IETF Logo Mail Archive

Re: [CFRG] Adoption Call: Guidelines for Writing Cryptography Specifications

Thom Wiggers <thom@thomwiggers.nl> Tue, 20 June 2023 15:58 UTC

Return-Path: <thom@thomwiggers.nl>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 48E7AC15106C for <cfrg@ietfa.amsl.com>; Tue, 20 Jun 2023 08:58:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=thomwiggers.nl
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pSYFgHZdA-RW for <cfrg@ietfa.amsl.com>; Tue, 20 Jun 2023 08:57:55 -0700 (PDT)
Received: from mail-oo1-xc33.google.com (mail-oo1-xc33.google.com [IPv6:2607:f8b0:4864:20::c33]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E0AE1C14CEF9 for <cfrg@ietf.org>; Tue, 20 Jun 2023 08:57:55 -0700 (PDT)
Received: by mail-oo1-xc33.google.com with SMTP id 006d021491bc7-55e40fac2faso1776465eaf.3 for <cfrg@ietf.org>; Tue, 20 Jun 2023 08:57:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=thomwiggers.nl; s=google; t=1687276675; x=1689868675; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=WvJQG/cxlByszRpzX8Cz0YaLBBfyTsG2F+MoDoKtnr8=; b=RpF/QW/G5iJv8rq7FjtufStpZ1S1zzTU/H+LyPA6rjao4buXJ+suPKJ6ViJ2IT+rGY NjYQEiff+OCKTWA4w9NKiofowpR0MMfGwX4/Jo+4+w46UpWTUEOjXpzHwvz6UyXHt291 FIerFrhzhELGyH0r1AtcSZyQl4MMbJTREJ4uo=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1687276675; x=1689868675; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=WvJQG/cxlByszRpzX8Cz0YaLBBfyTsG2F+MoDoKtnr8=; b=CJfDdv4aq9kT2qbEI3GEldyzeP+S2sx5iMsWOiX1PfJIfphXowEOzfw6seKVPveGHj daERgQd8rAu0mrQ6cVPKJIPaJHsy0yZaW/xFGSpWlBo1WKsWhl7OuDxpqZS1zGh8G0j7 AI16G1us04wduBBRazx+mrzMX38N0Jg61pe+8/vKTqxg7kHvCINX6QyebwHDqTEjSAO2 FkOW592BoMieJqif06U+7HV9r+HywxeC1VuDbyShzGrIFgKl6nM1uyhC2sjc+fxgn8H8 dAgoSDiBG9v/FraO2DiekmOW7UE0OPJ1e0jpfMBbK/G5EShU4K9S37zFq+jhK8sGrKmB PFFg==
X-Gm-Message-State: AC+VfDwnypTrlV6ZeGKdu8wGlBpKIWcpjMqCwG7io8eYsfV2vDtjvrll IIini2jDjD6KAgbEX7wPYVOU5mx7pfPcYKAZgeo5QQ==
X-Google-Smtp-Source: ACHHUZ45jv49cOptEhCDg8e1QDMOD+VKGRu0Bo7S3nmizXK7LZ5fH7Np90aiZHvbhe3Pnx4DHFaDAxw6uYE0XHVLw5g=
X-Received: by 2002:a05:6808:1188:b0:39c:93ba:cb92 with SMTP id j8-20020a056808118800b0039c93bacb92mr16069900oil.8.1687276675026; Tue, 20 Jun 2023 08:57:55 -0700 (PDT)
MIME-Version: 1.0
References: <CAMr0u6=oLzn1SzzuO5X4aLw2neRf=bqMJpMOB4h3ERTO4Ao-WA@mail.gmail.com>
In-Reply-To: <CAMr0u6=oLzn1SzzuO5X4aLw2neRf=bqMJpMOB4h3ERTO4Ao-WA@mail.gmail.com>
From: Thom Wiggers <thom@thomwiggers.nl>
Date: Tue, 20 Jun 2023 17:57:39 +0200
Message-ID: <CABzBS7nOGDXdLkrKECbBxVorpko7_efFcVZXpA_978xiKLRFBQ@mail.gmail.com>
To: "Stanislav V. Smyshlyaev" <smyshsv@gmail.com>
Cc: "<cfrg@ietf.org>" <cfrg@ietf.org>, cfrg-chairs@ietf.org
Content-Type: multipart/alternative; boundary="000000000000da69ad05fe91b66b"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/HcyXbRVq_bQicXysjO0AZ5xywo0>
Subject: Re: [CFRG] Adoption Call: Guidelines for Writing Cryptography Specifications
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Jun 2023 15:58:00 -0000

Hi all,

I support adoption of this draft, and have enjoyed reading it. My remarks
kept mostly getting addressed by the next subsection; the following is
extremely nitpicky.

> For example, when describing group operations using multiplicative
notation, the multiplication symbol * should be used instead of the x
symbol.

Say, some field uses another notation; e.g. [k]P for scalar multiplication
in elliptic curves. Should authors stick with what is familiar in the
context of their specification, or should they try to be consistent with
the recommendations in this draft?

In section 4, I think it might be worth a mention in the discussion on
security guarantees/considerations that interactions with other protocols
need to be considered, also outside of the immediate intended applications
of the protocol (e.g. CMP needs to be mindful of potential interactions
with certificate transparency).

In catering to implementers, can we recommend reference implementations?
(Reference implementations should be documented with their own threat model
/ security assumptions, especially if they forgo e.g. constant-timeness for
the sake of clarity --- you might be able to write a whole other RFC about
that subject).

On test vectors, I would like to slightly sharpen the recommendation and
say that test vectors should specifically exercise the input validation
logic, to avoid inputs that, if accepted,;' lead to security failures (e.g.
group identities). It is covered by "logical pathways" but I feel some
additional attention might be nice.

On the whole, it's a nice, well-written document and I hope it is read and
found instructive by many people. Thanks for putting in the effort.

Cheers,

Thom
PQShield

Op vr 2 jun 2023 om 07:15 schreef Stanislav V. Smyshlyaev <smyshsv@gmail.com
>:

> Dear CFRG participants,
>
> This message is starting 3 weeks adoption call on "Guidelines for Writing
> Cryptography Specifications" draft,
> draft-sullivan-cryptography-specification-00 (
> https://datatracker.ietf.org/doc/draft-sullivan-cryptography-specification/)
> that will end on June 23rd 2023.
>
> Please send your feedback in reply to this email or directly to CFRG
> chairs <cfrg-chairs@ietf.org> <cfrg-chairs@ietf.org>.
>
> Best regards,
> Stanislav (for CFRG chairs)
> _______________________________________________
> CFRG mailing list
> CFRG@irtf.org
> https://www.irtf.org/mailman/listinfo/cfrg
>

v2.23.0 | Report a Bug | By Email