Re: [CFRG] Adoption Call: Guidelines for Writing Cryptography Specifications
Thom Wiggers <thom@thomwiggers.nl> Tue, 20 June 2023 15:58 UTC
Return-Path: <thom@thomwiggers.nl>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 48E7AC15106C for <cfrg@ietfa.amsl.com>; Tue, 20 Jun 2023 08:58:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=thomwiggers.nl
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pSYFgHZdA-RW for <cfrg@ietfa.amsl.com>; Tue, 20 Jun 2023 08:57:55 -0700 (PDT)
Received: from mail-oo1-xc33.google.com (mail-oo1-xc33.google.com [IPv6:2607:f8b0:4864:20::c33]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E0AE1C14CEF9 for <cfrg@ietf.org>; Tue, 20 Jun 2023 08:57:55 -0700 (PDT)
Received: by mail-oo1-xc33.google.com with SMTP id 006d021491bc7-55e40fac2faso1776465eaf.3 for <cfrg@ietf.org>; Tue, 20 Jun 2023 08:57:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=thomwiggers.nl; s=google; t=1687276675; x=1689868675; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=WvJQG/cxlByszRpzX8Cz0YaLBBfyTsG2F+MoDoKtnr8=; b=RpF/QW/G5iJv8rq7FjtufStpZ1S1zzTU/H+LyPA6rjao4buXJ+suPKJ6ViJ2IT+rGY NjYQEiff+OCKTWA4w9NKiofowpR0MMfGwX4/Jo+4+w46UpWTUEOjXpzHwvz6UyXHt291 FIerFrhzhELGyH0r1AtcSZyQl4MMbJTREJ4uo=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1687276675; x=1689868675; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=WvJQG/cxlByszRpzX8Cz0YaLBBfyTsG2F+MoDoKtnr8=; b=CJfDdv4aq9kT2qbEI3GEldyzeP+S2sx5iMsWOiX1PfJIfphXowEOzfw6seKVPveGHj daERgQd8rAu0mrQ6cVPKJIPaJHsy0yZaW/xFGSpWlBo1WKsWhl7OuDxpqZS1zGh8G0j7 AI16G1us04wduBBRazx+mrzMX38N0Jg61pe+8/vKTqxg7kHvCINX6QyebwHDqTEjSAO2 FkOW592BoMieJqif06U+7HV9r+HywxeC1VuDbyShzGrIFgKl6nM1uyhC2sjc+fxgn8H8 dAgoSDiBG9v/FraO2DiekmOW7UE0OPJ1e0jpfMBbK/G5EShU4K9S37zFq+jhK8sGrKmB PFFg==
X-Gm-Message-State: AC+VfDwnypTrlV6ZeGKdu8wGlBpKIWcpjMqCwG7io8eYsfV2vDtjvrll IIini2jDjD6KAgbEX7wPYVOU5mx7pfPcYKAZgeo5QQ==
X-Google-Smtp-Source: ACHHUZ45jv49cOptEhCDg8e1QDMOD+VKGRu0Bo7S3nmizXK7LZ5fH7Np90aiZHvbhe3Pnx4DHFaDAxw6uYE0XHVLw5g=
X-Received: by 2002:a05:6808:1188:b0:39c:93ba:cb92 with SMTP id j8-20020a056808118800b0039c93bacb92mr16069900oil.8.1687276675026; Tue, 20 Jun 2023 08:57:55 -0700 (PDT)
MIME-Version: 1.0
References: <CAMr0u6=oLzn1SzzuO5X4aLw2neRf=bqMJpMOB4h3ERTO4Ao-WA@mail.gmail.com>
In-Reply-To: <CAMr0u6=oLzn1SzzuO5X4aLw2neRf=bqMJpMOB4h3ERTO4Ao-WA@mail.gmail.com>
From: Thom Wiggers <thom@thomwiggers.nl>
Date: Tue, 20 Jun 2023 17:57:39 +0200
Message-ID: <CABzBS7nOGDXdLkrKECbBxVorpko7_efFcVZXpA_978xiKLRFBQ@mail.gmail.com>
To: "Stanislav V. Smyshlyaev" <smyshsv@gmail.com>
Cc: "<cfrg@ietf.org>" <cfrg@ietf.org>, cfrg-chairs@ietf.org
Content-Type: multipart/alternative; boundary="000000000000da69ad05fe91b66b"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/HcyXbRVq_bQicXysjO0AZ5xywo0>
Subject: Re: [CFRG] Adoption Call: Guidelines for Writing Cryptography Specifications
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Jun 2023 15:58:00 -0000
Hi all, I support adoption of this draft, and have enjoyed reading it. My remarks kept mostly getting addressed by the next subsection; the following is extremely nitpicky. > For example, when describing group operations using multiplicative notation, the multiplication symbol * should be used instead of the x symbol. Say, some field uses another notation; e.g. [k]P for scalar multiplication in elliptic curves. Should authors stick with what is familiar in the context of their specification, or should they try to be consistent with the recommendations in this draft? In section 4, I think it might be worth a mention in the discussion on security guarantees/considerations that interactions with other protocols need to be considered, also outside of the immediate intended applications of the protocol (e.g. CMP needs to be mindful of potential interactions with certificate transparency). In catering to implementers, can we recommend reference implementations? (Reference implementations should be documented with their own threat model / security assumptions, especially if they forgo e.g. constant-timeness for the sake of clarity --- you might be able to write a whole other RFC about that subject). On test vectors, I would like to slightly sharpen the recommendation and say that test vectors should specifically exercise the input validation logic, to avoid inputs that, if accepted,;' lead to security failures (e.g. group identities). It is covered by "logical pathways" but I feel some additional attention might be nice. On the whole, it's a nice, well-written document and I hope it is read and found instructive by many people. Thanks for putting in the effort. Cheers, Thom PQShield Op vr 2 jun 2023 om 07:15 schreef Stanislav V. Smyshlyaev <smyshsv@gmail.com >: > Dear CFRG participants, > > This message is starting 3 weeks adoption call on "Guidelines for Writing > Cryptography Specifications" draft, > draft-sullivan-cryptography-specification-00 ( > https://datatracker.ietf.org/doc/draft-sullivan-cryptography-specification/) > that will end on June 23rd 2023. > > Please send your feedback in reply to this email or directly to CFRG > chairs <cfrg-chairs@ietf.org> <cfrg-chairs@ietf.org>. > > Best regards, > Stanislav (for CFRG chairs) > _______________________________________________ > CFRG mailing list > CFRG@irtf.org > https://www.irtf.org/mailman/listinfo/cfrg >
- [CFRG] Adoption Call: Guidelines for Writing Cryp… Stanislav V. Smyshlyaev
- Re: [CFRG] Adoption Call: Guidelines for Writing … Benjamin Beurdouche
- Re: [CFRG] [EXTERNAL] Adoption Call: Guidelines f… Mike Ounsworth
- Re: [CFRG] [EXT] Re: [EXTERNAL] Adoption Call: Gu… Blumenthal, Uri - 0553 - MITLL
- Re: [CFRG] Adoption Call: Guidelines for Writing … Russ Housley
- Re: [CFRG] [EXTERNAL] Adoption Call: Guidelines f… Christian Paquin
- Re: [CFRG] Adoption Call: Guidelines for Writing … Salz, Rich
- Re: [CFRG] Adoption Call: Guidelines for Writing … John Mattsson
- Re: [CFRG] Adoption Call: Guidelines for Writing … Riad S. Wahby
- Re: [CFRG] Adoption Call: Guidelines for Writing … David McGrew (mcgrew)
- Re: [CFRG] [EXTERNAL] Adoption Call: Guidelines f… Tim Hollebeek
- Re: [CFRG] [EXTERNAL] Adoption Call: Guidelines f… Kris Kwiatkowski
- Re: [CFRG] Adoption Call: Guidelines for Writing … Florence D
- Re: [CFRG] Adoption Call: Guidelines for Writing … Christopher Patton
- Re: [CFRG] Adoption Call: Guidelines for Writing … Deirdre Connolly
- Re: [CFRG] Adoption Call: Guidelines for Writing … Kai Mindermann
- Re: [CFRG] Adoption Call: Guidelines for Writing … Thom Wiggers
- Re: [CFRG] [EXT] Re: Adoption Call: Guidelines fo… Blumenthal, Uri - 0553 - MITLL
- Re: [CFRG] [EXT] Re: Adoption Call: Guidelines fo… Thom Wiggers
- Re: [CFRG] Adoption Call: Guidelines for Writing … Jonathan Hammell
- Re: [CFRG] Adoption Call: Guidelines for Writing … Hubert Kario
- Re: [CFRG] Adoption Call: Guidelines for Writing … Stanislav V. Smyshlyaev