe a template for a cryptography RFC would be a separate output of work on this RFC 😊

A hint to the authors, you can have a look for more concrete formulations of previous ideas in the draft for the Secure Crypto Config: https://datatracker.ietf.org/doc/draft-kaimindermann-securecryptoconfig/

[RFC4949]
Shirey, R., "Internet Security Glossary, Version 2", FYI 36, RFC 4949, DOI 10.17487/RFC4949, August 2007, <https://www.rfc-editor.org/info/rfc4949>


Mit freundlichen Grüßen / Best regards
Kai Mindermann

--
Kai Mindermann
Senior Consultant, Technology Strategist
M +49 1512 1054730

kai.mindermann@ic-consult.com<mailto:kai.mindermann@ic-consult.com>
www.ic-consult.com<https://www.ic-consult.com/>

iC Consult Gesellschaft für Systemintegration und Kommunikation mbH
Standort: Zettachring 8a | 70567 Stuttgart | Germany
Verwaltung: Huyssenallee 99-103 | 45128 Essen | Germany
Geschäftsführer: Dr. Andreas Neumann
HRB 116170 Amtsgericht München

Von: CFRG <cfrg-bounces@irtf.org> Im Auftrag von Stanislav V. Smyshlyaev
Gesendet: Freitag, 2. Juni 2023 07:14
An: <cfrg@ietf.org> <cfrg@ietf.org>
Cc: cfrg-chairs@ietf.org
Betreff: [CFRG] Adoption Call: Guidelines for Writing Cryptography Specifications

Dear CFRG participants,

This message is starting 3 weeks adoption call on "Guidelines for Writing Cryptography Specifications" draft, draft-sullivan-cryptography-specification-00 (https://datatracker.ietf.org/doc/draft-sullivan-cryptography-specification/) that will end on June 23rd 2023.

Please send your feedback in reply to this email or directly to CFRG chairs <cfrg-chairs@ietf.org><mailto:cfrg-chairs@ietf.org>.

Best regards,
Stanislav (for CFRG chairs)

v2.23.0 | Report a Bug | By Email