Re: [Cfrg] [irsg] IRSG review request: draft-irtf-cfrg-randomness-improvements-11

Colin Perkins <csp@csperkins.org> Mon, 04 May 2020 22:24 UTC

Return-Path: <csp@csperkins.org>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B585F3A1174; Mon, 4 May 2020 15:24:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=csperkins.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CL8f6O9UZ1rG; Mon, 4 May 2020 15:23:59 -0700 (PDT)
Received: from balrog.mythic-beasts.com (balrog.mythic-beasts.com [IPv6:2a00:1098:0:82:1000:0:2:1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 086EE3A1171; Mon, 4 May 2020 15:23:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=csperkins.org; s=mythic-beasts-k1; h=To:Date:Subject:From; bh=rhkVd74qkGIGLZVKY5MppOnufqrBMMR+HWb4Mdcf/2I=; b=KDaUHm4sZLNaQ8kYq2+oWY7aum kobUXzHStCvWLtMU0nz1qXV5PGR/sbqpgbdeeqlaovGYFrxI5P52heNq6wm4T4z6XpIi93QSPEzWV 8NCvPjL174ofVONJoDC2eVjsRYLTl83KF+NGFPR+Lh6UBQO2zFsG9AzSlhCPoOc5OCoHhPpBBxzky IvY69V8rKoBzJXZcEuZ749OnJPAzdfvPXc/eGhVZYcqkHvjJxZ2eDO5s1hzG6s0Ic5GVY5yXovUnj RonwXbR6s4aBe9SPa1Whdrk78jjcNEx8Y1qXBPvC6RXM8JdN4Pg7cW/9WUGiLH/Xkpv4kREvtHP98 CA1iyMfQ==;
Received: from [81.187.2.149] (port=32987 helo=[192.168.0.80]) by balrog.mythic-beasts.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92.3) (envelope-from <csp@csperkins.org>) id 1jVjVA-0003ed-V3; Mon, 04 May 2020 23:23:57 +0100
From: Colin Perkins <csp@csperkins.org>
Message-Id: <0BCD81DE-3F28-4C33-B704-5FC754C7B5C3@csperkins.org>
Content-Type: multipart/alternative; boundary="Apple-Mail=_29CBF894-9821-4CF8-9C54-A294FD13471A"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.14\))
Date: Mon, 4 May 2020 23:23:50 +0100
In-Reply-To: <CAPjWiCSWd+TJ5zS327nBaiaZXxkv7PWQ4yScjAXFL1ZZ8Lfy2g@mail.gmail.com>
Cc: Marie-Jose Montpetit <marie@mjmontpetit.com>, Mallory Knodel <mknodel@cdt.org>, cfrg@ietf.org, Internet Research Steering Group <irsg@irtf.org>
To: draft-irtf-cfrg-randomness-improvements@ietf.org
References: <4B969EA9-C230-4CC6-A20B-B5F7552716AA@csperkins.org> <CAGVFjMKOSEVZu_R0ZpaCZvpW6wJwfPz=5yVmFvkSXbGr6bF-kQ@mail.gmail.com> <51036D5B-DCAF-4496-B8FD-7E36231AE704@csperkins.org> <CAPjWiCSWd+TJ5zS327nBaiaZXxkv7PWQ4yScjAXFL1ZZ8Lfy2g@mail.gmail.com>
X-Mailer: Apple Mail (2.3445.104.14)
X-BlackCat-Spam-Score: 4
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/jOsoPI7TxNGsH6k9AF4BfV946tw>
Subject: Re: [Cfrg] [irsg] IRSG review request: draft-irtf-cfrg-randomness-improvements-11
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 May 2020 22:24:02 -0000

Thank you!

Authors: would it be possible to spin a quick revision of the draft to address the nits in these reviews?

Colin



> On 4 May 2020, at 23:15, Marie-Jose Montpetit <marie@mjmontpetit.com> wrote:
> 
> Hello lists:
> 
> My review of draft-irtf-cfrg-randomness-improvements-11
> 
> Overall:
> The draft is well written and the solution very understandable. The comparison to the existing RFC is 6979 is a very good idea. While the application to TLS was most likely the reason the draft was written I am aware of issues with PRGs elsewhere notably the FRECFRAME RLC that was delayed due to PRG issues. This does not require to be addressed in the draft but shows that PRG bugs that impact randomness do need to be taken into account.
> 
> In the NITs category I found the following missing acronyms definitions:
> DBRG
> EC
> HKDF
> HMAC
> HSM
> TLS
> 
> mjm
> 
> 
> Marie-José Montpetit, Ph.D.
> marie@mjmontpetit.com <mailto:marie@mjmontpetit.com>
> 
> 
> 
> On May 4, 2020 at 6:10:47 PM, Colin Perkins (csp@csperkins.org <mailto:csp@csperkins.org>) wrote:
> 
>> Thanks, Mallory!
>> Colin
>> 
>> 
>> 
>>> On 28 Apr 2020, at 19:21, Mallory Knodel <mknodel@cdt.org <mailto:mknodel@cdt.org>> wrote:
>>> 
>>> HI all,
>>> 
>>> I did an IRSG review for this document. I think that the editorial quality is high; this is not a deep technical review. As I read and noted questions, they were all answered later within the text and with clarity.
>>> 
>>> For the last two citations there exist URLs even if the documents being cited aren't openly published. I recommend linking to these pages anyway for verification purposes.
>>> 
>>> Thanks,
>>> -Mallory
>>> 
>>> On Mon, Apr 20, 2020 at 6:44 PM Colin Perkins <csp@csperkins.org <mailto:csp@csperkins.org>> wrote:
>>> IRSG members,
>>> 
>>> The Crypto Forum Research Group has requested that draft-irtf-cfrg-randomness-improvements-11 <https://datatracker.ietf.org/doc/draft-irtf-cfrg-randomness-improvements/> be considered for publication as an IRTF RFC. To progress this draft, we now need at least one IRSG member to volunteer to provide a detailed review of the draft, as follows:
>>> 
>>>> The purpose of the IRSG review is to ensure consistent editorial and technical quality for IRTF publications. IRSG review is not a deep technical review. (This should take place within the RG.) At least one IRSG member other than the chair of the RG bringing the work forth must review the document and the RG’s editorial process.
>>>> 
>>>> IRSG reviewers should look for clear, cogent, and consistent writing. An important aspect of the review is to gain a critical reading from reviewers who are not subject matter experts and, in the process, assure the document will be accessible to those beyond the authoring research group. Also, reviewers should assess whether sufficient editorial and technical review has been conducted and the requirements of this process document, such as those described in IRTF-RFCs have been met. Finally, reviewers should check that appropriate citations to related research literature have been made.
>>>> 
>>>> Reviews should be written to be public. Review comments should be sent to the IRSG and RG mailing lists and entered into the tracker. All IRSG review comments must be addressed. However, the RG need not accept every comment. It is the responsibility of the shepherd to understand the comments and ensure that the RG considers them including adequate dialog between the reviewer and the author and/or RG. Reviews and their resolution should be entered into the tracker by the document shepherd.
>>>> 
>>>> The IRSG review often results in the document being revised. Once the reviewer(s), authors, and shepherd have converged on review comments, the shepherd starts the IRSG Poll on whether the document should be published.
>>> 
>>> Please respond to this message if you’re able to perform such a review, and indicate the approximate time-frame by which you’ll be able to complete it. The document shepherd write-up is available at https://datatracker.ietf.org/doc/draft-irtf-cfrg-randomness-improvements/shepherdwriteup/ <https://datatracker.ietf.org/doc/draft-irtf-cfrg-randomness-improvements/shepherdwriteup/>
>>> 
>>> Thanks!
>>> Colin (as IRTF chair)
>>> 
>>> 
>>> -- 
>>> Colin Perkins
>>> https://csperkins.org/ <https://csperkins.org/>
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> -- 
>>> Mallory Knodel
>>> CTO, Center for Democracy and Technology
>>> gpg fingerprint :: E3EB 63E0 65A3 B240 BCD9 B071 0C32 A271 BD3C C780