Re: [Cfrg] erratum for hmac what do we think...

Stephen Farrell <stephen.farrell@cs.tcd.ie> Fri, 03 February 2017 20:41 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9714C1294DD for <cfrg@ietfa.amsl.com>; Fri, 3 Feb 2017 12:41:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.499
X-Spam-Level:
X-Spam-Status: No, score=-7.499 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-3.199, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8YU9qNPi6s_9 for <cfrg@ietfa.amsl.com>; Fri, 3 Feb 2017 12:41:24 -0800 (PST)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D55CF129474 for <cfrg@irtf.org>; Fri, 3 Feb 2017 12:41:23 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 78D55BDCC; Fri, 3 Feb 2017 20:41:21 +0000 (GMT)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FFOCnLRdYypR; Fri, 3 Feb 2017 20:41:19 +0000 (GMT)
Received: from [10.87.48.75] (95-45-153-252-dynamic.agg2.phb.bdt-fng.eircom.net [95.45.153.252]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 92669BE50; Fri, 3 Feb 2017 20:41:18 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1486154479; bh=OneTi0f9mWL17yDwXcvBpDCAn2RIRNgPNFKMpRVfNNQ=; h=Subject:To:References:From:Date:In-Reply-To:From; b=nsD0npTbk9iXh9ellGU834UXRb2g53Gjb24HmWwaYuTetHVxsmaoG6Y8gjUzRR+L2 +UD1IOTxWtVxYBZBffn9mIpCr7UKOAW40bYIIm9EX/MW98sLrbxHPPlK3QcK8HboF1 QFw3gUkBaCXiIE2wrjEnoH35DlWZs3Y2xUl9gY7U=
To: Michael StJohns <msj@nthpermutation.com>, cfrg@irtf.org
References: <666efaf7-b660-e20b-8a8a-8949a64e9bed@cs.tcd.ie> <52b3065b-bb20-9b2b-30da-78b09aace9cb@cs.tcd.ie> <f548bd9e-5aa9-9dec-a203-02bc7ef6687f@nthpermutation.com>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Openpgp: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url=
Message-ID: <40ae1271-71ba-2fd2-c539-eadd993c3a7b@cs.tcd.ie>
Date: Fri, 3 Feb 2017 20:41:17 +0000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.7.0
MIME-Version: 1.0
In-Reply-To: <f548bd9e-5aa9-9dec-a203-02bc7ef6687f@nthpermutation.com>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha-256; boundary="------------ms020208050802090702000203"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/QO4rKgKtdhPWExqnklTMf2mDJiw>
Subject: Re: [Cfrg] erratum for hmac what do we think...
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Feb 2017 20:41:26 -0000


On 03/02/17 19:49, Michael StJohns wrote:
> On 2/3/2017 1:28 PM, Stephen Farrell wrote:
>> Thanks all,
>>
>> My reading of that thread leads me to conclude there there's consensus
>> to not verify the erratum on the basis that the threat isn't that
>> significant and a backwards incompatible change as would be required is
>> not justified. However, if HMAC were to be updated in a manner that
>> didn't require backwards compatibility then one would likely consider
>> this. Hence I've marked this as "hold for document update"
> 
> I'd like to reiterate that RFC 2104 (or substantially similar text) was
> a feeder/submission for the FIPS 198-1 standard.  Its also old enough
> that it doesn't have the boilerplate we've since added that would allow
> for any changes/errata.  In that mode, its similar to the original
> publications of PKCS1, 7 and 12 as informational RFCs and we required a
> grant of rights to be able to gain change control over them.
> 
> Instead of making changes here to a document that's been OBEd by first
> being published as a FIPS  (FIPS 198) and second by an update in 2008
> (FIPS 198-1), let me suggest that comments should be bundled up and
> addressed to that document instead.
> 
> It looks like FIPS 198 is up for review in 2018 and changes might be
> applied then.
> 
> Perhaps I'm wrong about this, but we - the IETF - do not own change
> control over every RFC.

I don't think we need worry about process nits like that tbh. The
distinction between a rejected erratum, a hold-for-document-update
erratum and an erratum that's been posted but ignored for 6 months
isn't really of interest:-)

I would worry a bit about it if we approved an erratum that broke
interop, which we could have done, but didn't do, in this case.

And if/when someone wants to revise hmac then I hope they do talk
with the IETF about that. Most, but not all, RFCs that use that do
support alg agility so there could be done potential breakage to
consider.

S.


> 
> Mike
> 
> 
>>
>> Cheers,
>> S.
>>
>> On 02/02/17 02:24, Stephen Farrell wrote:
>>> Hiya,
>>>
>>> There's an erratum posted for hmac [1] where I'd be
>>> interested in what folks here think.
>>>
>>> I'm unsure if this is a real problem, esp given that
>>> there are I guess a lot of implementations.
>>>
>>> And even if it were a real problem, I'm not sure we'd
>>> want that fix.
>>>
>>> Opinions welcome...
>>>
>>> Thanks,
>>> S.
>>>
>>> [1]
>>> https://www.rfc-editor.org/errata_search.php?rfc=2104&eid=4809&rec_status=15&area_acronym=&errata_type=&wg_acronym=&submitter_name=&stream_name=&submit_date=&presentation=records
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> Cfrg mailing list
>>> Cfrg@irtf.org
>>> https://www.irtf.org/mailman/listinfo/cfrg
>>>
>>
>>
>> _______________________________________________
>> Cfrg mailing list
>> Cfrg@irtf.org
>> https://www.irtf.org/mailman/listinfo/cfrg
> 
> 
> 
> 
> 
> _______________________________________________
> Cfrg mailing list
> Cfrg@irtf.org
> https://www.irtf.org/mailman/listinfo/cfrg
>