Re: [Cfrg] draft-irtf-cfrg-dragonfly document status
Watson Ladd <watsonbladd@gmail.com> Thu, 09 October 2014 19:45 UTC
Return-Path: <watsonbladd@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E4F1A1A0352 for <cfrg@ietfa.amsl.com>; Thu, 9 Oct 2014 12:45:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id G0d3kTvbzEiR for <cfrg@ietfa.amsl.com>; Thu, 9 Oct 2014 12:45:56 -0700 (PDT)
Received: from mail-yk0-x231.google.com (mail-yk0-x231.google.com [IPv6:2607:f8b0:4002:c07::231]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DF4801A030F for <cfrg@irtf.org>; Thu, 9 Oct 2014 12:45:55 -0700 (PDT)
Received: by mail-yk0-f177.google.com with SMTP id q200so1004244ykb.22 for <cfrg@irtf.org>; Thu, 09 Oct 2014 12:45:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=fKmSBkPIS4kjaO2P+1gKCCWGT4mSnz7/ZatUfFbve/Q=; b=adU62aNqCcokJC0dxkOK9rSnUNdNdqi/1sK7gMFWR/iur+PEKlZIhtmxA/CcNkK3Nw UGcP91E+lK/4d90SeC4M4awrr0ZE2jzaBxHGMUlnyYiaAGOCy9bPT48yJekjvTC+Asnw zYlOpEervEeBfNFxk3DcTTEEx6K7AAsQHYhBGtsh2ta4AZJV5opbF7HibKjKE8ijbCKw ZzNUufuo04sQ8kG31bsbaQ4qfz8lBL4WN7qRH+eUynHxFkoRmDheTomAgHA+z9+ekXxa 6SKDFR0ONeZ5vyZMJl7xH6FhARABPuY7VQNdIm4tNiEneIi7+GQIBH4XuhLIsOOKdqeR t+gQ==
MIME-Version: 1.0
X-Received: by 10.236.228.161 with SMTP id f31mr566318yhq.44.1412883955170; Thu, 09 Oct 2014 12:45:55 -0700 (PDT)
Received: by 10.170.195.149 with HTTP; Thu, 9 Oct 2014 12:45:55 -0700 (PDT)
Received: by 10.170.195.149 with HTTP; Thu, 9 Oct 2014 12:45:55 -0700 (PDT)
In-Reply-To: <5436C882.7050700@isode.com>
References: <54357A2A.2010800@isode.com> <CACsn0c=222g7HHpPh++noS3H1jEhawtQAdeA1WbPObN3wZr6jQ@mail.gmail.com> <5436C882.7050700@isode.com>
Date: Thu, 09 Oct 2014 12:45:55 -0700
Message-ID: <CACsn0cmYsbH1Xir2GVrVjbx1tvXGLffxRDs7Su=RCtWgKvyUpA@mail.gmail.com>
From: Watson Ladd <watsonbladd@gmail.com>
To: Alexey Melnikov <alexey.melnikov@isode.com>
Content-Type: multipart/alternative; boundary="001a1133352641c2a1050502aebc"
Archived-At: http://mailarchive.ietf.org/arch/msg/cfrg/O0DA5-xUaZn3KGCyojJN7jmw7SQ
Cc: cfrg@irtf.org
Subject: Re: [Cfrg] draft-irtf-cfrg-dragonfly document status
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Oct 2014 19:45:59 -0000
On Oct 9, 2014 10:40 AM, "Alexey Melnikov" <alexey.melnikov@isode.com> wrote: > > Hi, > > > On 08/10/2014 19:09, Watson Ladd wrote: >> >> On Oct 8, 2014 10:53 AM, "Alexey Melnikov" <alexey.melnikov@isode.com> wrote: >> > >> > Hi, >> > My apologies for taking so long on this. But I felt I needed to review mailing list discussions to make up my own mind on this topic. >> > >> > After reviewing mailing list discussions about this draft, I would like to do another RGLC on it. I've seen negative comments on the mailing list, but I've also seen some interest in this work and I am also aware that some variants of the algorithm are already implemented/deployed. Also, there were a couple of new revisions of the draft and it is not clear whether people who reported original problems are happy with how they got resolved. So I would like to see a bit more positive feedback on the latest version, in particular I would like to know if specific issues raised by earlier reviews are addressed in the latest version. >> >> My comment (there is no security proof, and alternatives with better provable security) has been acknowledged to be unresolveable. The draft authors knew this from the very beginning. > > Ok, your opinion was heard. > >> I don't think we should approve a protocol that doesn't have a security proof, particularly given that we are going to work on alternatives. > > Chairs can't promise that the RG will ever converge on requirements. We can try, but there is no guaranty that anything will come out of this later effort. > >> There is plenty of terrible crypto in IEEE standards we don't issue drafts for because it is so terrible. To the extent our publication leads to use of dragonfly as opposed to known - good protocols, it's a problem. >> >> > >> > Considering how difficult previous Last Call on the document was, I would like to ask people to: >> > 1) keep in mind that CFRG chairs believe that the RG should work on PAKE requirements and after that on other PAKE proposals. This was suggested by our previous co-chair David McGrew: >> > http://www.ietf.org/mail-archive/web/cfrg/current/msg03723.html >> >> Why doesn't this apply to dragonfly, but only other proposals? > > > Because Dragonfly got there first. I don't think it is reasonable to delay the document which is effectively done and not known to be broken. And this doesn't apply to Curve 25519 because? Regardless of the eventual decision on either one, it's surprising we consider alternatives for one but not the other. It's clear dragonfly will be published from what you are saying. But what I can't figure out is why. > > >> > 2) be professional, in particular no ad hominem attacks >> >> > 3) be constructive. In particular if you would like a disclaimer being added to the document, please suggest specific text. >> > 4) simple statements of support for publishing the document or objection to publishing it are fine and encouraged. Sending them directly to RG chairs is fine. But please avoid saying "but what about PAKEXXX?", due to 1). >> > 5) unlike IETF, IRTF RGs are not required to reach rough consensus. However I would like to see us try. >> > >> > Best Regards, >> > Alexey, >> > on behalf of chairs. > >
- [Cfrg] draft-irtf-cfrg-dragonfly document status Alexey Melnikov
- Re: [Cfrg] draft-irtf-cfrg-dragonfly document sta… Watson Ladd
- Re: [Cfrg] draft-irtf-cfrg-dragonfly document sta… Paul Lambert
- Re: [Cfrg] draft-irtf-cfrg-dragonfly document sta… Watson Ladd
- Re: [Cfrg] draft-irtf-cfrg-dragonfly document sta… Paul Lambert
- Re: [Cfrg] draft-irtf-cfrg-dragonfly document sta… Dan Harkins
- Re: [Cfrg] draft-irtf-cfrg-dragonfly document sta… Watson Ladd
- Re: [Cfrg] draft-irtf-cfrg-dragonfly document sta… Peter Gutmann
- Re: [Cfrg] draft-irtf-cfrg-dragonfly document sta… Dan Harkins
- Re: [Cfrg] draft-irtf-cfrg-dragonfly document sta… Schmidt
- [Cfrg] PAKEs in general (was; Re: draft-irtf-cfrg… Stephen Farrell
- Re: [Cfrg] draft-irtf-cfrg-dragonfly document sta… Watson Ladd
- Re: [Cfrg] PAKEs in general (was; Re: draft-irtf-… Paul Lambert
- Re: [Cfrg] PAKEs in general (was; Re: draft-irtf-… Andy Lutomirski
- Re: [Cfrg] PAKEs in general (was; Re: draft-irtf-… Mike Hamburg
- Re: [Cfrg] draft-irtf-cfrg-dragonfly document sta… Alexey Melnikov
- [Cfrg] JPAKE and a few other things (was Re: draf… Alexey Melnikov
- [Cfrg] Writing proposals as drafts first (was Re:… Alexey Melnikov
- [Cfrg] PAKE requirements Alexey Melnikov
- Re: [Cfrg] draft-irtf-cfrg-dragonfly document sta… Watson Ladd
- Re: [Cfrg] PAKEs in general (was; Re: draft-irtf-… Yoav Nir
- Re: [Cfrg] PAKEs in general (was; Re: draft-irtf-… Dan Harkins