Re: [CFRG] Please review draft-ietf-drip-rid

"Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu> Fri, 17 September 2021 19:11 UTC

Return-Path: <prvs=5894ae5b75=uri@ll.mit.edu>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 65C4A3A0EF9; Fri, 17 Sep 2021 12:11:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MIME_QP_LONG_LINE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id x0hCSoHezZTZ; Fri, 17 Sep 2021 12:11:01 -0700 (PDT)
Received: from MX3.LL.MIT.EDU (mx3.ll.mit.edu [129.55.12.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BB7BE3A0EF6; Fri, 17 Sep 2021 12:11:00 -0700 (PDT)
Received: from LLE2K16-HYBRD02.mitll.ad.local (lle2k16-hybrd02.llan.ll.mit.edu [172.25.5.146]) by MX3.LL.MIT.EDU (8.16.1.2/8.16.1.2) with ESMTPS id 18HJAw77000678 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Fri, 17 Sep 2021 15:10:58 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector5401; d=microsoft.com; cv=none; b=tYrubJA+EBknJKoEdY+nrfYuKrbQ7szVuDxsamtIyTJVeUhJckTFMiw+A93mVuy215OjO8rx9dpId93E3ESlsel9DI0p2yQDEDXZ7sUZ37QAnJE2za2uPqXmAaGtY7b7A2pZJM/s6QRY5fFbHLKSiI7xrjW1IhKyB4x8y73ry4QAwzQrygN+MflHehNU8fx35/kHu85Hwqdoslk1VX/359alH2m0iranKS/F54XaSdSLOnbl/fMXGln3KXzuyp6yrUOmyqTW9kl9tjx+/8KtOGtlDSC9nqiyzIdZ/yxCXUtSVjYOt4Iejmb9yiqoDsbNbAEcOlVXOnalBWIVPU3ocQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector5401; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=NJfJ28nsVBRlHgW0oue+YPzsIueMQBkyO3JKIKj+3Ck=; b=Wfip2wwlp3xk42amXWyQAt/2CzOCBZb3egAzx+dCMOUXcXLXZlpG5lfP0x4B1atTyQuikSKf7U6PAWDPupQ0GFgntJXTAj4Xpn+YRkqq/3mAmrr/NHgNa4afwZ8Xim3I/+U5GU1GoVo1ZLGdDN/5zV1wFVOS0+jLBsU8TQq/b17XZ6D6bx5psJhxnKjpgZ66K36Buzxt+JlHS/OljXQGNs5xZQtsMBElPz12pxkDLHWfsZJRiSDxeTLqMLJf2ZYz4cu5jkk8cUp1Z351OVQVfTAKQ4StTYjxMFhgICQfCWlpOfPGDmXICRbpeXRYi/rJrUCnRCb1O0lBvF1Ufvg2VA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ll.mit.edu; dmarc=pass action=none header.from=ll.mit.edu; dkim=pass header.d=ll.mit.edu; arc=none
From: "Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu>
To: "Riad S. Wahby" <rsw@jfet.org>
CC: Michael Scott <mike.scott=40miracl.com@dmarc.ietf.org>, "<cfrg@ietf.org>" <cfrg@ietf.org>
Thread-Topic: [CFRG] Please review draft-ietf-drip-rid
Thread-Index: AQHXqabNt36YLY7DJUewIlymAShOI6uoROUA///DNACAAFe/gP//wtEAgABxOAD//8U+AA==
Date: Fri, 17 Sep 2021 19:10:56 +0000
Message-ID: <A3231C7A-6DA6-47A9-96B7-0A90339EFB7F@ll.mit.edu>
References: <03b5ea0e-cf1a-8edf-d642-2fb4b2e458fd@htt-consult.com> <CACsn0ckZbA4=Xe+Lc1w5bc5os8Ekeh9q7AAxknknwrrBZ0R-KQ@mail.gmail.com> <E0D027B0-089E-4402-BD65-38ADEABC3351@ll.mit.edu> <CAEseHRoH941WndaQmL8F=4w6BLkfjCaxa8mKP14bjNUEz2MRfw@mail.gmail.com> <00DA2E69-D80A-4CA7-B744-97B30F237501@ll.mit.edu> <20210917184114.4gnz7g4dl7euf5po@kaon.local>
In-Reply-To: <20210917184114.4gnz7g4dl7euf5po@kaon.local>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.52.21080801
authentication-results: jfet.org; dkim=none (message not signed) header.d=none;jfet.org; dmarc=none action=none header.from=ll.mit.edu;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 632ca603-f789-4268-70b9-08d97a0ee0e3
x-ms-traffictypediagnostic: CY1P110MB0215:
x-microsoft-antispam-prvs: <CY1P110MB021563A4E2578FF25F4B181990DD9@CY1P110MB0215.NAMP110.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:4941;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: myoJa9nVfB+FKWOJbTTFInDnkn/guVJJnsMQexaHoLbuKFWY8Hr3IIIqJPWkmxtAjcd4giIcTR3tQ5olUPxsQ2tq2KHfVf+Arn+MHeVd4C7+psvDeqzRwZOCEcHyTGELr/wmdjfmKWREgFAPtnvDzTOsOa1Uf4PsrvQnyyWUAEJK9AEa5G4wQiwmu9pawM8Ty2IKikAefhfiQq/MC/QZ/jmQGUfaBdGr5vTVdTHnxZXc/DYB2nEgZi1WWHX82v1rpX68EkPos7jojCq9DGtmViNdvzguB9Q32fp8W2zVzanM+POrXRuJiiHc/qQyyBfcCTAILgOTYCi8VuaXVC6KKwlRb/zKBfkeinA8KDSOXTaDsqDmJm5jNeWmA3HJvEUgzMOw6YVLq/N1pc73BnU1Rpm+tW8y6cKET/howhP6uAQhXSJ2oQmy1qVh4aImHWHgD6lkdGBVXzhf82ydyC4vkd/lQK4z0ZEHR7kK68PwPX57opyS9hlvP+fh6MYP2Vv2iLYnJPwd2+HYXxbrMg/hirPpW53UNIwmtVwoKD8P9Gdm7PHYWPFZbux0wokAJBYNRjbvKBwJ9MTAi/ekUq2xaHBVtww71HNxKr4PuT9ch5KsVw0s4iTsYVbC9DYBQ5Ae8vKbgJlWkHWmU8LiNm7VnB6O/PXMTURk65b39CFIXh4=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CY1P110MB0712.NAMP110.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(366004)(316002)(83380400001)(4326008)(2906002)(122000001)(54906003)(66556008)(76116006)(186003)(66616009)(64756008)(99936003)(5660300002)(66476007)(71200400001)(75432002)(6916009)(86362001)(38100700002)(38070700005)(2616005)(6486002)(8936002)(53546011)(33656002)(8676002)(508600001)(6512007)(66446008)(6506007)(26005)(66946007)(45980500001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: fzY/13Q54Lgxw9ZFp8VHxJE5RABjnziOrp7X7jFGA594cFVjGnzITa7TSqC7trEZ/SSwTzEqVcSmcROW+F3VCW8HvQMeeimJFE6jCqfvU5RpF/M8bJ0itMdJmVvsytGO0cwZcbAh8N9iSv3tln+xEI2US1dv5H4McWgYNgHd0TNkkM/ikoQpmWIvNpF53fILvHh2l9oF3SDum1o1wDna9uXcirxQ5VxjLx2AA56lt8T7sShBQ/eMDBkqesDaTBPSnn+PCL4uvZssf0N0QgzzjEP54xt5jI+kPcRbG0lRbkf9XZTgHwiSnx3wZ3xWbOoCPoGXezivRGtQwldPZKhUT4DblUP2pIOaffj2qpemyv7R+qu88/DvpgVK47fWCrqiaedTSjlO8Pul83pxSuc8+yVHa5ODqTqWwhwzQ4suckylOv3UeuOqtnW+1qM/I9wNXrjRZvRkV11a2El65zI3/4ZYlxeuxRgyAfe5IS9sdB1HOWPw7TNoN7wZxxFFfxMBh9+/vgjLB/oyQSdxVNebo3OsPrTJ1BYwetEy/WtIoFSwO5N73WTqeBHANZHwuJPKtuPFHIs32yAAc+vbKoI0VJNKjrJPmaJGha3nBnQLOZ0sXLJyzeOLryAo7xjpaZmOTv0wwVZ710IvK7IhqmDLwKTWX+KZbPOc81Cz8TSndr9KcfOvT8cB12+AQnlKTwJi4GmX3e3hdUhnQXVfcZoeuw==
x-ms-exchange-transport-forked: True
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha256"; boundary="B_3714736256_1836378215"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CY1P110MB0712.NAMP110.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 632ca603-f789-4268-70b9-08d97a0ee0e3
X-MS-Exchange-CrossTenant-originalarrivaltime: 17 Sep 2021 19:10:56.9679 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 83d1efe3-698e-4819-911b-0a8fbe79d01c
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY1P110MB0215
X-OriginatorOrg: ll.mit.edu
X-Proofpoint-GUID: fpy4gv1iDMnu33ffT6BLlpr60vG12N2l
X-Proofpoint-ORIG-GUID: fpy4gv1iDMnu33ffT6BLlpr60vG12N2l
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391, 18.0.790 definitions=2021-09-17_07:2021-09-17, 2021-09-17 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 adultscore=0 malwarescore=0 mlxlogscore=501 phishscore=0 spamscore=0 suspectscore=0 mlxscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2109030001 definitions=main-2109170113
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/cLEmOW5jPqL3AWF_fBHCoOWGY1A>
Subject: Re: [CFRG] Please review draft-ietf-drip-rid
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Sep 2021 19:11:07 -0000

On 9/17/21, 14:42, "Riad S. Wahby" <rsw@jfet.org> wrote:

>    Hello Uri,
>
>    As I've said privately, I appreciate your position even though
>    I disagree with it. But this thread seems to be going in a slightly
>    concerning direction:
>
>    "Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu> wrote:
>    > While we both understand that I am not a spokesman for such a group,
>    > as nobody appointed or authorized me to do so – IMHO, this group
>    > would include all the US Government, all the vendors who sell
>    > to US Government, and probably same contingent for other countries.
>
>    The "some of us" context here was "Ed25519 is not acceptable".
>
>    Broadening this to include morally equivalent (PQ-wise) cryptography
>    (e.g., the NIST curves, ECDSA, ...), it seems pretty clear that the
>    official position of the US Government is that such cryptosystems
>    *are* acceptable. After all, they are in-use and recommended.

Acceptable as *new* designs? I'm not a spokesman for the US Government, but I doubt that. For reasons listed below. 

Acceptable as part of "sustainment"? E.g., a new email client that does good old RSA-based S/MIME? Very likely yes - but that's not what CFRG does, is it?


>    Perhaps once the current NIST competition concludes we will see a quick
>    shift to PQ cryptosystems as sole recommendations. But I doubt this
>    very much: experience tells us that breaking newly deployed and
>    not-yet-well-understood cryptosystems is much easier than building
>    crypto-threatening quantum computers.

Well, none of us can build a crypto-threatening quantum computer yet, I agree. Can you break, e.g., SABER (if it's that much easier ;)?

Once NIST PQC publishes its first PQ standards (Jan 2022), we'll see if recommendations change then.


>    So: I do not think it is correct to claim the USG and its subsidiaries
>    as ideological allies here.

I cannot claim anybody as "ideological allies". I'm appealing to the common sense here. 

Designing and standardizing a new protocol takes time. So does creating commercial implementation(s) - once the protocol is reasonably stable. Once there is a product, it needs to gain some market share. Again, time.

>From the time this is done, and until the time some other (e.g., quantum) technology or science makes this product obsolete and vulnerable - is the actual "useful lifetime" of this "new thing". And I'm saying that investing in something that may have only a few years of "useful lifetime" is not worth it.

Question to all: I understand it's fun to design new things, and it's fun to publish something - but how long should the *expected* "useful lifetime" of "it" be for the effort to actually make sense (and bring benefits other than adding to a list of pubs)?


My personal experience - recently came up with a new protocol (details are irrelevant here, and not of interest to the wide audience), and was asked to make sure it is quantum-resistant. 


>    .  .  .  .  .
>    This argument does not seem productive: essentially all cryptography
>    is based on hardness assumptions that have not been proved or disproved
>    (and, given our current knowledge, seem unlikely to be). If we accept
>    the above argument, the logical conclusion seems to be "disband CFRG".

You equate "make new designs quantum-resistant" with "let's disband CFRG"??? Hmm...