IETF Logo Mail Archive

Re: [Cfrg] RFC 5742 conflict review for draft-dolmatov-kuznyechik

Yoav Nir <ynir.ietf@gmail.com> Thu, 04 February 2016 20:38 UTC

Return-Path: <ynir.ietf@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EC46B1AD1EE for <cfrg@ietfa.amsl.com>; Thu, 4 Feb 2016 12:38:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5dcmNvWTUcGl for <cfrg@ietfa.amsl.com>; Thu, 4 Feb 2016 12:38:55 -0800 (PST)
Received: from mail-wm0-x236.google.com (mail-wm0-x236.google.com [IPv6:2a00:1450:400c:c09::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7686F1AD1EC for <cfrg@irtf.org>; Thu, 4 Feb 2016 12:38:55 -0800 (PST)
Received: by mail-wm0-x236.google.com with SMTP id g62so21951303wme.0 for <cfrg@irtf.org>; Thu, 04 Feb 2016 12:38:55 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :message-id:references:to; bh=7FRdQwMm9oXMqULQxkS/HdOn9VVhkeKGYkKbjvLeBzU=; b=wQMkfPa/84yzUA9QxCyIteJLtNfA9rKkIAHelbC9v0DLCw0C/kK8iPbMd2mXQATtq0 DkNvCHWKfwSrBN8mrQA9uofnGAml6xS6L4XjdDRpEFte6uVts6HNrj4jmwoO9pv9pURG 4WLyo63eWmcWSslgY3zwSHSUW7SFwCYbNq9opIsnMv5mw/bxXq+oXKrygOP+mPpNE8vr SnBYOPjsUMkoMVrtgpnKWwsS61exfukdfxfl3Nkqbwe7+jPq/e78CKPXQPbGGKVh96uT y4LXR3gqZvpWXec+/Xt10NbBYLWx6yxWwd10VUZ46sLxur86bKqd6WjSVGFVMDgjMC4D 2SYA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:content-type:mime-version:subject:from :in-reply-to:date:cc:message-id:references:to; bh=7FRdQwMm9oXMqULQxkS/HdOn9VVhkeKGYkKbjvLeBzU=; b=GNNuxALbPqahFNQCiCUlk93N9VvHj55wvMPWkNtrM33RItKT7JI7n1DkE+Lq/1CxfX mZsIbGC5WJlU3ezhhmyV+XWdO0vfd1sjuSv8eAl2bJBVOkoBYNRrogPO4SqBu2dVHB5u 2nyTu+bqUgRAovdnzXBQvngeW2Ck2doUUwKs0/PyzClqnwd+FEbv11v9JgOsu7A/hHk5 YjIUCKkVm0u2jJ3A0zNsQ/jBDrza8q/SxNRhcFQ3RC/anyPjhvneVyWeylHU//wRmLaX VTK9/LO7lTMpzxtsfssHEysHAMmEqEcQpRihncXtWLYjbTPykskcZKigWDDBVP90G+1Q Bwjw==
X-Gm-Message-State: AG10YORy7ay8RuqiUsM0lP70wiABZeWgsdxYq4LUFQVGS698jqkGh+2sFmuz/+x3CjP7Lg==
X-Received: by 10.194.20.105 with SMTP id m9mr10046949wje.161.1454618334007; Thu, 04 Feb 2016 12:38:54 -0800 (PST)
Received: from [192.168.1.13] ([46.120.13.132]) by smtp.gmail.com with ESMTPSA id 198sm14356159wml.22.2016.02.04.12.38.52 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Thu, 04 Feb 2016 12:38:53 -0800 (PST)
Content-Type: multipart/alternative; boundary="Apple-Mail=_16B4DCE3-2BC9-46F8-B5F9-CC1EA4DFFFFB"
Mime-Version: 1.0 (Mac OS X Mail 9.2 \(3112\))
From: Yoav Nir <ynir.ietf@gmail.com>
In-Reply-To: <CACsn0c=OcJP6jzne9hHp67U6ZVpBssK1y=4zu1UW8+V=brUF0w@mail.gmail.com>
Date: Thu, 04 Feb 2016 22:38:50 +0200
Message-Id: <C30CC9F8-BB06-44CB-A335-B305DCBA3502@gmail.com>
References: <4A631584-C0F1-4AFC-A51D-155C34415413@isode.com> <D2D64C5B.61B8F%kenny.paterson@rhul.ac.uk> <CADqLbz+b-YQ10d6d5_GHN+r7ETWobQgq+skPyXQSdUGG1dBDqQ@mail.gmail.com> <CACsn0c=ErkJLja7QUbA06V7vH-KPR_MpTcPhPyrKfyV02bxq-w@mail.gmail.com> <D2D65F65.266E2%uri@ll.mit.edu> <87a8nix2od.fsf@latte.josefsson.org> <D2D68F83.26762%uri@ll.mit.edu> <871t8uw0sb.fsf@latte.josefsson.org> <D2D78DD6.2680E%uri@ll.mit.edu> <b0a5edfea0df3670d5526d488dc731d1.squirrel@www.trepanning.net> <CACsn0c=OcJP6jzne9hHp67U6ZVpBssK1y=4zu1UW8+V=brUF0w@mail.gmail.com>
To: Watson Ladd <watsonbladd@gmail.com>
X-Mailer: Apple Mail (2.3112)
Archived-At: <http://mailarchive.ietf.org/arch/msg/cfrg/eqbhYOUm-k95M4S4vkrTJ5BQIMA>
Cc: cfrg@irtf.org
Subject: Re: [Cfrg] RFC 5742 conflict review for draft-dolmatov-kuznyechik
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Feb 2016 20:38:58 -0000

> On 4 Feb 2016, at 9:00 PM, Watson Ladd <watsonbladd@gmail.com> wrote:
> 
> 
> On Feb 4, 2016 9:18 AM, "Dan Harkins" <dharkins@lounge.org <mailto:dharkins@lounge.org>> wrote:
> >
> >
> > On Wed, February 3, 2016 8:09 am, Blumenthal, Uri - 0553 - MITLL wrote:
> > > On 2/3/16, 5:23 , "Simon Josefsson" <simon@josefsson.org <mailto:simon@josefsson.org>> wrote:
> > >
> > >>   The cryptographic algorithms specified in this Standard are designed
> > >>   both for hardware and software implementation.  They comply with
> > >>   modern cryptographic requirements, and put no restrictions on the
> > >>   confidentiality level of the protected information.
> > >>
> > >>   The Standard applies to developing, operation, and modernization of
> > >>   the information systems of various purposes.
> > >>
> > >>To me this suggests broad applicability.
> > >
> > > Frankly, I don't see why "it" (those other-than-AES algorithms)
> > > shouldn't
> > > be "broadly applicable". AES is mandatory to implement to provide
> > > interoperability. There's nothing inherently holy about it. If two
> > > communicating entities (which both must have AES support to be compliant)
> > > happened to implement, e.g., Camellia, and want to communicate using it -
> > > it's not my business (and not your business) to tell them not to.
> >
> >   Amen! Agree. +1 and all that.
> 
> Is that what actually happens? Or do administrators and programmers have no clue about which primitives are secure, and assume that the protocols will provide security no matter how configured? We can also add in the disaster that is the usual API for using these standards, thanks to all the complexity that implementations feel a need to offer.
> 
> 

That depends on the administrators and on the programmers. For example, and administrator in Russia whose systems transmit data that the law requires to be encrypted (financial, medical, personnel records, anything to do with strategic industries like oil, gas, and munitions) is going to follow the law and configure GOST-approved algorithms such as kuznyechik regardless of how she feels about the merits of Kuzneychik vs AES or ChaCha20. A programmer who maintains the TLS or IPsec or SSH implementation for such an administrator will include these algorithms in the product.  

Similarly an administrator for a hospital or HMO in the United States is bound by HIPAA to use best practices to protect the data, and although HIPAA does not prescribe specific algorithms, or even encryption at all, such an administrator is likely to configure NIST-approved algorithms and perhaps choose a product that has FIPS certification to avoid liability.

Other administrators might use whatever is the default in the library or product that they use. That leads programmers to optimize the defaults for maximum interoperability, which is why it’s taking so long to get rid of things like RC4 and MD5.

Yoav

v2.23.0 | Report a Bug | By Email