Re: [Cfrg] Fwd: [saag] possible BCP on public review being needed for standards-track crypto
Stephen Farrell <stephen.farrell@cs.tcd.ie> Wed, 23 March 2016 20:18 UTC
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 440D712D7DF for <cfrg@ietfa.amsl.com>; Wed, 23 Mar 2016 13:18:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.311
X-Spam-Level:
X-Spam-Status: No, score=-4.311 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Whp1y6oBKPHE for <cfrg@ietfa.amsl.com>; Wed, 23 Mar 2016 13:18:07 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A640312D836 for <Cfrg@irtf.org>; Wed, 23 Mar 2016 13:18:04 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id CD61EBE35; Wed, 23 Mar 2016 20:18:01 +0000 (GMT)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0ksaOc0tB9LG; Wed, 23 Mar 2016 20:18:00 +0000 (GMT)
Received: from [10.1.0.167] (host-160-196-68-109.arq1.ldn.uk.sharedband.net [109.68.196.160]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 999F1BE33; Wed, 23 Mar 2016 20:17:59 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1458764280; bh=i4Vkt3wD3LWOTYYEUF2DszPgrHBYRk+7dn2wm6oKUxM=; h=Subject:To:References:Cc:From:Date:In-Reply-To:From; b=3TLnUyQ1vaicHNK1C0rqMKvWQp0gd0Z5OnbL18yFmrGjOsJ7LpkOb9zvBO6MI/2Fg CV46hN/Zb6IKM4A0PFxDzv0tuJahJm3BhNNxWkwd2GN84O6EtDR43F+9nzPrkQKQK6 VO/VYYyzIEAlj/OCNsICuua2qA4NuVQ+GjnQK21Y=
To: Phillip Hallam-Baker <phill@hallambaker.com>, Yoav Nir <ynir.ietf@gmail.com>
References: <56F29DE6.50508@cs.tcd.ie> <56F2A2D7.7020402@cs.tcd.ie> <CAMm+Lwgj8Ac+34eAiMJwe2=5NEYw_kHJzcm0NREsbK1uTPisUQ@mail.gmail.com> <8C18E54D-07B5-4DE6-82F1-B00C5204FB36@gmail.com> <CAMm+LwgcTW2NTuAv6KKnVRG5AozxMt3VjhW82WDQLTf=9PdbBQ@mail.gmail.com>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Openpgp: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url=
Message-ID: <56F2F9F5.8040404@cs.tcd.ie>
Date: Wed, 23 Mar 2016 20:17:57 +0000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.5.1
MIME-Version: 1.0
In-Reply-To: <CAMm+LwgcTW2NTuAv6KKnVRG5AozxMt3VjhW82WDQLTf=9PdbBQ@mail.gmail.com>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="------------ms020506010901090504090406"
Archived-At: <http://mailarchive.ietf.org/arch/msg/cfrg/FaHFD7jr63HFmVPNHe2otvSzIHk>
Cc: "cfrg@irtf.org" <Cfrg@irtf.org>
Subject: Re: [Cfrg] Fwd: [saag] possible BCP on public review being needed for standards-track crypto
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Mar 2016 20:18:21 -0000
Folks, please use saag@ietf.org for discussion of this topic, not cfrg. S On 23/03/16 19:30, Phillip Hallam-Baker wrote: > On Wed, Mar 23, 2016 at 2:38 PM, Yoav Nir <ynir.ietf@gmail.com> wrote: >> >>> On 23 Mar 2016, at 7:23 PM, Phillip Hallam-Baker <phill@hallambaker.com> wrote: >>> >>> On Wed, Mar 23, 2016 at 10:06 AM, Stephen Farrell >>> <stephen.farrell@cs.tcd.ie> wrote: >>>> >>>> FYI. Please send comments to saag@ietf.org. >>>> >>>> If you just want to say "+1" that's as useful here I guess, >>>> but if you think this is a bad idea, please explain why on >>>> the saag list, and of course any detailed comments should >>>> go to the saag list. >>>> >>> >>> I think it a good idea to insist that any crypto that the IETF is >>> apparently endorsing have been subject to public review. >>> >>> I also believe that it should be possible to use arbitrary crypto with >>> IETF protocols. >>> >>> Using IANA assigned code points means it is not possible to satisfy >>> both at once. >> >> I don’t think that it is impossible. Suppose you have a registry for encryption algorithms such as the IKEv2 one ([1]), where identifiers are 16-bit. Currently it is partitioned so that 0-1023 are for assignment by the IETF (we’re up to 28), while 1024-65536 is for private use. It should be fairly easy to alter the partition so that 0-1023 is for the IETF with expert review (like it is today), 1024-2047 specification required (no implication about quality), 2048-4095 FCFS (no implication that you can even implement it), and the rest left for private use (like today). That way the higher ranges are only used to avoid two private experiments colliding. >> >> The downside is what is happening right now with ChaCha20 and TLS. Someone starts using a value either by squatting or by the easy procedure. After that, if the IETF decides to “bless” it, a new identifier would hurt interop with a deployed base. So you end up with a recommended algorithm in the range we reserved for crypto that amateurs invent. >> > > That is why I suggest OIDs. Anyone can cut one. I have an arc. You can > have one too. > > If I am writing a general purpose library, I almost certainly need to > cut an OID to support CMS, PKIX and the like. So supporting use of the > IETF code point or the OID, isn't actually much of an overhead if > anything. > > Right now I have crypto libraries wrapping crypto libraries three deep > because folk can't write decent, consistent APIs and because I need to > support four different IETF naming and numbering schemes. >
- [Cfrg] Fwd: [saag] possible BCP on public review … Stephen Farrell
- Re: [Cfrg] Fwd: [saag] possible BCP on public rev… Phillip Hallam-Baker
- Re: [Cfrg] Fwd: [saag] possible BCP on public rev… Salz, Rich
- Re: [Cfrg] Fwd: [saag] possible BCP on public rev… Yoav Nir
- Re: [Cfrg] Fwd: [saag] possible BCP on public rev… Phillip Hallam-Baker
- Re: [Cfrg] Fwd: [saag] possible BCP on public rev… Stephen Farrell