Re: [CFRG] (I don't agree) Re: [Errata Held for Document Update] RFC8032 (5758)
Alexey Melnikov <alexey.melnikov@isode.com> Wed, 16 February 2022 10:55 UTC
Return-Path: <alexey.melnikov@isode.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A876A3A0AA0; Wed, 16 Feb 2022 02:55:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.813
X-Spam-Level:
X-Spam-Status: No, score=-7.813 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.714, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=isode.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sp7mGoLYlKDp; Wed, 16 Feb 2022 02:54:59 -0800 (PST)
Received: from statler.isode.com (Statler.isode.com [62.232.206.189]) by ietfa.amsl.com (Postfix) with ESMTP id C63053A10E4; Wed, 16 Feb 2022 02:54:56 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1645008895; d=isode.com; s=june2016; i=@isode.com; bh=Sm4ya/R51ngrkrq+cQbTs2Eu8zV9yQeG0NRlrh5XOiI=; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version: In-Reply-To:References:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description; b=Q1xVsSjA4ZtIrbtZrJr+Q2GFMI5G1Qq5eEsRzS8W4M/WCSxYxrVOVArRIUqKQ5Yb+G71lo 6slByV6zYMnhiZ/Agpldq93kbnfM5C8KPMfdO7eUx5A6ZieYBRMuFn7N6owVYaNLNpx35S aTMpD0397nJA6F8bCuwd2IYy49lhWVg=;
Received: from [192.168.1.222] (host31-49-219-49.range31-49.btcentralplus.com [31.49.219.49]) by statler.isode.com (submission channel) via TCP with ESMTPSA id <YgzX=QAFGUSs@statler.isode.com>; Wed, 16 Feb 2022 10:54:54 +0000
Message-ID: <e4a30f56-2bbd-f91e-e35c-dea504f8c733@isode.com>
Date: Wed, 16 Feb 2022 10:54:47 +0000
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.6.0
To: Rene Struik <rstruik.ext@gmail.com>, RFC Errata System <rfc-editor@rfc-editor.org>, franck.rondepierre@gmail.com, simon@josefsson.org, ilariliusvaara@welho.com
Cc: cfrg@irtf.org, irsg@irtf.org
References: <20220215054201.0427C4C1D0@rfc-editor.org> <b0bf3b9e-60f4-9b48-0a92-2aa8ef20999a@gmail.com>
From: Alexey Melnikov <alexey.melnikov@isode.com>
In-Reply-To: <b0bf3b9e-60f4-9b48-0a92-2aa8ef20999a@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-transfer-encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/K-OhkJLiX_LNk02dQvYMtVSVXHk>
Subject: Re: [CFRG] (I don't agree) Re: [Errata Held for Document Update] RFC8032 (5758)
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Feb 2022 10:55:05 -0000
Hi Rene, On 15/02/2022 20:52, Rene Struik wrote: > Hi Stanislav: > > I do not agree: work products of CFRG should try and avoid the > tendency to try and be the ultimate implementation guidance as well > (which we should have learned by now). Your objection is noted. The errata "Held for Document Update" state is basically for thing which are not wrong, but were not necessarily considerations when the corresponding RFC was published. It doesn't actually mean that the proposed change will be incorporated as is, if the RFC is revised. It is also not a guaranty that the RFC will be revised at all. In this case CFRG chairs didn't think that accepting this erratum was right, because this was not discussed or intended in the RG at the time the document was published. Rejecting is also seemed wrong, as the new formula is not wrong. Thus "Held for Document Update". > > For CFRG to produce technically sound, well-written documents is hard > enough. For it to also be a know-all on how to securely or efficiently > implement things is a recipe for trouble (although it should of course > not specify things that cannot reasonably be implemented securely). > > In this case, while the formulae in RFC 8032 are clumsy, these are > correct, and the relative merit of changing these (~1% efficiency > gain) is insufficient to warrant time and effort (including effort to > find knowledgeable people to review this, explain this to be people > who were not in the room while changing this, etc.). > > As I wrote in my email of Jan 31, 2022, 3.47pm EST: > In my mind, one of the lessons to be learned here is that it would be > highly recommended to stop the recent practice of CFRG to produce > drafts that are a curious mix of specification and implementation > details (which makes of this academic paper generators in the SCA > space and, moreover, monolithic documents that are hard to maintain > of, e.g., adapt to an instantiation with another hash function, say > SHA-256). > > Rene > > On 2022-02-15 12:42 a.m., RFC Errata System wrote: >> The following errata report has been held for document update >> for RFC8032, "Edwards-Curve Digital Signature Algorithm (EdDSA)". >> >> -------------------------------------- >> You may review the report below and at: >> https://www.rfc-editor.org/errata/eid5758 >> >> -------------------------------------- >> Status: Held for Document Update >> Type: Technical >> >> Reported by: Franck Rondepierre <franck.rondepierre@gmail.com> >> Date Reported: 2019-06-21 >> Held by: Stanislav Smyshlyaev (IRSG) >> >> Section: 5.1. >> >> Original Text >> ------------- >> (p+3)/8 3 (p-5)/8 >> x = (u/v) = u v (u v^7) (mod p) >> >> Corrected Text >> -------------- >> (p+3)/8 (p-5)/8 >> x = (u/v) = u (u v) (mod p) >> >> Notes >> ----- >> --VERIFIER NOTES-- >> The original text was correct (verified by Nick Sullivan). >> 01/28/2022: RFC Editor changed status to Reported per discussion with >> Stanislav V. Smyshlyaev. >> 02/15/2022: The status is changed to "Held for Document Update" by >> Stanislav Smyshlyaev. The proposed formulas are correct as well (for >> the specific case of the EdDSA parameters) and provide a slight >> efficiency gain. >> >> -------------------------------------- >> RFC8032 (draft-irtf-cfrg-eddsa-08) >> -------------------------------------- >> Title : Edwards-Curve Digital Signature Algorithm (EdDSA) >> Publication Date : January 2017 >> Author(s) : S. Josefsson, I. Liusvaara >> Category : INFORMATIONAL >> Source : Crypto Forum Research Group >> Area : N/A >> Stream : IRTF >> Verifying Party : IRSG >> >> _______________________________________________ >> CFRG mailing list >> CFRG@irtf.org >> https://www.irtf.org/mailman/listinfo/cfrg > >
- [CFRG] [Errata Held for Document Update] RFC8032 … RFC Errata System
- [CFRG] (I don't agree) Re: [Errata Held for Docum… Rene Struik
- Re: [CFRG] (I don't agree) Re: [Errata Held for D… Alexey Melnikov