Re: [Cfrg] Citing specs in specs
Paul Lambert <paul@marvell.com> Sun, 02 March 2014 22:41 UTC
Return-Path: <paul@marvell.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DB81A1A099D; Sun, 2 Mar 2014 14:41:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.567
X-Spam-Level:
X-Spam-Status: No, score=-1.567 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, IP_NOT_FRIENDLY=0.334, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PhU97Xc67Erl; Sun, 2 Mar 2014 14:41:44 -0800 (PST)
Received: from mx0a-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by ietfa.amsl.com (Postfix) with ESMTP id DF4FA1A07CA; Sun, 2 Mar 2014 14:41:44 -0800 (PST)
Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.14.5/8.14.5) with SMTP id s22Mfdff025800; Sun, 2 Mar 2014 14:41:39 -0800
Received: from sc-owa01.marvell.com ([199.233.58.136]) by mx0a-0016f401.pphosted.com with ESMTP id 1jbctpnjgt-284 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NOT); Sun, 02 Mar 2014 14:41:36 -0800
Received: from SC-vEXCH2.marvell.com ([10.93.76.134]) by SC-OWA01.marvell.com ([10.93.76.21]) with mapi; Sun, 2 Mar 2014 14:41:05 -0800
From: Paul Lambert <paul@marvell.com>
To: Watson Ladd <watsonbladd@gmail.com>
Date: Sun, 02 Mar 2014 14:41:03 -0800
Thread-Topic: [Cfrg] Citing specs in specs
Thread-Index: Ac82aH6lreVgle/bQLGnnXZhDmMtSg==
Message-ID: <CF38F2D4.33940%paul@marvell.com>
References: <530FDC7A.4060404@cisco.com> <CABqy+srTqCXjOR4DMNgWyxf2pZ7dwZfWyznhBuJaY5w8VeuR4Q@mail.gmail.com> <5310B12E.4070603@cisco.com> <CABqy+srrbtdHOckjPqTj5SFuQwQEqXBjgc8kwagMi8E6ZRf=qg@mail.gmail.com> <28A7736F-A791-4552-8D42-DB99AC7B7F9B@vpnc.org> <CF37EA5F.338D8%paul@marvell.com> <CACsn0cmewBrOzaRF5XXC1p1A_gUSwkdE1_7V-1x8nta-ESyA+A@mail.gmail.com>
In-Reply-To: <CACsn0cmewBrOzaRF5XXC1p1A_gUSwkdE1_7V-1x8nta-ESyA+A@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.3.9.131030
acceptlanguage: en-US
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.11.87, 1.0.14, 0.0.0000 definitions=2014-03-02_02:2014-02-28, 2014-03-02, 1970-01-01 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 suspectscore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=7.0.1-1305240000 definitions=main-1403020154
Archived-At: http://mailarchive.ietf.org/arch/msg/cfrg/dvZRDQgwBipZhPlmCKow8rhEL1o
Cc: "cfrg@irtf.org" <cfrg@irtf.org>, Paul Hoffman <paul.hoffman@vpnc.org>, "tls@ietf.org" <tls@ietf.org>
Subject: Re: [Cfrg] Citing specs in specs
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sun, 02 Mar 2014 22:41:47 -0000
On 3/2/14, 10:38 AM, "Watson Ladd" <watsonbladd@gmail.com> wrote: >(Moving to TLS because that is where this draft is) > >On Sat, Mar 1, 2014 at 8:02 PM, Paul Lambert <paul@marvell.com> wrote: >> >> The curve25519 is NOT a good normative reference IETF protocols. >> It¹s useful as an informative reference on the curve >> Selection, but lacks clarity and completeness on >> implementation details. > >Since when does a normative reference contain implementation details? > >IEEE 745 doesn't, RnRS doesn't, the ANSI C standard doesn't, POSIX >doesn't, etc. This doesn't affect being able to judge compliance which >is the normative function of a spec. > >If you want RFCs, try writing a NTP protocol implementation (that is, >a client that keeps track of the current time accurately) without >understanding PLL control theory. This isn't in the spec at all, but >is completely necessary to get a functioning implementation. > >Furthermore, the Curve25519 paper describes a very clever >implementation in great detail. > >> >> One of the main reasons 25519 is popular is that a nicely optimized >> open source library is available for some of the more >> Useful curve functions. >> >> >> On 3/1/14, 9:21 AM, "Paul Hoffman" <paul.hoffman@vpnc.org> wrote: >> >>>[[ Subject line changed to be relevant to the discussion ]] >>> >>>On Mar 1, 2014, at 4:16 AM, Robert Ransom <rransom.8774@gmail.com> >>>wrote: >>> >>>> On 2/28/14, David McGrew <mcgrew@cisco.com> wrote: >>>>> I am wary of relying on the curve25519 paper as a normative >>>>>reference. >>>>> Perhaps your goal here is to provide an informational document (the >>>>> draft that you mention above) that offers implementation guidance, >>>>> instead of a normative reference? >>>> >>>> RFC 4492 (ECC ciphersuites for TLS) cites ANSI X9.62, IEEE 1363, and a >>>> few documents labeled as Œstandards¹ by the corporations which >>>> authored them as normative references. It cannot be implemented >>>> without the information in ANSI X9.62 and IEEE 1363. ANSI X9.62 is >>>> available from ANSI for 100 USD; IEEE 1363 is available from ANSI for >>>> 168 USD. >>> >>>I have been told by implementers that you can implement RFC 4492 just >>>fine without those references, only with [SECG]. What information in the >>>ANSI and IEEE spec do you feel is needed to implement 4492? >> >> We should be working here to document Edwards/Montgomery curves to >> the same level of clarity as the SECG documents. Perhaps we >> could be even more concise and complete - SECG left out >> details of most optimizations. >> >> My favorite examples of clarity are: >> http://www.nsa.gov/ia/_files/nist-routines.pdf >> >> http://www.nsa.gov/ia/_files/SuiteB_Implementer_G-113808.pdf >> >> Right now there is no equivalent documentation as the nist-routines.pdf >> for Edwards/Montgomery curves. > >So your argument is that until such a document is written, the IETF >should not approve any RFC containing such a curve because absent such >a document, the specification is unclear? No - I’m asking that an RFC be well written and contain enough information to implement the RFC. Paul >I disagree: the information >you demand to be placed into the spec can be figured out in a few days >of research in the library. There are numerous standard references on >bignum arithmetic, and given this with the paper of Montgomery, there >is nothing else that is needed to write an implementation that is >correct. > >Sincerely, >Watson Ladd >> >> Paul >> >>> >>>> It is true that the author of the Curve25519 paper is neither a large >>>> corporation nor an organization with ³Standards² in its name, and did >>>> not label Curve25519 as a Œstandard¹ in the paper's title. However, >>>> the Curve25519 scalar multiplication function specified in the paper >>>> became a Œstandard¹, in the sense which IETF claims to use the word, >>>> when software developers came to the rough consensus that it was a >>>> good cryptographic primitive to use, and wrote and deployed running >>>> code which implements it. >>> >>>That is not the sense which the IETF claims to use the word. >>> >>>> The Curve25519 paper is available for free >>>> from the URL <http://cr.yp.to/ecdh/curve25519-20060209.pdf>. >>>> >>>> What is your objection to using the Curve25519 paper as a normative >>>> reference for the standard Curve25519 scalar multiplication function? >>> >>>The paper is at a URL; the contents of that URL can change any time. >>>RFCs >>>can sometimes make normative reference to URLs that seem very stable, >>>and >>>Dan's might or might not be. Dan has a history of poking at the IETF >>>(sometimes for good reason), so it is quite believable that he might >>>change the contents of that URL just to make a point. Having a more >>>stable reference would clearly be better. >>> >>>--Paul Hoffman >>>_______________________________________________ >>>Cfrg mailing list >>>Cfrg@irtf.org >>>http://www.irtf.org/mailman/listinfo/cfrg >> >> _______________________________________________ >> Cfrg mailing list >> Cfrg@irtf.org >> http://www.irtf.org/mailman/listinfo/cfrg > > > >-- >"Those who would give up Essential Liberty to purchase a little >Temporary Safety deserve neither Liberty nor Safety." >-- Benjamin Franklin
- [Cfrg] tentative agenda for CFRG at IETF 89 David McGrew
- Re: [Cfrg] tentative agenda for CFRG at IETF 89 Robert Ransom
- Re: [Cfrg] tentative agenda for CFRG at IETF 89 David McGrew
- Re: [Cfrg] tentative agenda for CFRG at IETF 89 Robert Ransom
- [Cfrg] Citing specs in specs Paul Hoffman
- Re: [Cfrg] Citing specs in specs Watson Ladd
- Re: [Cfrg] Citing specs in specs Paul Hoffman
- Re: [Cfrg] tentative agenda for CFRG at IETF 89 David McGrew
- Re: [Cfrg] Citing specs in specs Paul Lambert
- Re: [Cfrg] Citing specs in specs Watson Ladd
- Re: [Cfrg] Citing specs in specs Paul Lambert
- Re: [Cfrg] Citing specs in specs Paul Lambert
- Re: [Cfrg] Citing specs in specs Paul Lambert
- Re: [Cfrg] Citing specs in specs S Moonesamy
- Re: [Cfrg] Citing specs in specs Watson Ladd
- Re: [Cfrg] Citing specs in specs Jon Callas
- Re: [Cfrg] [TLS] Citing specs in specs David McGrew
- Re: [Cfrg] Citing specs in specs Paul Lambert
- Re: [Cfrg] Citing specs in specs Watson Ladd
- Re: [Cfrg] Citing specs in specs Paul Lambert
- Re: [Cfrg] Citing specs in specs Watson Ladd
- Re: [Cfrg] [TLS] Citing specs in specs David McGrew
- Re: [Cfrg] [TLS] Citing specs in specs Paul Lambert
- Re: [Cfrg] [TLS] Citing specs in specs Watson Ladd