Re: [Cfrg] CFRG and thwarting pervasive montoring

Paul Lambert <> Mon, 30 December 2013 19:06 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 536A81AE2D7 for <>; Mon, 30 Dec 2013 11:06:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.567
X-Spam-Status: No, score=-1.567 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, IP_NOT_FRIENDLY=0.334, SPF_PASS=-0.001] autolearn=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id FgthZRBfpQZ4 for <>; Mon, 30 Dec 2013 11:06:27 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id 370A11AE293 for <>; Mon, 30 Dec 2013 11:06:26 -0800 (PST)
Received: from pps.filterd ( []) by (8.14.5/8.14.5) with SMTP id rBUJ6Fjs009929; Mon, 30 Dec 2013 11:06:15 -0800
Received: from ([]) by with ESMTP id 1h0e8whyc2-21 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NOT); Mon, 30 Dec 2013 11:06:15 -0800
Received: from ([]) by ([]) with mapi; Mon, 30 Dec 2013 11:06:13 -0800
From: Paul Lambert <>
To: Paul Hoffman <>, Stephen Farrell <>
Date: Mon, 30 Dec 2013 11:06:11 -0800
Thread-Topic: [Cfrg] CFRG and thwarting pervasive montoring
Thread-Index: Ac8FkjUNmTAqB7QORmGgfT/Vvg3JsQ==
Message-ID: <>
References: <> <> <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
user-agent: Microsoft-MacOutlook/
acceptlanguage: en-US
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.11.87, 1.0.14, 0.0.0000 definitions=2013-12-30_02:2013-12-30, 2013-12-30, 1970-01-01 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 suspectscore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=7.0.1-1305240000 definitions=main-1312300128
Cc: "" <>
Subject: Re: [Cfrg] CFRG and thwarting pervasive montoring
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 30 Dec 2013 19:06:28 -0000

On 12/29/13, 1:12 PM, "Paul Hoffman" <> wrote:

>On Dec 29, 2013, at 11:12 AM, Stephen Farrell <>
>> . . .
>> I would love to see ongoing detailed work within
>> CFRG as to how to counter pervasive monitoring.
>Wearing your perpass hat, how can CFRG help? I ask this because I have
>seen little on the perpass mailing list that indicated that an even minor
>problem has been lack of crypto, or the use of crypto that is thought to
>be breakable. What type of crypto research or assessment would help

In the past I¹ve never considered CFRG a viable discussion forum for
making an impact by creating or approving new algorithms Š but if it is:

	We need an Œapproved' nonce-insensitive AEAD algorithm.

I¹m designing multicast communications in a mesh topology and CCM and GCM
suffer from N^2 complexity (since they require unique nonce/key).  Yes Š
there are ways that some link proposals like 802.1ae mitigate the issue
using device addresses as part of the key setup.  The best solution is a
nonce-insensitive AEAD.

We already have an RFC for SIV which is deterministic and a decent
solution, but it is not ŒNIST¹ approved, so I have problems introducing it
into consumer equipment.  It¹s also a little slow Š but I¹m not sure that
efficiency should be the primary evaluation criteria.

I¹ve asked NIST in the past and they have expressed no interest in the
problem.  It used to be very important for algorithms to be NIST approved.
 Do we need to find/create a new review and approval process for
algorithms that can be referenced by commercial products?


>Note that deprecating the use of crypto that is widely known to be broken
>is the purview of IETF WGs, not the CFRG. The relevant WGs (particularly
>TLS) seem to already be doing that.
>--Paul Hoffman
>Cfrg mailing list