Re: [Cfrg] On Dragonfly
David McGrew <mcgrew@cisco.com> Thu, 06 February 2014 13:15 UTC
Return-Path: <mcgrew@cisco.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0BEFD1A03C4 for <cfrg@ietfa.amsl.com>; Thu, 6 Feb 2014 05:15:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -15.036
X-Spam-Level:
X-Spam-Status: No, score=-15.036 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.535, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qbO0Zo7FSrEt for <cfrg@ietfa.amsl.com>; Thu, 6 Feb 2014 05:15:44 -0800 (PST)
Received: from rcdn-iport-5.cisco.com (rcdn-iport-5.cisco.com [173.37.86.76]) by ietfa.amsl.com (Postfix) with ESMTP id 2BF7D1A03C3 for <cfrg@irtf.org>; Thu, 6 Feb 2014 05:15:44 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=3697; q=dns/txt; s=iport; t=1391692543; x=1392902143; h=message-id:date:from:mime-version:to:cc:subject: references:in-reply-to:content-transfer-encoding; bh=B9GO3Xad1/E2jDlBUfchhCyXeOFRqVmMwCSIH7rtFcw=; b=OqxjT+GfBkL6OtdeFGrITCxb8px+A5C9iBGOkLJmoMsmUxf1srJV0n0C 7EIrCaZAQr158o4xOGed1fKV6YOhZ+2j55+40X4q98wBudy5vvN/NKOMn nt4YDrUeTozpYtgi/uzCJ4m8CsZF2Mpxje2hGjpsvVLeFtZIDMwD3C3Vy w=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AlgFAM+K81KtJV2Z/2dsb2JhbABZgww4v0iBChZ0giUBAQEDAQEBATU2BQUBBQsLGAkPBw8JAwIBAgEVMAYNAQUCAgULh2kIDc40F4xVKIEbEQFQBxiEIASJSY5ihkiLWYNLHoE1
X-IronPort-AV: E=Sophos;i="4.95,793,1384300800"; d="scan'208";a="302282868"
Received: from rcdn-core-2.cisco.com ([173.37.93.153]) by rcdn-iport-5.cisco.com with ESMTP; 06 Feb 2014 13:15:33 +0000
Received: from [10.0.2.15] (rtp-mcgrew-8913.cisco.com [10.117.10.228]) by rcdn-core-2.cisco.com (8.14.5/8.14.5) with ESMTP id s16DFW32010341; Thu, 6 Feb 2014 13:15:32 GMT
Message-ID: <52F38AF4.9020509@cisco.com>
Date: Thu, 06 Feb 2014 08:15:32 -0500
From: David McGrew <mcgrew@cisco.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130922 Icedove/17.0.9
MIME-Version: 1.0
To: Watson Ladd <watsonbladd@gmail.com>
References: <CACsn0cka27S6rnBhpS4-BK02X=sUu2wQG=6jsC9K30BQD2YRBQ@mail.gmail.com>
In-Reply-To: <CACsn0cka27S6rnBhpS4-BK02X=sUu2wQG=6jsC9K30BQD2YRBQ@mail.gmail.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] On Dragonfly
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Feb 2014 13:15:47 -0000
Thanks Watson, On 02/05/2014 11:19 AM, Watson Ladd wrote: > Dear all, > First let me apologize to Paul Lambert. My remark on his cryptographic > capabilities was uncalled for, and detracted from my argument, and I > am sorry to have said it. Unfortunately it will remain as a monument > to human frailty forever on the internet. (insert commas ad libertam) it is notoriously difficult for an online group forum to maintain an even temper, because text does such a poor job of communicating emotional nuances that are so important in social cues. > > Secondly, I was unaware that there was a strong presumption in favor > of RFC publication of any protocol. Not "any protocol". The question with dragonfly is: should we leave the draft as it is, or improve it and document the security considerations accurately? The latter choice clearly does better by the Internet community. > I do not think this presumption is > wise, but that is for another day. > > Thirdly, let me clearly explain where I now stand on Dragonfly, after > discovering what kind of reduction is possible. > > Dragonfly requires that each password element be used between a single > pair of nodes, who > have only one outstanding exchange between them. This requirement is > surprising, and Dan Harkins agrees it should go in the draft. > > In the ROM, given that, we can reduce to Dragonfly between two nodes, > with a strict ordering of interactions, and I believe this can be > reduced to some reasonable computational assumption. I haven't done it > yet, so I don't know what that assumption looks like. My belief that > this wasn't possible was due to a slide of Dan's from IETF 88 which > was completely wrong: just because something similar doesn't reduce, > doesn't mean the protocol you actually make reduces! I should have > read it as a challenge, not a limitation, earlier. This removes my > biggest objection. Very cool, I look forward to hearing more on this. > > Anyway, I don't have much more to say on the issue. I do think that > the earlier IEEE standardization, followed by several IETF protocols > supporting, and only now a decent analysis, raises significant > questions as to the prudent exercise of cryptographic engineering. I > would be quite dismayed to learn that a bridge I go over every day was > only now being examined to determine if it was designed to support the > weight of traffic. I agree, there are lessons that could be learned, and what interests me most is how CFRG could improve the process. I would love to see some recommendations or considerations get written up. There are a lot of different and useful perspectives and backgrounds in CFRG. You had suggested at some point writing up a draft on security models and proofs, which could be part these recommendations. I would like to hear from others on what they think about this. (Note: I'm not asking you to start writing a draft, I just wanted to re-start the discussion on this point.) We also have the option of engaging more with standards activities in IETF. Many individuals on the list are so engaged, but on the other hand, the academically oriented people on the list likely do not follow those standards activities. Would it be useful to have a summary of new standards activities that use crypto get presented to CFRG? I would guess that we could find volunteers to put together a presentation or a long email on that topic. David > Sincerely, > Watson Ladd > _______________________________________________ > Cfrg mailing list > Cfrg@irtf.org > http://www.irtf.org/mailman/listinfo/cfrg >
- [Cfrg] On Dragonfly Watson Ladd
- Re: [Cfrg] On Dragonfly David McGrew