IETF Logo Mail Archive

[CFRG] Re: Progressing NTRUPrime/Classic McEliece drafts

Eric Rescorla <ekr@rtfm.com> Sat, 01 February 2025 22:46 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 28D9AC151997 for <cfrg@ietfa.amsl.com>; Sat, 1 Feb 2025 14:46:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.905
X-Spam-Level:
X-Spam-Status: No, score=-1.905 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20230601.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iUwhLCIQBtdk for <cfrg@ietfa.amsl.com>; Sat, 1 Feb 2025 14:46:32 -0800 (PST)
Received: from mail-yw1-x1129.google.com (mail-yw1-x1129.google.com [IPv6:2607:f8b0:4864:20::1129]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4060DC15155E for <cfrg@irtf.org>; Sat, 1 Feb 2025 14:46:32 -0800 (PST)
Received: by mail-yw1-x1129.google.com with SMTP id 00721157ae682-6f6715734d9so17993007b3.3 for <cfrg@irtf.org>; Sat, 01 Feb 2025 14:46:32 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20230601.gappssmtp.com; s=20230601; t=1738449991; x=1739054791; darn=irtf.org; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :from:to:cc:subject:date:message-id:reply-to; bh=dyrXK1XH6SkUdOTQbIZOSrTeGC5sgjOHFbAI5ZlXnT0=; b=t6Ja9Rp5cVrBz4mETf9Uv4SSMKPsIBz8JUmbsk0Tue14SaD1qYX7w0UDJm++Of9KHb VyoqOzN2aS8NI8vOCq14xXjaooI4iqD1gW7xigW6VH7cwinhORrBWPr7PJUIQnZYJlL7 3b8jsFlQZgwx7Q+F/vpoTXosM6jknI05/F7plJqUZ4zSkMBX5fm8qteu/YPuhl1oUJI7 T0L7MqXj2Kr+nsdl+mncNWstdMab8G7+VdeXR3XIKsgCPtjsvhSIadMaLz5qIoFy/8ek 9QK35G13Gkni0S5sBUxt1z7ibOkNEH7H8GL5knVHAwnqETcnYc/zT/5CRMoQC2sn/lJd iK4w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1738449991; x=1739054791; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=dyrXK1XH6SkUdOTQbIZOSrTeGC5sgjOHFbAI5ZlXnT0=; b=dJdb04XpGHwEEoYZGvHKmrhbkyDTuDdFB+3Hgogyuf4qjSV2mC3OWVeCoRxscQYbUN 4VXvABteI7r7iZbx1XG/eSPYkse79/1jpfZOLs0eXIyMbZMAf2NPzCBesAzNNr7DLmQw VAN/nIvVsfW+LfjJCmQpC6RxO2uy2WJO51eX0r58FEHW40NKkOl9HbHiayGB40TxT3Gf L4LzK+o3jLlWO3kBaxNZoSRxhAyGdP6CP8dS38zi/TQXHUpkUFSVgBcZ55zM1f+R8GMI vSDDkA6wuF9/O+vcL1c+RCTMRyvaBJa9djttYZNtn2ZUxH6oXr3yfjuT9gUtubjTefDs UcvA==
X-Gm-Message-State: AOJu0Ywk7zIhCuO59FstlS03D3SqX279dqBN68NzIYhh9/27KZqnWn/3 7CGOqOrGcErOSa0UX0zlA7P0US6e5JnZpsYBNY5FSr6tNS7Jnpc+bW4eXTlFvGM1Kf6YXR17DPY hhxUmX1swZDifQG1XUFFdaFEyb1p1y7+9DjSTl3aqOHvl9+Fn0h0=
X-Gm-Gg: ASbGncsymIEy/12mNfHbucnNgZ+rwCS960g/ZUH5JXqDuBI/CdyA3OzCvq/bux+DTQs slW5CQYKuy0kwnL1AaDUrAMCRraNa1y85bOkfZy3W8sokhFNZN4a7LtE6XUqCGSWJHBzkAZAlQf o=
X-Google-Smtp-Source: AGHT+IHl6f9QDhuWK4tmndr6kDtgWtoBh8XtHfqBZmCtWMnwp0fzVIyU665HEmeQKj+aOA+XLMe001c0q1qmO3Rzk30=
X-Received: by 2002:a05:690c:45c2:b0:6e3:323f:d8fb with SMTP id 00721157ae682-6f7a8358639mr142655767b3.14.1738449990817; Sat, 01 Feb 2025 14:46:30 -0800 (PST)
MIME-Version: 1.0
References: <CABcZeBPhr4gENxWkoKKwqdu_dW3=7GRyKjpG0sf10CSHOXGwhg@mail.gmail.com> <20250201214855.1681593.qmail@cr.yp.to>
In-Reply-To: <20250201214855.1681593.qmail@cr.yp.to>
From: Eric Rescorla <ekr@rtfm.com>
Date: Sat, 01 Feb 2025 14:45:54 -0800
X-Gm-Features: AWEUYZlwm4eFecMcaNJdw5d5LAo-RsDhcjsDmc0s5FzlKgKW7dfiAqzb7gk1HaU
Message-ID: <CABcZeBMrcKEqRNHsf9nMEUcD4JGYmzajxPiMbP1D3i9OHQ9Y0Q@mail.gmail.com>
To: cfrg@irtf.org
Content-Type: multipart/alternative; boundary="00000000000029b7b5062d1c6e68"
Message-ID-Hash: UAAGEIQ27JWML7UY6HQE5MJGJU375LCV
X-Message-ID-Hash: UAAGEIQ27JWML7UY6HQE5MJGJU375LCV
X-MailFrom: ekr@rtfm.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-cfrg.irtf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [CFRG] Re: Progressing NTRUPrime/Classic McEliece drafts
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/HNFep03QVTHP8eq8-3hVEn1KLLA>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Owner: <mailto:cfrg-owner@irtf.org>
List-Post: <mailto:cfrg@irtf.org>
List-Subscribe: <mailto:cfrg-join@irtf.org>
List-Unsubscribe: <mailto:cfrg-leave@irtf.org>

On Sat, Feb 1, 2025 at 1:49 PM D. J. Bernstein <djb@cr.yp.to> wrote:

> Eric Rescorla writes:
> > Simon Josefsson [...] wrote:
> > > Defering authority on crypto primitives to NIST is implied by many
> > > suggestions made IETF-wide right now.
> > i haven't seen anyone suggest that CFRG should not publish its own
> > specifications regardless of what NIST does.
>
> Some quotes in 2024 from IETF security-area directors:
>
>     * "CFRG does not analyse or evaluate cryptography itself"
>       (
> https://datatracker.ietf.org/meeting/120/materials/slides-120-saag-cryptography-at-the-ietf
> )
>

This statement just seems factually wrong as written, as AFAICT the
CFRG does in fact do some analysis prior to publication (though as noted
separately, it relies on existing analysis to a great extent). Perhaps what
is trying
to say that the CFRG relies on the research community for much of its
analysis? In any case, I don't think it's relevant to the question of
whether
CFRG should publish its own specifications.


    * "SEC AD Proposal: Limit publication of crypto RFCs"
>       (
> https://datatracker.ietf.org/meeting/120/materials/slides-120-saag-cryptography-at-the-ietf
> )
>
>     * "the cryptographic research communities are focusing on NIST
>       candidates"
>       (
> https://mailarchive.ietf.org/arch/msg/saag/9e1QheO1L6SVBX3a8mFSij9AgHw/)
>
>     * "Should the IETF really recommend a dropped candidate at this
>       stage? I do not think so"
>       (
> https://mailarchive.ietf.org/arch/msg/saag/9e1QheO1L6SVBX3a8mFSij9AgHw/)
>
> The details of the "limit publication" proposal weren't clearly stated,
> but included an "outside the IETF" criterion that sounded like it would
> eliminate IETF (in the broad sense, including IRTF) as an independent
> source of cryptographic standards---presumably rubber-stamping NIST's
> decisions instead, as one sees in the last link.
>

Well, I'll let Paul speak for himself, but I don't think any of these
amounts
to a general statement that CFRG shouldn't publish its own algorithm
specifications. Given that the IRTF has published quite a few such
documents (FROST, ristretto, VOPRF, RSA blind signatures ..)
during Paul's tenure without IESG objection, I don't think this is the
best reading of the above links.

-Ekr

v2.29.0 | Report a Bug | By Email | System Status