Re: [Cfrg] Introduction, and some concerns regarding draft-irtf-cfrg-argon2

Gwynne Raskind <gwynne@darkrainfall.org> Wed, 29 July 2020 06:08 UTC

Return-Path: <gwynne@darkrainfall.org>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5CD413A0FF7 for <cfrg@ietfa.amsl.com>; Tue, 28 Jul 2020 23:08:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=darkrainfall-org.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 91-vYbEquAlr for <cfrg@ietfa.amsl.com>; Tue, 28 Jul 2020 23:08:42 -0700 (PDT)
Received: from mail-qv1-xf2c.google.com (mail-qv1-xf2c.google.com [IPv6:2607:f8b0:4864:20::f2c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A73D13A0FF5 for <cfrg@irtf.org>; Tue, 28 Jul 2020 23:08:42 -0700 (PDT)
Received: by mail-qv1-xf2c.google.com with SMTP id s15so5898230qvv.7 for <cfrg@irtf.org>; Tue, 28 Jul 2020 23:08:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=darkrainfall-org.20150623.gappssmtp.com; s=20150623; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=aBBmw+3+pZ4xseU3AUtLy1rALpOLKyCrpZf91Lt9YUg=; b=RFUzw0rfxehxOs+bC4FSTjtdfOLLkuB2W5CIQxr6VsOZP4OG+tsCt+MjaOeL74Zulf DWi0UU5vznHcGwUJARew+WZlLH4CEIz3KC7PmzpT900drN8Jg1KEGdXS5x66n5NoLzqV OdSwzBmEyCg4SQxrTdTQt7RYZzTe0XmqSBxCBlGXPy4mLK3+LsM/kRu/sE5VLr+pMiIg 0VrCtSCwUnqJUMbkC7vyDxBgl9LEIlK5IhfdJ0nnMKHljYAwl4t4usj1MdeDeL9UJSQ+ SIVS33W+HhUa3YwUtOpKW79ONBkfElC4sFzjXheXuuUYiSAf8G5EbI7nk9pzftyfkz5P EaiA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=aBBmw+3+pZ4xseU3AUtLy1rALpOLKyCrpZf91Lt9YUg=; b=SOS7/TOot6JRSSOROaF/dhWPcavrjzHXyTbeimgQhwuzWuuj0QEzHUsJKuHJ6Vvjjj LgKUbt2xTlszWsh5f22f+i1Hb/hwi/LTN4c+46u2Y7mnMcLYTleZ5un5RVYUf5CPfmB9 SVEpXQUdEB//683WZi3L2M75nKGqr3yGRMqvu4lgvSRC0jxwsheKIr2LTXo9arEMB/86 Jy5mf4Us+1mzohg9UGpctYtjnWitWxIrgmb3X0P/ZwvUWjK9Sbr4JFdALSR5dpEOwol2 G0x/Mpnt5pQJ+GGU+hXDgsIyPSRp7/yszQn8AZywPf6ZsuRrCEyzYGbyVckzmAo89KEA HwUw==
X-Gm-Message-State: AOAM531/HPE5UARqRK1ms3YdIYae+ohU3wC57izT+avWR4Td+EeaLtda gH65c3VPLBioAuz7UOruOOoN8O63ZSU=
X-Google-Smtp-Source: ABdhPJzuaW1/URtC9aYoH0byE8pVWgDfwt840yZzZmV0oSqsnjOdqUqyJ5SP3X1e4F9tJyErYXn5AQ==
X-Received: by 2002:ad4:46e1:: with SMTP id h1mr14453070qvw.129.1596002921339; Tue, 28 Jul 2020 23:08:41 -0700 (PDT)
Received: from [10.89.0.2] (fielding.darkrainfall.org. [50.116.46.181]) by smtp.gmail.com with ESMTPSA id q198sm883598qka.51.2020.07.28.23.08.39 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 28 Jul 2020 23:08:40 -0700 (PDT)
From: Gwynne Raskind <gwynne@darkrainfall.org>
Message-Id: <CDCFDD7B-AC34-4808-B355-C4F871AFB881@darkrainfall.org>
Content-Type: multipart/alternative; boundary="Apple-Mail=_CD8A736A-30CE-42DC-A443-6D13171FD260"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.1\))
Date: Wed, 29 Jul 2020 01:08:38 -0500
In-Reply-To: <400EB178-1D0F-4C10-87CC-F3F6ADB90063@csperkins.org>
Cc: Dmitry Khovratovich <khovratovich@gmail.com>, cfrg <cfrg@irtf.org>
To: Colin Perkins <csp@csperkins.org>
References: <56194F94-E5B1-4599-902D-CC74D1A4D729@darkrainfall.org> <MN2PR11MB3936FD85BDABA7C36C97CFEFC1AF0@MN2PR11MB3936.namprd11.prod.outlook.com> <B095D21A-E2F6-4EC9-84AD-517FDAB3AE57@csperkins.org> <2106F5B7-CE16-4371-A302-B1F08A7E99B6@darkrainfall.org> <ED9E1321-CCAE-497A-B81F-960F0E52D2CA@darkrainfall.org> <CALW8-7Lrf--xTxJYKHG3E=bP18swOR-DQR9t3kFM+eudY=YL7w@mail.gmail.com> <400EB178-1D0F-4C10-87CC-F3F6ADB90063@csperkins.org>
X-Mailer: Apple Mail (2.3608.120.23.2.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/S97CVU2NWQXMtgtrTkCrPs3z0Zw>
Subject: Re: [Cfrg] Introduction, and some concerns regarding draft-irtf-cfrg-argon2
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Jul 2020 06:08:46 -0000

Hi again!

Apologies for the long delay in replying; I've been very busy of lat.e I have indeed had a chance to look the new version over, though - it's a tremendous improvement! I have no remaining major concerns with the latest version. Thanks for addressing my comments so completely!

-- Gwynne Raskind

> On Jul 26, 2020, at 09:18, Colin Perkins <csp@csperkins.org> wrote:
> 
> Hi Gwynne,
> 
> Could I please check if you had chance to review the most recent version of this draft (https://datatracker.ietf.org/doc/draft-irtf-cfrg-argon2/ <https://datatracker.ietf.org/doc/draft-irtf-cfrg-argon2/>) to see whether the changes address your concerns?
> 
> Thanks,
> Colin
> 
> 
>> On 9 Jul 2020, at 17:06, Dmitry Khovratovich <khovratovich@gmail.com <mailto:khovratovich@gmail.com>> wrote:
>> 
>> Hi Gwynne, 
>> 
>> thanks a lot for so much details! I have tried to incorporate everything to the last version.
>> 
>> On Wed, Apr 29, 2020 at 4:05 AM Gwynne Raskind <gwynne@darkrainfall.org <mailto:gwynne@darkrainfall.org>> wrote:
>> Apologies for the noise, but I just discovered a couple of errors in my notes (as was certain to happen the moment I sent them, no doubt :) ). Rather than send another attachment to the list and most likely end up having to replace that as well, I've posted the revised content as a Gist, found here: <https://gist.github.com/gwynne/d596cb9712849cdc033084b2eebaf680 <https://gist.github.com/gwynne/d596cb9712849cdc033084b2eebaf680>>. From now on this link will always provide the most up to date revision of the document.
>> 
>> -- Gwynne Raskind
>> 
>>> On Apr 28, 2020, at 19:53, Gwynne Raskind <gwynne@darkrainfall.org <mailto:gwynne@darkrainfall.org>> wrote:
>>> 
>>> Thanks to everyone for their encouragement! I've attached my edited set of notes in Markdown format (I can provide it in alternative form if desired).. I have tried to restrain this initial set of notes mostly to the most critical issues, as I've been known to end up simply rewriting entire documents if I don't keep myself in check (and frankly this draft has tempted me greatly in that regard) ^^; Please don't hesitate to ask any questions if there's anything that needs clarifying. I hope you find these notes helpful!
>>> 
>>> (P.S.: If the mailing list strips attachments, as I know many do, I welcome suggestions as to the best alternative for making the document available - my first instinct would be to post it as a GitHub Gist and send its link to the list instead.)
>>> 
>>> <draft-argon2-deconstruction.md>
>>> 
>>> -- Gwynne Raskind
>>> 
>>>> On Apr 27, 2020, at 17:32, Colin Perkins <csp@csperkins.org <mailto:csp@csperkins.org>> wrote:
>>>> 
>>>> I agree – this draft is close to publication as an RFC, so if there are corrections and/or clarifications needed, then it would be useful to get feedback so they can be incorporated before publication.
>>>> 
>>>> Colin
>>>> 
>>>> 
>>>> 
>>>>> On 27 Apr 2020, at 18:45, Scott Fluhrer (sfluhrer) <sfluhrer=40cisco.com@dmarc.ietf.org <mailto:sfluhrer=40cisco.com@dmarc.ietf.org>> wrote:
>>>>> 
>>>>> I haven’t seen any public responses, and so, while I’m not an editor of this particular draft, I’d like to reply to your concerns.
>>>>>  
>>>>> We would love to hear your critiques, both about minor errors such as typos, in addition to more major problems, such as ambiguities in the specification.
>>>>>  
>>>>> One major reason these drafts are published is to get them correct; by helping us make the draft better, you are helping us a great deal.
>>>>>  
>>>>> And, there isn’t any secret handshakes to work on this mailing list; we welcome everyone.  And you are certainly not out of line.
>>>>>  
>>>>> I look forward to hearing your corrections and your suggestions.  Thank you.
>>>>>  
>>>>> From: Cfrg <cfrg-bounces@irtf.org <mailto:cfrg-bounces@irtf.org>> On Behalf Of Gwynne Raskind
>>>>> Sent: Sunday, April 26, 2020 9:40 AM
>>>>> To: cfrg@irtf.org <mailto:cfrg@irtf.org>
>>>>> Subject: [Cfrg] Introduction, and some concerns regarding draft-irtf-cfrg-argon2
>>>>>  
>>>>> Hello!
>>>>>  
>>>>> My name is Gwynne Raskind; I'm a software engineer with a fairly wide range of technical experience and interests. I'm new to this mailing list, and to the IRTF in general - a colleague suggested that I subscribe to this working group's community to bring up an issue of concern to me with regards to the currently published draft of the specification of the Argon2 key derivation function (formally draft-irtf-cfrg-argon2-10).
>>>>>  
>>>>> In the course of both my work and general interest, I had occasion to investigate this algorithm and to attempt to build an implementation natively in the Swift language.. Unfortunately, I found the draft in its present form to be less helpful than I had hoped. After a considerable amount of time spent studying the C reference implementation and comparing it with the specification, I was able to derive a nearly complete and partially functional implementation of my own. It was a fascinating learning experience, but I also noted a significant number of typographical errors, incomplete descriptions, missing elements, and other problems in the spec itself.
>>>>>  
>>>>> As I have an active interest in the cryptography space, as well as plenty of experience as both a technical writer and as a systems engineer, I took it upon myself to write up a somewhat exhaustive list of the various issues I encountered in the spec, ranging from technical analysis to grammatical concerns: I would be very pleased to contribute it (along with some accompanying suggestions of potential corrections) if it would be welcomed. I apologize if I'm in any way out of line; I couldn't find any kind of guidelines for how to approach this sort of problem, short of doing exactly this, so here I am.
>>>>>  
>>>>> Thanks for reading through this, and I hope to get the chance to help out!
>>>>>  
>>>>>  
>>>>> -- Gwynne Raskind
>>>>> _______________________________________________
>>>>> Cfrg mailing list
>>>>> Cfrg@irtf.org <mailto:Cfrg@irtf.org>
>>>>> https://www.irtf.org/mailman/listinfo/cfrg <https://www.irtf.org/mailman/listinfo/cfrg>
>>>> 
>>>> 
>>>> -- 
>>>> Colin Perkins
>>>> https://csperkins.org/ <https://csperkins.org/>
>>>> 
>>>> 
>>>> 
>>>> 
>>> 
>> 
>> _______________________________________________
>> Cfrg mailing list
>> Cfrg@irtf.org <mailto:Cfrg@irtf.org>
>> https://www.irtf.org/mailman/listinfo/cfrg <https://www.irtf.org/mailman/listinfo/cfrg>
>> 
>> 
>> -- 
>> Best regards,
>> Dmitry Khovratovich
>> _______________________________________________
>> Cfrg mailing list
>> Cfrg@irtf.org <mailto:Cfrg@irtf.org>
>> https://www.irtf.org/mailman/listinfo/cfrg
> 
> 
> -- 
> Colin Perkins
> https://csperkins.org/ <https://csperkins.org/>
> 
> 
> 
>