Re: [Cfrg] Fwd: Rev RFC 7539?

"Stanislav V. Smyshlyaev" <smyshsv@gmail.com> Thu, 19 January 2017 10:50 UTC

Return-Path: <smyshsv@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D655B12947B for <cfrg@ietfa.amsl.com>; Thu, 19 Jan 2017 02:50:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RTEJI4hurmW6 for <cfrg@ietfa.amsl.com>; Thu, 19 Jan 2017 02:50:19 -0800 (PST)
Received: from mail-qt0-x22f.google.com (mail-qt0-x22f.google.com [IPv6:2607:f8b0:400d:c0d::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8ABE312943A for <cfrg@irtf.org>; Thu, 19 Jan 2017 02:50:19 -0800 (PST)
Received: by mail-qt0-x22f.google.com with SMTP id k15so61696430qtg.3 for <cfrg@irtf.org>; Thu, 19 Jan 2017 02:50:19 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=2ihq6XfL9TtrNvEVbBkhJXgX17+jOot5HBt07TW06yI=; b=h9s1jFKTgMYBj94VfZsODXPt+dHZfvdymwgMyD+UJSxY7+q/Fv2AfJXm6WQaF84J8b YdtCHaRMzkJyLhdhIomH3OmjA80b2MydOW0wteNdXOf0dpTJWQDWdRZTTzeqzvErMmsY 3WFxlqGlgFFZtxYeody1jAEw2uiG6ZgKLl8fpnvHVGA5jKmhFKgxDfV7Qh0lIthC1DRC GRnOLQDp+zvzAorSfRWm9BcyJUX3bMHZNamMCJ3APWsQNVTqrb5GhtWxZhFTziY5ou/e sqk53+gUEsG0GbaZx7+zHOi1wZ69nBABib+D+WtdAZ8AvT/feqIPDVOddBcclcmP4jJz 6/wQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=2ihq6XfL9TtrNvEVbBkhJXgX17+jOot5HBt07TW06yI=; b=JW+XiD89jQJhKB0cU7mNDfvc6xFKoJfiQnc98hGi/Z/ckxjUdDfpz2r4HKhJjflH26 VuiZKNZrepCx7ebUR5hI6CkxyupV4vuljV6m2RfhsPcxfLqiKq07l0AiiZ5bTAb/lbWp erN42eDpzpSmi06TJs1S+xoghrRTgN9Gs/uQYphLikBf4ICD+laWVD5zj40WXDVjQcud ApF4uBBov4geqD/tnTjoCxnkmlJ5y4ThNhOvrVArigv3Ak4CrdCUPCmfxqUjswYz3xfA SbNGYhMLKs65IYKHWqxLFCzL8GMSZ120AoPFWUMKdrG621Td2If3q/a3dkh09g/q1vGH 31vw==
X-Gm-Message-State: AIkVDXJeeekMCtcgub+wgxruG84MKHhtegmahEa8rod8Div1eNA1BbzTer1EwmxcUmMU3wMwpQ1/B2n+UF1LlQ==
X-Received: by 10.200.37.183 with SMTP id e52mr7488152qte.166.1484823018293; Thu, 19 Jan 2017 02:50:18 -0800 (PST)
MIME-Version: 1.0
Received: by 10.12.132.102 with HTTP; Thu, 19 Jan 2017 02:50:17 -0800 (PST)
In-Reply-To: <78E7520D-B2AA-4C0F-8581-52D6E7637674@vigilsec.com>
References: <46ECD4D0-07BB-4082-82AC-4B2AE656AE09@gmail.com> <A57288FC-C629-472F-8394-DB58C45EEC25@gmail.com> <D4A3AE19.7E167%kenny.paterson@rhul.ac.uk> <78E7520D-B2AA-4C0F-8581-52D6E7637674@vigilsec.com>
From: "Stanislav V. Smyshlyaev" <smyshsv@gmail.com>
Date: Thu, 19 Jan 2017 13:50:17 +0300
Message-ID: <CAMr0u6m4NGKSDFASYFaR0xA2eAWTVEyr_1YT=cbEBDS=Eas9YQ@mail.gmail.com>
To: IRTF CFRG <cfrg@irtf.org>
Content-Type: multipart/alternative; boundary=001a1141fcbc8f4e490546704c35
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/Ur1JoCPK9Z-9bcs_8tqBL770Bhs>
Subject: Re: [Cfrg] Fwd: Rev RFC 7539?
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Jan 2017 10:50:22 -0000

Document: draft-nir-cfrg-rfc7539bis-00
Reviewer: Stanislav Smyshlyaev
Review Date: 2017-01-19

The purpose of the document is to address a set of of errata for RFC 7539.
It has been done systematically and correctly - all errata have been
addressed.

RFC 7539 is an extremely important document providing some
(optional/"standby") diversity, so, I totally support the work and the
adoption of the new rfc7539bis as a CFRG document.

My only concerns related to the changes are the following (these two have
already been spotted by Russ Housley and John Mattsson):
- there are no changes in the Security Considerations section, while the
abstract says they should be.
- Capital "T" in the beginning of the second sentence of the abstract.

Also in the updated version I'd prefer to see an updated list of the papers
on ChaCha:
the ideology of the RFC is to give the alternative (e.g. as a standby
cipher) to AES in the protocols, so an up-to-date relevant list of
publications on the alternative algorithms would be helpful. Maybe the
authors have
thought on this and have come to a conclusion that no update is needed
though.

Some editorial comments, related to the original RFC:
1) "Professor Bernstein's paper" -> "[ChaCha]".
2) Section 2.5: do we really need a c-code (together with #include...)
instead of pseudocode here?
3) To add to the Russ Housley's list of unnecessary bullets and line
numbers: are "@@@" needed in A.5?
4) For "+", "^" and "<<<" definitions are given and for "|" (again -
already spotted by Russ) and for "&" they are not - some revision here
would be helpful.

And one more minor comment: the statements in 2.7 about the PRFs may be
more accurate, if instead of (or in addition to) informal words (about HMAC
that are used as PRF and that Poly1305 should not) references to the formal
PRF property and papers with proofs of HMAC would be given.

Nevertheless, in my opinion, the document is very close to being ready and
should be adopted by CFRG (after these minor corrections).

Best regards,
Stanislav V. Smyshlyaev, Ph.D.,
Head of Information Security Department,
CryptoPro LLC


2017-01-18 21:30 GMT+03:00 Russ Housley <housley@vigilsec.com>om>:

> Document: draft-nir-cfrg-rfc7539bis-00
> Reviewer: Russ Housley
> Review Date: 2017-01-19
>
> Summary: Almost Ready
>
> Major Concerns:
>
> The Abstract says that there are additions to the Security
> Considerations; however, I do not see a difference between the
> Security Considerations in this document and RFC 7539.
>
>
> Minor Concerns:
>
> In Section 2.3.1, please add a sentence to define the "|" operator
> in a manner similar to the definition for "+" in Section 2.1.
>
>
> Nits:
>
> Abstract: s/any new crypto/any new cryptographic mechanisms/
>
> Section 2.1 uses "rotation" and "roll" to describe the same operation.
> Please pick one term.
>
> In Sections 2.1 and 2.3, I do not think that the line numbers aid the
> reader. I think that simple indention would be better.
>
> In Sections 2.1 and 2.1.1, I do not think that the bullets aid the
> reader.  I think that simple indention would be better.
>
> Section 2.5.1 includes: r = (le_bytes_to_num(key[0..15]).
> I think you want to drop the leading parenthesis.
>
> In Author's address, please capitalize "st."
>
> _______________________________________________
> Cfrg mailing list
> Cfrg@irtf.org
> https://www.irtf.org/mailman/listinfo/cfrg
>