IETF Logo Mail Archive

Re: [CFRG] [Technical Errata Reported] RFC9180 (7790)

Eric Rescorla <ekr@rtfm.com> Mon, 08 April 2024 23:22 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BE5C1C15198B for <cfrg@ietfa.amsl.com>; Mon, 8 Apr 2024 16:22:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.894
X-Spam-Level:
X-Spam-Status: No, score=-1.894 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20230601.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BXjcjepQfADl for <cfrg@ietfa.amsl.com>; Mon, 8 Apr 2024 16:22:01 -0700 (PDT)
Received: from mail-yw1-x1133.google.com (mail-yw1-x1133.google.com [IPv6:2607:f8b0:4864:20::1133]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D79DBC14F61D for <cfrg@irtf.org>; Mon, 8 Apr 2024 16:22:01 -0700 (PDT)
Received: by mail-yw1-x1133.google.com with SMTP id 00721157ae682-617e42a3f94so29458497b3.2 for <cfrg@irtf.org>; Mon, 08 Apr 2024 16:22:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20230601.gappssmtp.com; s=20230601; t=1712618521; x=1713223321; darn=irtf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=l5OwuhssPYQxS7Pw8kknnGdV5/hMPrjVDKAXWJyn894=; b=MSfr7fIOmDIK4se9LbkuM6z2cTSkRfdAo8OhGsllgTCQxyjk9ubM2g2sY+9V1W+SOS /sDeUt5cl8UOerLFHUNor9MZYpjgUz0s8UD2mcmfMiM4WAcKlgHm/gyZqBLhsKZZohEG ysbnWAq9pgwGFu22WCxkwSIw3hvF87pQ1MOMdRidm5kK2ca65criK2dTmY3uKIm3I1Xw h6zwC9S/vbcatxV/WQ4LqmHGtgtleX/4aMcd2hTEBXFxXPsbiqmBgX5aaXABSPMfzfaw 5D+YtONzWJWVEiEYCuZCghgZiS/J5LzGLAe0cK8xBpCUR1JT+dcWyFcLwRVOL1nYNM3C 96tQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712618521; x=1713223321; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=l5OwuhssPYQxS7Pw8kknnGdV5/hMPrjVDKAXWJyn894=; b=wSDzOJgKykbBmJI7OdYqxO/lqMNGyv4+6ShGNGUgHyjYPD64LNRIJ7NmjuO2+raXxy S+L/CzpdSn3B37zuTB+R2MvtvQfJWYTvJ3mWxkG4RAt513jOSzFL2AgeiFw8tBui1I3v fJJ91BlPFhQawu5udFrlAnTzgisN4LPlCtCeIwo5P3THYEKyEFKbxFfO05Dpctr4PYAj Rdpe4zQh/al8ckxwJHY4IZIzRDAbPHeTFzroPmdlDyhAtoFXJ3dVmMpykx8O56kTVFwX MbKSO2/HwIrTlG12YzifSHo9Vtik/KXUoAMr0C7wct7lepm8MqLjMLx6WZkyJWE8+0T5 tT5Q==
X-Forwarded-Encrypted: i=1; AJvYcCUD62VwDnBRG+fcbZQ1HBOKaLupWtDRb48nQ8BGk+IWisgCromojQYOKUo6onWA+1L8L6uzKVE3W+o0ZEaR
X-Gm-Message-State: AOJu0YwsieNchHkgB5jsa+pCYs4nkMYNyGo2d4xJzWQlZ/t6Qr6EoRHo g0rTjZ3Pc053x5I7VFxN+etkryiraKjf/+SP7qCLY2CgXRifKEb0Ml+WQBoOOuhEnyPoorU7ORK SEyGVXJKVY+bXhF5bg2ZnHlMWacMc3FaWYue6Uw==
X-Google-Smtp-Source: AGHT+IGhvxLnlo3468mYTK60BMTVqUGXuMP4gN3rsWpnntl8ziS5rzco0IU7kxc3ZQWFnjkSKONeZNrydVTqW3Q+2Ew=
X-Received: by 2002:a0d:ef84:0:b0:60a:1c9c:e00a with SMTP id y126-20020a0def84000000b0060a1c9ce00amr9020941ywe.45.1712618520642; Mon, 08 Apr 2024 16:22:00 -0700 (PDT)
MIME-Version: 1.0
References: <73d28971-0470-4339-9ae8-f2d07f2303ae@dennis-jackson.uk> <6B2EF6E4-91E0-4F26-9623-A722BAAEDF3B@gmail.com> <789eeffd-c021-480c-81b0-6b424aac4b11@app.fastmail.com> <1C2E29BB-63A5-4190-A3DB-6274FFC76427@gmail.com> <f19fed7a-8feb-4fa1-a390-b256d7994da0@dennis-jackson.uk> <BB82C718-B193-4365-8D55-34203E21C60D@gmail.com>
In-Reply-To: <BB82C718-B193-4365-8D55-34203E21C60D@gmail.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Mon, 08 Apr 2024 16:21:24 -0700
Message-ID: <CABcZeBMSOzoMYi9yFXvSjBimXRmwsP8nF1N=rvEBJ-+wm=aRrg@mail.gmail.com>
To: Neil Madden <neil.e.madden@gmail.com>
Cc: Dennis Jackson <ietf=40dennis-jackson.uk@dmarc.ietf.org>, CFRG <cfrg@irtf.org>
Content-Type: multipart/alternative; boundary="0000000000008f4d7106159e1202"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/gJLTiEgSN10A8VJIoFIJoYFcnBw>
Subject: Re: [CFRG] [Technical Errata Reported] RFC9180 (7790)
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://mailman.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://mailman.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Apr 2024 23:22:05 -0000

On Mon, Apr 8, 2024 at 2:40 PM Neil Madden <neil.e.madden@gmail.com> wrote:

> On 8 Apr 2024, at 20:21, Dennis Jackson <
> ietf=40dennis-jackson.uk@dmarc.ietf.org> wrote:
>
> I agree the RFC could be better phrased, but do not think anyone could
> read the RFC and conclude that HPKE was proven to achieve Insider Security
> - let alone establish the type of Insider Security being discussed.
> Further, the paper lays out a clear attack on KCI in accessible language
> which is the material consequence of the lack of insider security anyway.
>
> Firstly, KCI is not the only consequence of the lack of Insider-Auth, as
> discussed. Secondly, what are you trying to argue here? That the erratum is
> incorrect? That incorrect statements should remain in the RFC because...
> well, what exactly? Because a different paragraph in a different section
> almost says the right thing?
>

Without taking a position on the validity of this erratum, I would observe
that whatever the disposition of this erratum, the statement in question
will remain in the RFC. All that will happen as a result of this discussion
is that the erratum will be marked "Vertified" versus "Hold For Document
Update".

-Ekr


> -- Neil
> _______________________________________________
> CFRG mailing list
> CFRG@irtf.org
> https://mailman.irtf.org/mailman/listinfo/cfrg
>

v2.23.0 | Report a Bug | By Email