IETF Logo Mail Archive

[Cfrg] Please stop the UMAC posts!

Ted Krovetz <tdk@acm.org> Tue, 04 October 2005 21:38 UTC

Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EMuUl-0003Jq-PK; Tue, 04 Oct 2005 17:38:43 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EMuUk-0003Je-6G for cfrg@megatron.ietf.org; Tue, 04 Oct 2005 17:38:42 -0400
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA10441 for <cfrg@ietf.org>; Tue, 4 Oct 2005 17:38:39 -0400 (EDT)
Received: from ylpvm15-ext.prodigy.net ([207.115.57.46] helo=ylpvm15.prodigy.net) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1EMudT-0005Z5-VE for cfrg@ietf.org; Tue, 04 Oct 2005 17:47:45 -0400
Received: from pimout7-ext.prodigy.net (pimout7-int.prodigy.net [207.115.4.147]) by ylpvm15.prodigy.net (8.12.10 outbound/8.12.10) with ESMTP id j94LchKE011026 for <cfrg@ietf.org>; Tue, 4 Oct 2005 17:38:43 -0400
X-ORBL: [66.127.112.169]
Received: from [192.168.0.101] (adsl-66-127-112-169.dsl.scrm01.pacbell.net [66.127.112.169]) by pimout7-ext.prodigy.net (8.13.4 outbound domainkey aix/8.13.4) with ESMTP id j94LcXN8075584 for <cfrg@ietf.org>; Tue, 4 Oct 2005 17:38:33 -0400
Mime-Version: 1.0 (Apple Message framework v734)
In-Reply-To: <200510041609.JAA23448@csus.edu>
References: <200510041609.JAA23448@csus.edu>
Content-Type: text/plain; charset="US-ASCII"; delsp="yes"; format="flowed"
Message-Id: <0CFF82A0-D2C2-4832-836C-E8DDF9E704DF@acm.org>
Content-Transfer-Encoding: 7bit
From: Ted Krovetz <tdk@acm.org>
Date: Tue, 04 Oct 2005 14:38:30 -0700
To: cfrg@ietf.org
X-Mailer: Apple Mail (2.734)
X-Spam-Score: 0.1 (/)
X-Scan-Signature: c0bedb65cce30976f0bf60a0a39edea4
Content-Transfer-Encoding: 7bit
Subject: [Cfrg] Please stop the UMAC posts!
X-BeenThere: cfrg@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:cfrg@ietf.org>
List-Help: <mailto:cfrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@ietf.org?subject=subscribe>
Sender: cfrg-bounces@ietf.org
Errors-To: cfrg-bounces@ietf.org

Fellow sufferers,

By now, and perhaps for quite some time, we have all had enough of  
these endless UMAC posts. They seem to be characterized by Bernstein  
flinging mud (or something rather smellier) at UMAC and its authors,  
and us feeling obliged to respond because UMAC is in IESG review.

Today is the date of the original 4-week timeout that the RFC editor  
placed on the IESG for UMAC comments. In that spirit I ask, please,  
Russ Housley, or whoever else has the authority to end this madness,  
please close the comment period so that we can all get on with our  
lives. (Hugo humorously has called Bernstein's posts a denial-of- 
service attack on all of us.)

An internet draft is not a place to state formal theorems; it is a  
document to specify a technology. In the case of security mechanisms,  
it is desirable (and seldom done) to provide some information about  
the results backing up the proposed mechanisms. UMAC has done this,  
providing much more information and accuracy than most I-Ds (and  
RFCs) do. It has never been our intention to provide mathematical  
statements in this document. Those are provided in scientific papers  
and referred to in the I-D. We have lately added clarifications on  
the insignificance of the birthday bounds, since this was not  
included in the UMAC publications, which only talked about PRFs.  
Shortly we will put a note on the UMAC web page to document a sample  
sequence of claims that can be used to conclude the stated UMAC  
bounds starting from a PRP (instead of starting with a PRF, as in our  
original work).

At this point it needs to be stated clearly and unequivocally that  
our explanations and descriptions of UMAC in the I-D have always been  
honest, fair, and accurate. None of the "errors" pointed out by  
Bernstein have been problematic issues; the complaints seem mostly to  
be aimed to discredit the scheme and its authors. We have been  
incredibly patient in responding to these calumnious allegations.  
Where a worthy complaint was made concerning the missing prf-to-prp  
argument, we verified that it was not an issue, added a comment in  
the I-D, and, as we said, we'll drop a note to the UMAC web page to  
document the (easy) sequence of steps one needs to conclude the given  
bounds. The rest has just been tiresome personal attacks, plaguing  
this list with a lot of unpleasantness.

Our patience has limits and we cannot keep answering to every  
fabricated piece of "evidence" by Bernstein against UMAC and its  
authors. So as long as there are no further *substantial* comments,  
we will ignore further postings by this person.

We request IESG consideration for RFC publication of the current UMAC  
draft.

Thank you,
Ted Krovetz

PS -- As for Bernstein's latest attempt to make mud stick? Krovetz's  
thesis does have a stated bound of 3*2^(-32) + 2^(-33). This is true.  
But, perhaps Bernstein does not understand how bounds work? They can  
be correct and loose at the same time. The bound is correct, but not  
as tight as could be. It collects terms to be more readable and has  
2^-32 too much because the thesis version referred to signed  
multiplication in the first-layer hash. A tighter bound is 2^-31 +  
2^-34 + 2^49, which works fine without exceeding the 2^-30n bound  
stated in the I-D.

I pointed this out to him on this list Sep 28, so it looks like  
Bernstein is so desperate he is even flinging the same discredited  
mud twice!


_______________________________________________
Cfrg mailing list
Cfrg@ietf.org
https://www1.ietf.org/mailman/listinfo/cfrg

v2.23.0 | Report a Bug | By Email