IETF Logo Mail Archive

[CFRG] Re: I-D Action: draft-irtf-cfrg-rsa-guidance-01.txt

"Riad S. Wahby" <rsw@jfet.org> Fri, 06 September 2024 05:31 UTC

Return-Path: <rswatjfet.org@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 04CD9C151717 for <cfrg@ietfa.amsl.com>; Thu, 5 Sep 2024 22:31:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.658
X-Spam-Level:
X-Spam-Status: No, score=-6.658 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.001, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.25, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Hw7AFC38pUui for <cfrg@ietfa.amsl.com>; Thu, 5 Sep 2024 22:31:52 -0700 (PDT)
Received: from mail-qk1-f169.google.com (mail-qk1-f169.google.com [209.85.222.169]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DF150C1840D7 for <cfrg@ietf.org>; Thu, 5 Sep 2024 22:31:52 -0700 (PDT)
Received: by mail-qk1-f169.google.com with SMTP id af79cd13be357-7a8160a7239so111806385a.3 for <cfrg@ietf.org>; Thu, 05 Sep 2024 22:31:52 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1725600712; x=1726205512; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=eIBy4V34ZtdwVgLnatVgXVTO5c1b7Vj9fHWNnodB88E=; b=UxcHuJua6moCuIBJNyk0wbz29yome+BhM4S8Fn/8ve1CQE7HCukZfXEGBzoSYAhpbl 6bfwh7s62Xqc81VOk70AlKC69xMMe0jIvPDCU5Sw4UBSDWMYemaDouMGpzYt3f1B9GCQ 24RtoVdJqZcF+k+Ep6REnd+VEWi/8+I2Du+IJ358QOoyO4dBdhHagsbXKPLJbO8uufh/ u8eZqv4YvXgkWelT1XXUkEPqEdwrMPZsbPEp+lfgBCGlsp1Z5+x3wCN2QBP/pZXMl3Xm fbzv4X/WGjg3Jg9KCQwE4zT84Z7go8BrK7CntD6ATppcVSVoE4la8Pxl/m1Ye/U0/EJv Zcmg==
X-Forwarded-Encrypted: i=1; AJvYcCVW0MB0iVsJRyHxwTNoj+uKCm/COecOqHB5dYsp/+l/BMyt+BBX76OrSxwmiaDEWAAK3i/D@ietf.org
X-Gm-Message-State: AOJu0Yz8cj1ENiQY82L5pGvawoyHOH4YZOtPypYPbarbA5jcuMF1Y8jA b4OooB/+pkmulC6RMI/uWWtZ5R1VKRpY98yTIXkVskAm6WfVfMyPbMpGZw==
X-Google-Smtp-Source: AGHT+IH3IFoiBAfY/QFDbjqv1U6b7oqWeIxjtRwy/zPnndbdEn8VMI2H0I8jIo+tTYN2D8C39N1/gg==
X-Received: by 2002:a05:620a:147:b0:7a9:987e:cc50 with SMTP id af79cd13be357-7a9987ecdccmr73181385a.36.1725600711838; Thu, 05 Sep 2024 22:31:51 -0700 (PDT)
Received: from localhost (pool-74-109-196-203.pitbpa.fios.verizon.net. [74.109.196.203]) by smtp.gmail.com with ESMTPSA id af79cd13be357-7a98ef39ea4sm140080785a.30.2024.09.05.22.31.51 (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Thu, 05 Sep 2024 22:31:51 -0700 (PDT)
Date: Fri, 06 Sep 2024 01:31:50 -0400
From: "Riad S. Wahby" <rsw@jfet.org>
To: Alicja Kario <hkario@redhat.com>
Message-ID: <g7dd62nttkb7u3qyki6b5hpjyk5opz36ehpbgvx4i3hr6batan@3vpb3ubbwt6p>
References: <172538719711.1420249.4393971363081609427@dt-datatracker-68b7b78cf9-q8rsp> <02e9a51e-b938-49f2-b832-de4d3ec575ee@redhat.com> <CAMm+Lwh3DwF1GA=WUMEsXZ-Ho__AKB6R-kfkxF9=pRZxn3jZBw@mail.gmail.com> <dad51c80-4eb6-423a-af8f-9a99c86377be@redhat.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <dad51c80-4eb6-423a-af8f-9a99c86377be@redhat.com>
Message-ID-Hash: 5Q7NVEKC4I5MLQHNL5BR4DRL6D4CAJMK
X-Message-ID-Hash: 5Q7NVEKC4I5MLQHNL5BR4DRL6D4CAJMK
X-MailFrom: rswatjfet.org@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-cfrg.irtf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: cfrg@ietf.org
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [CFRG] Re: I-D Action: draft-irtf-cfrg-rsa-guidance-01.txt
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/ZIun2ErQNW7fjlNp0eWTzn0bjno>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Owner: <mailto:cfrg-owner@irtf.org>
List-Post: <mailto:cfrg@irtf.org>
List-Subscribe: <mailto:cfrg-join@irtf.org>
List-Unsubscribe: <mailto:cfrg-leave@irtf.org>

Hello,

With apologies for wading in while short on both context and sleep:

Alicja Kario <hkario@redhat.com> wrote:
> RSA key generation is a very rare occurance, so it's easier to just
> do it offline, on a trusted system, than to work to make it side
> channel safe. So, no, I consider it out of scope.

This strikes me as an assumption that makes things clean on paper but
messy in the real world. I can imagine lots of users taking one look
at the operational hassle of offline generation and saying "not worth it."

An alternative take: RSA key generation is a very rare occurrence, so it does
not have to be particularly fast. Thus, we can afford to spend significant
computational resources on attenuating the side channels.

(Well, and implementation time, etc.)

I'll stress again that I could be entirely mistaken about the context. But
my experience has been that users of all stripes are pesky and tend to do
what is easiest for them. And a subset of those users will not correctly
decide which system should be trusted for offline generation.

Take this drive-by opinion for what (very) little it is worth :)

Cheers,

-=rsw

v2.43.4 | Report a Bug | By Email | System Status