IETF Logo Mail Archive

Re: [Cfrg] RFC 5742 conflict review for draft-dolmatov-kuznyechik

Simon Josefsson <simon@josefsson.org> Mon, 01 February 2016 14:46 UTC

Return-Path: <simon@josefsson.org>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9F1971A92FB for <cfrg@ietfa.amsl.com>; Mon, 1 Feb 2016 06:46:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.551
X-Spam-Level:
X-Spam-Status: No, score=-1.551 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_SE=0.35, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wYFdBtTFI86s for <cfrg@ietfa.amsl.com>; Mon, 1 Feb 2016 06:46:20 -0800 (PST)
Received: from duva.sjd.se (duva.sjd.se [IPv6:2001:9b0:1:1702::100]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8EF4A1A92F5 for <cfrg@irtf.org>; Mon, 1 Feb 2016 06:46:19 -0800 (PST)
Received: from latte.josefsson.org ([155.4.17.2]) (authenticated bits=0) by duva.sjd.se (8.14.4/8.14.4/Debian-4) with ESMTP id u11Ejwmx000504 (version=TLSv1/SSLv3 cipher=AES128-GCM-SHA256 bits=128 verify=NOT); Mon, 1 Feb 2016 15:45:59 +0100
From: Simon Josefsson <simon@josefsson.org>
To: "Salz, Rich" <rsalz@akamai.com>
References: <4A631584-C0F1-4AFC-A51D-155C34415413@isode.com> <87io28y3v7.fsf@latte.josefsson.org> <8b4d37ef9b8f4be7877ecc0164c57b8e@usma1ex-dag1mb1.msg.corp.akamai.com>
OpenPGP: id=54265E8C; url=http://josefsson.org/54265e8c.txt
X-Hashcash: 1:22:160201:alexey.melnikov@isode.com::Pcv7J3RC+2oNglYy:6FHW
X-Hashcash: 1:22:160201:cfrg@irtf.org::I6kaRp3OJRknbfz8:Fsad
X-Hashcash: 1:22:160201:rfc-ise@rfc-editor.org::ZhlKgrd9aZGgKXq4:7I+/
X-Hashcash: 1:22:160201:rsalz@akamai.com::9YWES1HOVKwmLO25:XXB2
Date: Mon, 01 Feb 2016 15:45:57 +0100
In-Reply-To: <8b4d37ef9b8f4be7877ecc0164c57b8e@usma1ex-dag1mb1.msg.corp.akamai.com> (Rich Salz's message of "Mon, 1 Feb 2016 13:24:39 +0000")
Message-ID: <877fioxzdm.fsf@latte.josefsson.org>
User-Agent: Gnus/5.130014 (Ma Gnus v0.14) Emacs/24.4 (gnu/linux)
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha256"; protocol="application/pgp-signature"
X-Virus-Scanned: clamav-milter 0.98.7 at duva.sjd.se
X-Virus-Status: Clean
Archived-At: <http://mailarchive.ietf.org/arch/msg/cfrg/LwRtH4WMzeCPFuOrCAT7IK4hbhc>
Cc: "cfrg@irtf.org" <cfrg@irtf.org>, Nevil Brownlee <rfc-ise@rfc-editor.org>
Subject: Re: [Cfrg] RFC 5742 conflict review for draft-dolmatov-kuznyechik
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Feb 2016 14:46:20 -0000

"Salz, Rich" <rsalz@akamai.com> writes:

>> I believe that publishing the document below would conflict with ongoing
>> work in the IETF to provide secure block ciphers that we can use on the
>> Internet.  It is not in the best interest of the IETF nor the Internet at large to
>> publish RFCs of national ciphers if there is no immediate desire to use them
>> in Internet protocols.
>
> As someone who's written more "let's document this so we can use it in
> the IETF" RFC's than anyone else, let me ask you a question.  Is it
> better to have it already written, available to use if needed, or
> better to scramble and get something written just as the need arises?

I believe you have to make a risk assessment.

In this case, I believe the risk that people implements and use this
without understanding the consequences is far far greater than the minor
advantage that there is an RFC available for citation in case a need
arise.

Remember that the text IS already written.  It is ready as a draft if we
ever decide that GOST is the cipher we want to run on the Internet.

Also consider that AES isn't an RFC: the disadvantage of that does not
seem to be stopping us from using it.

To me, publishing this is distracting and steals momentum from other
work the IETF is doing.

/Simon

v2.23.0 | Report a Bug | By Email