Re: [Cfrg] Citing specs in specs
Watson Ladd <watsonbladd@gmail.com> Sun, 02 March 2014 18:38 UTC
Return-Path: <watsonbladd@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D687C1A09BC for <cfrg@ietfa.amsl.com>; Sun, 2 Mar 2014 10:38:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=unavailable
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OUN2uSdRbhGC for <cfrg@ietfa.amsl.com>; Sun, 2 Mar 2014 10:38:33 -0800 (PST)
Received: from mail-yh0-x234.google.com (mail-yh0-x234.google.com [IPv6:2607:f8b0:4002:c01::234]) by ietfa.amsl.com (Postfix) with ESMTP id D730D1A09D3 for <cfrg@irtf.org>; Sun, 2 Mar 2014 10:38:28 -0800 (PST)
Received: by mail-yh0-f52.google.com with SMTP id a41so2755412yho.25 for <cfrg@irtf.org>; Sun, 02 Mar 2014 10:38:26 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=O1Ut7ZDKElA0Zt0/06rOMX9ILDHNt40tPvVOBR+BZcc=; b=C3J+xOJG2ahaYgzxIehfSZ9c1/7c9eJmWaAbe2tH2+1/vZ2zFP5EREKbxtRfSuu2lC ViAqnIW5FbaYAil8nR1MPtY59p/1daRBn4TNNuN9KoQtkSYc9Ge6sQZ95+wtRd5XhQfI abYuZsxQP4xRa0LMXlO3xWHGTGhORslP3omPQnQDt4IMcWJGfhgFfC8SNbl9k9DuNy/n 5WCQ6AVfQhbR33MFB8E7eqHKl8XeVZuWKsSU5yaASjwhn/Rw8ZPeuGzLpgliU3Kp/vV1 SfNAmv3GGzk4wGqLG8yKmfjI/WNUOlq0+lLIe/lOuTWvN/vk0E1HHPbGYgTWRKtTAW4C yG7g==
MIME-Version: 1.0
X-Received: by 10.236.121.194 with SMTP id r42mr2531481yhh.82.1393785505993; Sun, 02 Mar 2014 10:38:25 -0800 (PST)
Received: by 10.170.92.85 with HTTP; Sun, 2 Mar 2014 10:38:25 -0800 (PST)
In-Reply-To: <CF37EA5F.338D8%paul@marvell.com>
References: <530FDC7A.4060404@cisco.com> <CABqy+srTqCXjOR4DMNgWyxf2pZ7dwZfWyznhBuJaY5w8VeuR4Q@mail.gmail.com> <5310B12E.4070603@cisco.com> <CABqy+srrbtdHOckjPqTj5SFuQwQEqXBjgc8kwagMi8E6ZRf=qg@mail.gmail.com> <28A7736F-A791-4552-8D42-DB99AC7B7F9B@vpnc.org> <CF37EA5F.338D8%paul@marvell.com>
Date: Sun, 02 Mar 2014 10:38:25 -0800
Message-ID: <CACsn0cmewBrOzaRF5XXC1p1A_gUSwkdE1_7V-1x8nta-ESyA+A@mail.gmail.com>
From: Watson Ladd <watsonbladd@gmail.com>
To: Paul Lambert <paul@marvell.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: http://mailarchive.ietf.org/arch/msg/cfrg/iFV201ZK2_fwGIEegW090S2ThfY
Cc: "cfrg@irtf.org" <cfrg@irtf.org>, Paul Hoffman <paul.hoffman@vpnc.org>, "tls@ietf.org" <tls@ietf.org>
Subject: Re: [Cfrg] Citing specs in specs
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sun, 02 Mar 2014 18:38:40 -0000
(Moving to TLS because that is where this draft is) On Sat, Mar 1, 2014 at 8:02 PM, Paul Lambert <paul@marvell.com> wrote: > > The curve25519 is NOT a good normative reference IETF protocols. > It¹s useful as an informative reference on the curve > Selection, but lacks clarity and completeness on > implementation details. Since when does a normative reference contain implementation details? IEEE 745 doesn't, RnRS doesn't, the ANSI C standard doesn't, POSIX doesn't, etc. This doesn't affect being able to judge compliance which is the normative function of a spec. If you want RFCs, try writing a NTP protocol implementation (that is, a client that keeps track of the current time accurately) without understanding PLL control theory. This isn't in the spec at all, but is completely necessary to get a functioning implementation. Furthermore, the Curve25519 paper describes a very clever implementation in great detail. > > One of the main reasons 25519 is popular is that a nicely optimized > open source library is available for some of the more > Useful curve functions. > > > On 3/1/14, 9:21 AM, "Paul Hoffman" <paul.hoffman@vpnc.org> wrote: > >>[[ Subject line changed to be relevant to the discussion ]] >> >>On Mar 1, 2014, at 4:16 AM, Robert Ransom <rransom.8774@gmail.com> wrote: >> >>> On 2/28/14, David McGrew <mcgrew@cisco.com> wrote: >>>> I am wary of relying on the curve25519 paper as a normative reference. >>>> Perhaps your goal here is to provide an informational document (the >>>> draft that you mention above) that offers implementation guidance, >>>> instead of a normative reference? >>> >>> RFC 4492 (ECC ciphersuites for TLS) cites ANSI X9.62, IEEE 1363, and a >>> few documents labeled as Œstandards¹ by the corporations which >>> authored them as normative references. It cannot be implemented >>> without the information in ANSI X9.62 and IEEE 1363. ANSI X9.62 is >>> available from ANSI for 100 USD; IEEE 1363 is available from ANSI for >>> 168 USD. >> >>I have been told by implementers that you can implement RFC 4492 just >>fine without those references, only with [SECG]. What information in the >>ANSI and IEEE spec do you feel is needed to implement 4492? > > We should be working here to document Edwards/Montgomery curves to > the same level of clarity as the SECG documents. Perhaps we > could be even more concise and complete - SECG left out > details of most optimizations. > > My favorite examples of clarity are: > http://www.nsa.gov/ia/_files/nist-routines.pdf > > http://www.nsa.gov/ia/_files/SuiteB_Implementer_G-113808.pdf > > Right now there is no equivalent documentation as the nist-routines.pdf > for Edwards/Montgomery curves. So your argument is that until such a document is written, the IETF should not approve any RFC containing such a curve because absent such a document, the specification is unclear? I disagree: the information you demand to be placed into the spec can be figured out in a few days of research in the library. There are numerous standard references on bignum arithmetic, and given this with the paper of Montgomery, there is nothing else that is needed to write an implementation that is correct. Sincerely, Watson Ladd > > Paul > >> >>> It is true that the author of the Curve25519 paper is neither a large >>> corporation nor an organization with ³Standards² in its name, and did >>> not label Curve25519 as a Œstandard¹ in the paper's title. However, >>> the Curve25519 scalar multiplication function specified in the paper >>> became a Œstandard¹, in the sense which IETF claims to use the word, >>> when software developers came to the rough consensus that it was a >>> good cryptographic primitive to use, and wrote and deployed running >>> code which implements it. >> >>That is not the sense which the IETF claims to use the word. >> >>> The Curve25519 paper is available for free >>> from the URL <http://cr.yp.to/ecdh/curve25519-20060209.pdf>. >>> >>> What is your objection to using the Curve25519 paper as a normative >>> reference for the standard Curve25519 scalar multiplication function? >> >>The paper is at a URL; the contents of that URL can change any time. RFCs >>can sometimes make normative reference to URLs that seem very stable, and >>Dan's might or might not be. Dan has a history of poking at the IETF >>(sometimes for good reason), so it is quite believable that he might >>change the contents of that URL just to make a point. Having a more >>stable reference would clearly be better. >> >>--Paul Hoffman >>_______________________________________________ >>Cfrg mailing list >>Cfrg@irtf.org >>http://www.irtf.org/mailman/listinfo/cfrg > > _______________________________________________ > Cfrg mailing list > Cfrg@irtf.org > http://www.irtf.org/mailman/listinfo/cfrg -- "Those who would give up Essential Liberty to purchase a little Temporary Safety deserve neither Liberty nor Safety." -- Benjamin Franklin
- [Cfrg] tentative agenda for CFRG at IETF 89 David McGrew
- Re: [Cfrg] tentative agenda for CFRG at IETF 89 Robert Ransom
- Re: [Cfrg] tentative agenda for CFRG at IETF 89 David McGrew
- Re: [Cfrg] tentative agenda for CFRG at IETF 89 Robert Ransom
- [Cfrg] Citing specs in specs Paul Hoffman
- Re: [Cfrg] Citing specs in specs Watson Ladd
- Re: [Cfrg] Citing specs in specs Paul Hoffman
- Re: [Cfrg] tentative agenda for CFRG at IETF 89 David McGrew
- Re: [Cfrg] Citing specs in specs Paul Lambert
- Re: [Cfrg] Citing specs in specs Watson Ladd
- Re: [Cfrg] Citing specs in specs Paul Lambert
- Re: [Cfrg] Citing specs in specs Paul Lambert
- Re: [Cfrg] Citing specs in specs Paul Lambert
- Re: [Cfrg] Citing specs in specs S Moonesamy
- Re: [Cfrg] Citing specs in specs Watson Ladd
- Re: [Cfrg] Citing specs in specs Jon Callas
- Re: [Cfrg] [TLS] Citing specs in specs David McGrew
- Re: [Cfrg] Citing specs in specs Paul Lambert
- Re: [Cfrg] Citing specs in specs Watson Ladd
- Re: [Cfrg] Citing specs in specs Paul Lambert
- Re: [Cfrg] Citing specs in specs Watson Ladd
- Re: [Cfrg] [TLS] Citing specs in specs David McGrew
- Re: [Cfrg] [TLS] Citing specs in specs Paul Lambert
- Re: [Cfrg] [TLS] Citing specs in specs Watson Ladd