Re: [Cfrg] [irsg] IRSG review request: draft-irtf-cfrg-randomness-improvements-11

"Stanislav V. Smyshlyaev" <smyshsv@gmail.com> Tue, 05 May 2020 11:46 UTC

Return-Path: <smyshsv@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5CEB73A1646; Tue, 5 May 2020 04:46:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lCJ74ZMlgfIt; Tue, 5 May 2020 04:46:51 -0700 (PDT)
Received: from mail-lj1-x22c.google.com (mail-lj1-x22c.google.com [IPv6:2a00:1450:4864:20::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 755CE3A1644; Tue, 5 May 2020 04:46:48 -0700 (PDT)
Received: by mail-lj1-x22c.google.com with SMTP id a21so1253739ljb.9; Tue, 05 May 2020 04:46:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=+dQw3cJU5lq64CR3Q3BcIB/W/VZcUhl30Gk54w+FSIk=; b=WC/VfLYXWLcK4KKsMwbfUkxn/OGxg+9ChZbg1d5NmjoKe+dKcO+NPNAv/h41vSjfIc Qgi47yYrLb1IvNo5nZPKEixuCLdkLHlMBE58eVTGwnK0PZ5gI7xGewbPGg/aT76DBdRl IKnITLua/Wsk4dWcikHuJ4SgnHGgEACHm7jkpOmhchhrWj22RnCyOjOxZwe3Sej6FOPg vhf2Z7pRif5v1uSbltRgLbvBDffdTODbwd+xDHzct+tbMqKSi7b3gC9zY/dn/9r3yVoh eNcWNs5Wlu1jo/0c+DfyVFa9zGnauoFr02db5pp5xqPE+VxLyem83T4O0k58ONgJ5OxQ /oKg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=+dQw3cJU5lq64CR3Q3BcIB/W/VZcUhl30Gk54w+FSIk=; b=cJjip87TwZa8dqCwiz/0c+xA5Eyf9KyBwuEvTIf6nfZ1M2E6KbKgbaEEpnFV+vsUHP M0W1ZZ6Wh3PmPXeltj3bGIQ3pMYYmrP8AOn4sXO7hOlZQcXfQlRVNfmdQdP8IFxlz2kb ZHJpQ9AMp+wv5mABqK9GTe7q5Q3G8vie7NCJRuuecjMyADyF3gEKkim2wUd5XRXgZyks qGX9DAvmGsggzSwoTFKdOnfApGy8Jo7h/4hS4nM0BvZyeSGDd3gjMW+BrmBrkCRHzLMQ lF4qL6u3l11rNJKe95MClx0OjcPU8JjBd37v79wEyvni97JlVQcwF5/OUxfcu2zC+Zw6 v17A==
X-Gm-Message-State: AGi0PubBKRuY8xXOmzYWcdeUm97npgAJ9l9Sg8UmMptSrYdQX3Lk0gt1 Xy3kY/bKsn6VFgkh6FdmBJcdL7pSx79ujvROFKoIoy70TUA=
X-Google-Smtp-Source: APiQypLFbNk+dzutvxIYjoX5HuG981xMU/zTZAM/YldPHlTHYKYT23K7n0dWZ0GfUhQVMDg0XujstMGSSSbM7jho21E=
X-Received: by 2002:a2e:9990:: with SMTP id w16mr1580101lji.194.1588679206517; Tue, 05 May 2020 04:46:46 -0700 (PDT)
MIME-Version: 1.0
References: <4B969EA9-C230-4CC6-A20B-B5F7552716AA@csperkins.org> <CAGVFjMKOSEVZu_R0ZpaCZvpW6wJwfPz=5yVmFvkSXbGr6bF-kQ@mail.gmail.com> <51036D5B-DCAF-4496-B8FD-7E36231AE704@csperkins.org> <CAPjWiCSWd+TJ5zS327nBaiaZXxkv7PWQ4yScjAXFL1ZZ8Lfy2g@mail.gmail.com> <0BCD81DE-3F28-4C33-B704-5FC754C7B5C3@csperkins.org>
In-Reply-To: <0BCD81DE-3F28-4C33-B704-5FC754C7B5C3@csperkins.org>
From: "Stanislav V. Smyshlyaev" <smyshsv@gmail.com>
Date: Tue, 5 May 2020 14:44:43 +0300
Message-ID: <CAMr0u6nZyTNij36LBL4eVrkDmCuG6vEA1nVwPdKu0XOx5yFHrw@mail.gmail.com>
To: Colin Perkins <csp@csperkins.org>
Cc: draft-irtf-cfrg-randomness-improvements@ietf.org, cfrg@ietf.org, Internet Research Steering Group <irsg@irtf.org>
Content-Type: multipart/alternative; boundary="000000000000c440ed05a4e53302"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/M4fk2c2AG1fLmyhlr7L-xD_KAZ4>
Subject: Re: [Cfrg] [irsg] IRSG review request: draft-irtf-cfrg-randomness-improvements-11
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 May 2020 11:46:53 -0000

Dear Colin,

Many thanks for the update!
We'll have a short discussion of the comments with Chris, Cas, Luke and
Nick and update the draft based on the comments. Many thanks for the
comments, Marie-Jose and Mallory!

Colin, one more question. You've added a comment for the draft at the
datatracker: "Revision needed to clarify what is mandatory to implement,
and to address review from Gwynne Raskind." - shouldn't this be
about draft-irtf-cfrg-argon2 (not
about draft-irtf-cfrg-randomness-improvements)?..

Best regards,
Stanislav

On Tue, 5 May 2020 at 01:24, Colin Perkins <csp@csperkins.org> wrote:

> Thank you!
>
> Authors: would it be possible to spin a quick revision of the draft to
> address the nits in these reviews?
>
> Colin
>
>
>
> On 4 May 2020, at 23:15, Marie-Jose Montpetit <marie@mjmontpetit.com>
> wrote:
>
> Hello lists:
>
> My review of draft-irtf-cfrg-randomness-improvements-11
>
> Overall:
> The draft is well written and the solution very understandable. The
> comparison to the existing RFC is 6979 is a very good idea. While the
> application to TLS was most likely the reason the draft was written I am
> aware of issues with PRGs elsewhere notably the FRECFRAME RLC that was
> delayed due to PRG issues. This does not require to be addressed in the
> draft but shows that PRG bugs that impact randomness do need to be taken
> into account.
>
> In the NITs category I found the following missing acronyms definitions:
> DBRG
> EC
> HKDF
> HMAC
> HSM
> TLS
>
> mjm
>
>
> Marie-José Montpetit, Ph.D.
> marie@mjmontpetit.com
>
>
>
> On May 4, 2020 at 6:10:47 PM, Colin Perkins (csp@csperkins.org) wrote:
>
> Thanks, Mallory!
> Colin
>
>
>
> On 28 Apr 2020, at 19:21, Mallory Knodel <mknodel@cdt.org> wrote:
>
> HI all,
>
> I did an IRSG review for this document. I think that the editorial quality
> is high; this is not a deep technical review. As I read and noted
> questions, they were all answered later within the text and with clarity.
>
> For the last two citations there exist URLs even if the documents being
> cited aren't openly published. I recommend linking to these pages anyway
> for verification purposes.
>
> Thanks,
> -Mallory
>
> On Mon, Apr 20, 2020 at 6:44 PM Colin Perkins <csp@csperkins.org> wrote:
>
>> IRSG members,
>>
>> The Crypto Forum Research Group has requested that
>> draft-irtf-cfrg-randomness-improvements-11
>> <https://datatracker.ietf.org/doc/draft-irtf-cfrg-randomness-improvements/> be
>> considered for publication as an IRTF RFC. To progress this draft,
>> we now need *at least one* IRSG member to volunteer to provide a
>> detailed review of the draft, as follows:
>>
>> The purpose of the IRSG review is to ensure consistent editorial and
>> technical quality for IRTF publications. IRSG review is not a deep
>> technical review. (This should take place within the RG.) At least one IRSG
>> member other than the chair of the RG bringing the work forth must review
>> the document and the RG’s editorial process.
>>
>> IRSG reviewers should look for clear, cogent, and consistent writing. An
>> important aspect of the review is to gain a critical reading from reviewers
>> who are not subject matter experts and, in the process, assure the document
>> will be accessible to those beyond the authoring research group. Also,
>> reviewers should assess whether sufficient editorial and technical review
>> has been conducted and the requirements of this process document, such as
>> those described in IRTF-RFCs have been met. Finally, reviewers should check
>> that appropriate citations to related research literature have been made.
>>
>> Reviews should be written to be public. Review comments should be sent to
>> the IRSG and RG mailing lists and entered into the tracker. All IRSG review
>> comments must be addressed. However, the RG need not accept every comment.
>> It is the responsibility of the shepherd to understand the comments and
>> ensure that the RG considers them including adequate dialog between the
>> reviewer and the author and/or RG. Reviews and their resolution should be
>> entered into the tracker by the document shepherd.
>>
>> The IRSG review often results in the document being revised. Once the
>> reviewer(s), authors, and shepherd have converged on review comments, the
>> shepherd starts the IRSG Poll on whether the document should be published.
>>
>>
>> Please respond to this message if you’re able to perform such a review,
>> and indicate the approximate time-frame by which you’ll be able to complete
>> it. The document shepherd write-up is available at
>> https://datatracker.ietf.org/doc/draft-irtf-cfrg-randomness-improvements/shepherdwriteup/
>>
>> Thanks!
>> Colin (as IRTF chair)
>>
>>
>> --
>> Colin Perkins
>> https://csperkins.org/
>>
>>
>>
>>
>>
>
> --
> Mallory Knodel
> CTO, Center for Democracy and Technology
> gpg fingerprint :: E3EB 63E0 65A3 B240 BCD9 B071 0C32 A271 BD3C C780
>
>
>
>