IETF Logo Mail Archive

Re: [Cfrg] RFC 5742 conflict review for draft-dolmatov-kuznyechik

"Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu> Wed, 03 February 2016 16:10 UTC

Return-Path: <prvs=184156f749=uri@ll.mit.edu>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4CED61AD23D for <cfrg@ietfa.amsl.com>; Wed, 3 Feb 2016 08:10:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MIME_QP_LONG_LINE=0.001, RP_MATCHES_RCVD=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GS9c6lElmj0L for <cfrg@ietfa.amsl.com>; Wed, 3 Feb 2016 08:10:01 -0800 (PST)
Received: from llmx2.ll.mit.edu (LLMX2.LL.MIT.EDU [129.55.12.48]) by ietfa.amsl.com (Postfix) with ESMTP id 139D61AD244 for <cfrg@irtf.org>; Wed, 3 Feb 2016 08:10:00 -0800 (PST)
Received: from LLE2K10-HUB02.mitll.ad.local (LLE2K10-HUB02.mitll.ad.local) by llmx2.ll.mit.edu (unknown) with ESMTP id u13G9jjY017819; Wed, 3 Feb 2016 11:09:45 -0500
From: "Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu>
To: Simon Josefsson <simon@josefsson.org>
Thread-Topic: RFC 5742 conflict review for draft-dolmatov-kuznyechik
Thread-Index: AQHRXmzb30kDskQEAUONwvQsGzEE458afcWA
Date: Wed, 03 Feb 2016 16:09:58 +0000
Message-ID: <D2D78DD6.2680E%uri@ll.mit.edu>
References: <4A631584-C0F1-4AFC-A51D-155C34415413@isode.com> <D2D64C5B.61B8F%kenny.paterson@rhul.ac.uk> <CADqLbz+b-YQ10d6d5_GHN+r7ETWobQgq+skPyXQSdUGG1dBDqQ@mail.gmail.com> <CACsn0c=ErkJLja7QUbA06V7vH-KPR_MpTcPhPyrKfyV02bxq-w@mail.gmail.com> <D2D65F65.266E2%uri@ll.mit.edu> <87a8nix2od.fsf@latte.josefsson.org> <D2D68F83.26762%uri@ll.mit.edu> <871t8uw0sb.fsf@latte.josefsson.org>
In-Reply-To: <871t8uw0sb.fsf@latte.josefsson.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.5.9.151119
x-originating-ip: [172.25.177.51]
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha256"; boundary="B_3537342591_185208"
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2016-02-03_08:, , signatures=0
X-Proofpoint-Spam-Details: rule=inbound_notspam policy=inbound score=0 spamscore=0 suspectscore=0 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1601100000 definitions=main-1602030279
Archived-At: <http://mailarchive.ietf.org/arch/msg/cfrg/ewuH13cR_HRXfXOBEDPPLMPSeck>
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] RFC 5742 conflict review for draft-dolmatov-kuznyechik
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Feb 2016 16:10:03 -0000

On 2/3/16, 5:23 , "Simon Josefsson" <simon@josefsson.org> wrote:

>"Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu> writes:
>>>>I see a problem with publishing descriptions of national ciphers
>>>>without
>>>guidance on suitable use and relevant applicability statements.
>>
>> The only guidance I see is: if you need "it" or are required to use
>>"it" -
>> do so, but be aware that people outside of your policy domain may not
>> interoperate with you using “it” because they may not have “it”
>> implemented. Implementing “it” is not required to be <whatever
>> protocol>-compliant.
>
>Where do you see this guidance?  I can't find anything like that in the
>draft.  

Ach… I meant “I see” like “I envision”, not like “it’s already in the
document”. :-(

>   The cryptographic algorithms specified in this Standard are designed
>   both for hardware and software implementation.  They comply with
>   modern cryptographic requirements, and put no restrictions on the
>   confidentiality level of the protected information.
>
>   The Standard applies to developing, operation, and modernization of
>   the information systems of various purposes.
>
>To me this suggests broad applicability.

Frankly, I don’t see why “it” (those other-than-AES algorithms) shouldn’t
be “broadly applicable”. AES is mandatory to implement to provide
interoperability. There’s nothing inherently holy about it. If two
communicating entities (which both must have AES support to be compliant)
happened to implement, e.g., Camellia, and want to communicate using it -
it’s not my business (and not your business) to tell them not to.

>I would expect to find a discussion on applicability in the Introduction
>or in the Security Considerations.

Introduction - yes.

Security Considerations??? That would apply if there were specific
weaknesses or vulnerabilities exposed by using the given algorithm - in
which case you want to inform the reader/implementor of what those are,
and how best to avoid/mitigate them. In the given case, for all we know
these ciphers are as good as AES. Unless you found (or have read about) an
attack and care to share it here..?

So AFAIS the only thing one can add there (and stay honest/unbiased) is
something like “this algorithm is relatively new, and enjoyed less
attention of the cryptographic community and academia than AES. Thus it is
likelier that a problem could be found in it, than in AES who has been
under scrutiny for the last 16 years."

>For those who didn't read, the security considerations is:
>
>   6.  Security Considerations
>
>   This entire document is about security considerations.
>
>Which leaves a lot to desire.

Hmm, yes. See above - would that make you happier? ;)


>>Do you envision some other kind of guidance?
>
>Yes, see the last paragraph of:
>https://www.ietf.org/mail-archive/web/cfrg/current/msg07876.html

No. Disagree with that email in general, and especially its last
paragraph. Will object against adding it.

v2.23.0 | Report a Bug | By Email