IETF Logo Mail Archive

Re: [Cfrg] RFC 5742 conflict review for draft-dolmatov-kuznyechik

Simon Josefsson <simon@josefsson.org> Wed, 03 February 2016 10:23 UTC

Return-Path: <simon@josefsson.org>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3B9151A8946 for <cfrg@ietfa.amsl.com>; Wed, 3 Feb 2016 02:23:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.551
X-Spam-Level:
X-Spam-Status: No, score=-1.551 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_SE=0.35, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id elWubDMtIbCT for <cfrg@ietfa.amsl.com>; Wed, 3 Feb 2016 02:23:11 -0800 (PST)
Received: from duva.sjd.se (duva.sjd.se [IPv6:2001:9b0:1:1702::100]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 424461A8944 for <cfrg@irtf.org>; Wed, 3 Feb 2016 02:23:09 -0800 (PST)
Received: from latte.josefsson.org ([155.4.17.2]) (authenticated bits=0) by duva.sjd.se (8.14.4/8.14.4/Debian-4) with ESMTP id u13AN1hu005101 (version=TLSv1/SSLv3 cipher=AES128-GCM-SHA256 bits=128 verify=NOT); Wed, 3 Feb 2016 11:23:02 +0100
From: Simon Josefsson <simon@josefsson.org>
To: "Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu>
References: <4A631584-C0F1-4AFC-A51D-155C34415413@isode.com> <D2D64C5B.61B8F%kenny.paterson@rhul.ac.uk> <CADqLbz+b-YQ10d6d5_GHN+r7ETWobQgq+skPyXQSdUGG1dBDqQ@mail.gmail.com> <CACsn0c=ErkJLja7QUbA06V7vH-KPR_MpTcPhPyrKfyV02bxq-w@mail.gmail.com> <D2D65F65.266E2%uri@ll.mit.edu> <87a8nix2od.fsf@latte.josefsson.org> <D2D68F83.26762%uri@ll.mit.edu>
OpenPGP: id=54265E8C; url=http://josefsson.org/54265e8c.txt
X-Hashcash: 1:22:160203:uri@ll.mit.edu::QUw4P3N3Z54ZkI4u:5V1Q
X-Hashcash: 1:22:160203:cfrg@irtf.org::+HC72r8LlDcFcL2u:AgNH
Date: Wed, 03 Feb 2016 11:23:00 +0100
In-Reply-To: <D2D68F83.26762%uri@ll.mit.edu> (Uri Blumenthal's message of "Tue, 2 Feb 2016 21:59:32 +0000")
Message-ID: <871t8uw0sb.fsf@latte.josefsson.org>
User-Agent: Gnus/5.130014 (Ma Gnus v0.14) Emacs/24.4 (gnu/linux)
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha256"; protocol="application/pgp-signature"
X-Virus-Scanned: clamav-milter 0.98.7 at duva.sjd.se
X-Virus-Status: Clean
Archived-At: <http://mailarchive.ietf.org/arch/msg/cfrg/JKJM_IsVUgiMEh4lAFmWbtmzNAM>
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] RFC 5742 conflict review for draft-dolmatov-kuznyechik
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Feb 2016 10:23:13 -0000

"Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu> writes:

>>>Likewise, I’d expect an informational RFC describing Kalyna (Ukrainian
>>> contest winner), which looks somewhat more appealing.
>>
>>I see a problem with publishing descriptions of national ciphers without
>>guidance on suitable use and relevant applicability statements.
>
> The only guidance I see is: if you need "it" or are required to use "it" -
> do so, but be aware that people outside of your policy domain may not
> interoperate with you using “it” because they may not have “it”
> implemented. Implementing “it” is not required to be <whatever
> protocol>-compliant.

Where do you see this guidance?  I can't find anything like that in the
draft.  In fact the draft talks about itself as a Standard in several
places:

   The cryptographic algorithms specified in this Standard are designed
   both for hardware and software implementation.  They comply with
   modern cryptographic requirements, and put no restrictions on the
   confidentiality level of the protected information.

   The Standard applies to developing, operation, and modernization of
   the information systems of various purposes.

To me this suggests broad applicability.

I would expect to find a discussion on applicability in the Introduction
or in the Security Considerations.  For those who didn't read, the
security considerations is:

   6.  Security Considerations

   This entire document is about security considerations.

Which leaves a lot to desire.

> Do you envision some other kind of guidance?

Yes, see the last paragraph of:
https://www.ietf.org/mail-archive/web/cfrg/current/msg07876.html

/Simon

v2.23.0 | Report a Bug | By Email