[Cfrg] CFRG Crypto Panel review: draft-krovetz-ocb-wideblock-00
Yaron Sheffer <yaronf.ietf@gmail.com> Sun, 24 March 2019 17:31 UTC
Return-Path: <yaronf.ietf@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 15DBF1200ED for <cfrg@ietfa.amsl.com>; Sun, 24 Mar 2019 10:31:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.276
X-Spam-Level:
X-Spam-Status: No, score=-1.276 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, MIME_HTML_ONLY=0.723, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bA9QFHK7a-II for <cfrg@ietfa.amsl.com>; Sun, 24 Mar 2019 10:31:40 -0700 (PDT)
Received: from mail-wm1-x329.google.com (mail-wm1-x329.google.com [IPv6:2a00:1450:4864:20::329]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 61EB21200D7 for <cfrg@irtf.org>; Sun, 24 Mar 2019 10:31:40 -0700 (PDT)
Received: by mail-wm1-x329.google.com with SMTP id y197so6686500wmd.0 for <cfrg@irtf.org>; Sun, 24 Mar 2019 10:31:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=to:from:subject:message-id:date:user-agent:mime-version :content-language:content-transfer-encoding; bh=8Q4C0glZYwsut52PdSeb72ScWwRuEVhdAwj8EZnBsgE=; b=f763rkDJ1IM57ZLd6Mb8DM9Ayp3uYEscsaCcvnSxb2tOtD+PTzFr8x+/1d29Xey8Qk G24VYv2dFx12MXrM/d6tcz0RadQLZk9iYfxoYhxPpTh/rTwinrEF8d7q/qv9N8xaGdr3 +tmmEm25PCPeW4rWB/8wy2XP1JOic8Kb+56kzdVsxPkpP1aRJCALqI5416ec228BjsLH bQfZP4uzdKaCgrK0CvApMjlkv7nG4utGgHvmWCtAbV7G/TEx+57Y4kyLb+rCFcJiXeqa NrSfjd2EsoUP8T3GIdDlndwuXZBrwExb7gEKg2hXkXW3EfsLtsExrqEczsHxyARCfF8q /OyA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:to:from:subject:message-id:date:user-agent :mime-version:content-language:content-transfer-encoding; bh=8Q4C0glZYwsut52PdSeb72ScWwRuEVhdAwj8EZnBsgE=; b=hBtmtv0r1TMZW+UlNgZpk7mFx+W9+iPcNbn0K/q4E9dOOCcLvoy52xNsv2eM9fCg6x Plr5MTchX/KGRtPqMSaHQe/EbDaztbvirB8nnGnauE2Vqfs7EfCRnthlqykMYxaVEHXj YxKnj5ftm39dg7kNKpn7ZfhE5ctxR0JDbgmYHo36Ne69A1kf9upCm64xKpIXgf1Xa4t0 btB+Gr3pmVitvWBXQgHpETnNM+20HdEZbJk94jAfGg36rpepFjcT/T4svJ+jEYEzXziT +VIbLoehYNUm2OuIRKbGKApLmWH0f3yelrJP7ALO7YMQr85Rc56RW4UYsArvJ4u/sIpy 0aYA==
X-Gm-Message-State: APjAAAWZtBLjDnqzDb37y0Wws3XL6/Phy2xe3Vot4XVeSRa8fxzQicbv 3f/kuQde+c6hGpWYuWAqE24yzj2x
X-Google-Smtp-Source: APXvYqwtzTxDfhkGHbD8FRHq0W4Rim/9NMHRgzQv340bXKlzmIVcSmuqCBvWVVufSEzauy/iTgILcA==
X-Received: by 2002:a1c:ef08:: with SMTP id n8mr8102020wmh.85.1553448698905; Sun, 24 Mar 2019 10:31:38 -0700 (PDT)
Received: from [172.18.129.84] (bzq-202-11.red.bezeqint.net. [212.179.202.11]) by smtp.gmail.com with ESMTPSA id x5sm14072404wrt.72.2019.03.24.10.31.38 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 24 Mar 2019 10:31:38 -0700 (PDT)
To: cfrg@irtf.org, Adrian Farrel <rfc-ise@rfc-editor.org>
From: Yaron Sheffer <yaronf.ietf@gmail.com>
Message-ID: <cb4a382b-0ce3-2da2-7325-4a622cace6c5@gmail.com>
Date: Sun, 24 Mar 2019 19:31:36 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.5.1
MIME-Version: 1.0
Content-Type: text/html; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/EbdMGo8A-qGDUwFnv-W7lmAdDYI>
Subject: [Cfrg] CFRG Crypto Panel review: draft-krovetz-ocb-wideblock-00
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sun, 24 Mar 2019 17:31:42 -0000
1) this is a good idea and should be taken by CFRG
2) this is a good idea and should be published in the Independent Stream
3) this is a good idea, but needs some fixes
4) this is not a good idea and should not be published.
Unfortunately I have to pick yet another response:
5) this is NOT a good idea, but if published, it should be published by CFRG and not ISE.
Details
This is version -00 of the draft and it has had no review or discussion on the list. For all I know, my review will be the first one (although the acknowledgments seem to refer to some off-list discussions). The level of complexity and depth of the review needed IMO means that publishing in the Independent Stream would be very risky (major security risks may be lurking that would have been uncovered by more review), so I do NOT recommend to publish at the ISE.
OCB is defined in RFC 7253 (BTW, the reference in the I-D is incorrect), and this is a minor extension to it. The IPR situation was murky when RFC 7253 was published and remains murky to this day. However since OCB itself was published, and since I don't see any IPR issues that are specific to wideblock variants, I don't see IPR as a reason not to publish.
However, it is unclear to me why this draft is needed by the industry: nobody today wants blockciphers with a block size smaller than 128; and nobody (almost nobody?) uses blockciphers with a block size larger than 128. The document itself does not present any specific motivation, as in "we would like to use the X wide-block cipher because...". The cipher mentioned in the draft, RC6, is itself exotic and rarely if ever used in practice and again, it is unclear what the CFRG audience would gain by its publication.
All in all, I would strongly recommend for the ISE not to publish this document. In addition, my personal opinion is that this work would not be a good use of the CFRG energy either.
- [Cfrg] CFRG Crypto Panel review: draft-krovetz-oc… Yaron Sheffer
- Re: [Cfrg] CFRG Crypto Panel review: draft-krovet… RFC ISE (Adrian Farrel)