Re: [Cfrg] Call for adoption draft-mattsson-cfrg-det-sigs-with-noise

"Riad S. Wahby" <rsw@jfet.org> Wed, 13 May 2020 17:45 UTC

Return-Path: <rswatjfet.org@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0324A3A00DB for <cfrg@ietfa.amsl.com>; Wed, 13 May 2020 10:45:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.397
X-Spam-Level:
X-Spam-Status: No, score=-1.397 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.25, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.25, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id s-2AW6JBlyAJ for <cfrg@ietfa.amsl.com>; Wed, 13 May 2020 10:45:24 -0700 (PDT)
Received: from mail-pf1-f182.google.com (mail-pf1-f182.google.com [209.85.210.182]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1AC5F3A00C4 for <cfrg@irtf.org>; Wed, 13 May 2020 10:45:24 -0700 (PDT)
Received: by mail-pf1-f182.google.com with SMTP id 23so65181pfy.8 for <cfrg@irtf.org>; Wed, 13 May 2020 10:45:24 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:content-transfer-encoding :in-reply-to; bh=UtiHLdN7D7v7clybAT6ZBzaxJmVMvqwy9EQ9TBmtIpg=; b=LhcMXScP4NJh1Zq3u1Kh2IX7EelkmxMkbRhi1bSWD7NIKQBawfxY71YN5VCTSjPSwm xG1ejxhg+O9uAG55EnUwb2zMD+9TJEoMhSZelUK6Lzq4qtb0VW9tcdM272mew5svctNU Y+Nn8JNIuXmgvuDKkmNpMOJwR/uYQc05Vr/rUQcyFa6ZX78qowZOUEV8FnTkPaFg+vSB pD8BoU2SEzdvk8PWzODSWMpvkl0Bx/ODlQnBNH1PYEjyDjzUAwBguoJQh6Bkcs9aOoKb u2Qkwn2g8zqfqWmrP7Eikwys6bgaa/rWHCCVpyEOwfGTwk6AgGL1pPpvdLpxZAyLUSW1 696Q==
X-Gm-Message-State: AOAM531JpHHqPrVnPhx8MnzwuFFyFm7AehL3wufT0IAN3sbcpazUKK7Z 2aLbA/4TBWPikNqxZLpLCI4=
X-Google-Smtp-Source: ABdhPJyr2V5KHz98JVSsksZXQtjutXnxE9DLcSRG8UacZxsDP8ykiv/CrcNdmi4OCRE2vQ7Gq8uthA==
X-Received: by 2002:a63:5812:: with SMTP id m18mr380919pgb.407.1589391918554; Wed, 13 May 2020 10:45:18 -0700 (PDT)
Received: from localhost (graviton.stanford.edu. [171.67.76.22]) by smtp.gmail.com with ESMTPSA id y186sm160113pfy.66.2020.05.13.10.45.15 (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Wed, 13 May 2020 10:45:17 -0700 (PDT)
Date: Wed, 13 May 2020 10:45:14 -0700
From: "Riad S. Wahby" <rsw@jfet.org>
To: Rene Struik <rstruik.ext@gmail.com>
Cc: "Stanislav V. Smyshlyaev" <smyshsv@gmail.com>, CFRG <cfrg@irtf.org>, cfrg-chairs@ietf.org
Message-ID: <20200513174514.suwbx3emsyrltfba@muon>
References: <CAMr0u6kr18AP2ya5Pn2VXpt6FLO6vWrFQoXrFni28uYgrJXpFA@mail.gmail.com> <50d57da4-5d20-6453-b247-72ca69f7a7ba@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <50d57da4-5d20-6453-b247-72ca69f7a7ba@gmail.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/LpvC4FUHV_o5klxxkY_vBVetkZ0>
Subject: Re: [Cfrg] Call for adoption draft-mattsson-cfrg-det-sigs-with-noise
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 May 2020 17:45:25 -0000

Rene Struik <rstruik.ext@gmail.com> wrote:
> I would suggest another approach than John Mattson's, though, which is more fundamental and
> avoids hard-coding a specific mandated way of generating ephemeral private key altogether (after
> all, random number generators can be implemented in more than one way).

Said perhaps too glibly (apologies): random number generators can
be implemented in more than one way, and most of those ways are
bad. We've been running the "everyone do your own RNGs" experiment
for a few decades now and it seems like it's still failing.

CFRG should thoroughly vet an approach and mandate it. Folks who
really really want to do something else can still do so in a way
that preserves interoperability.

I'm in favor of adopting the draft, but concur with those calling
for a name change.

Just my 2μ¢,

-=rsw