Re: [Cfrg] NSA sabotaging crypto standards
Watson Ladd <watsonbladd@gmail.com> Thu, 06 February 2014 19:10 UTC
Return-Path: <watsonbladd@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8197F1A03DC for <cfrg@ietfa.amsl.com>; Thu, 6 Feb 2014 11:10:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id O5t3sM49vo3b for <cfrg@ietfa.amsl.com>; Thu, 6 Feb 2014 11:10:26 -0800 (PST)
Received: from mail-we0-x233.google.com (mail-we0-x233.google.com [IPv6:2a00:1450:400c:c03::233]) by ietfa.amsl.com (Postfix) with ESMTP id 589981A01E3 for <cfrg@irtf.org>; Thu, 6 Feb 2014 11:10:26 -0800 (PST)
Received: by mail-we0-f179.google.com with SMTP id q58so1638593wes.10 for <cfrg@irtf.org>; Thu, 06 Feb 2014 11:10:24 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=6Ex8Q2Ftw/nsLZYMf8BWPuGcyIf34kbTUYS9jypj1qU=; b=n6fB8T9xzDsvh78ixDeQo7Kc+EZfdKKFiDQ2Ozrs1MdWROo04LRbUoBEyH8S9zJePd kQZ9/vhZ5VXjHxx4JY6IuJ99+jDu0XfvVcm1MQbb746uOQZwTGSGE+vq2B39Q9YA8f7M 8GCU0oMpPa3bHp48BSdj/4/X02ZPdmtLwsSzDqXvONBKWwwNe0jz1DELSHYtALaoXUYQ zC7WcdrKD9Imz3seDOq4eVNnbiHzimab1j7AF9+Fl+PyTH1JeshdnJnZCBTa9rZXmysi 4x1bVNxIpNwff+Vu8YuZrESTTHJDOlG0yCQw0uxtQeYtir6BYNN8mnEuQLQGmBGphKkv QAlA==
MIME-Version: 1.0
X-Received: by 10.194.2.70 with SMTP id 6mr7210342wjs.25.1391713824733; Thu, 06 Feb 2014 11:10:24 -0800 (PST)
Received: by 10.194.250.101 with HTTP; Thu, 6 Feb 2014 11:10:24 -0800 (PST)
In-Reply-To: <6F8C22FA-B968-4B3C-8A8D-C24F1DFC5021@vpnc.org>
References: <20140203192451.6268.76511.idtracker@ietfa.amsl.com> <7af2f9df96e5867d493c614806235363.squirrel@www.trepanning.net> <CACsn0cm1f-P95je5AbEbZ02Ut3+HM7Hx28P6j46TqE-=06eZDg@mail.gmail.com> <52F00EF3.3040505@cisco.com> <CACsn0c=zS5GKex3eF_hKgTsL1kH=TiBi3iAP9oMrJ9hDQcT4Gw@mail.gmail.com> <7BAC95F5A7E67643AAFB2C31BEE662D018B81B7DE5@SC-VEXCH2.marvell.com> <CACsn0cn0TaHsDkyN2ewOorxxBzXivCg=QGR-ZnBiC3nJhvhpRg@mail.gmail.com> <14AB44E0-4C90-4E4C-A656-885A31CF4C02@checkpoint.com> <CACsn0cmDT-FAN8uMZ0w8TX6GKPAZjnrexLeFQd7QhRfoY6AGFQ@mail.gmail.com> <75e1e853dc391b418062ee5e51adeb2f.squirrel@www.trepanning.net> <CABqy+sr7ZKrACj4Ga2_75d9Kea0aKbrp2P5fWWu4YZP53zijxw@mail.gmail.com> <CACsn0cmS152wYQWHiX8ykzaMM=6b=r=fwVuLfPj_u0wmoq0jKw@mail.gmail.com> <7BAC95F5A7E67643AAFB2C31BEE662D018B81B7F7C@SC-VEXCH2.marvell.com> <CACsn0c=a5PvZOZgVRjHaJ2avGCPHF6b6nOpNh+iT0909X-jUFA@mail.gmail.com> <52F23D52.4090509@cisco.com> <EFA9E215-3B01-43C6-A8F0-3F98E3ED2E26@netapp.com> <3E30D764-7E19-45DB-9D6D-63949F5B36CB@netapp.com> <255B9BB34FB7D647A506DC292726F6E1153AE65F2E@WSMSG3153V.srv.dir.telstra.com> <570B8BE5-1362-4D08-A22D-FE86FC4A77DC@netapp.com> <CACsn0ckm95r4x7VBrW81+f7Resf7RcS6iOBPx3yqu9m1VuELhw@mail.gmail.com> <6F8C22FA-B968-4B3C-8A8D-C24F1DFC5021@vpnc.org>
Date: Thu, 06 Feb 2014 11:10:24 -0800
Message-ID: <CACsn0cmFpQEBbv=3EWvUff3EnNuuiqyzjJqFR6Dy97VjLREVVg@mail.gmail.com>
From: Watson Ladd <watsonbladd@gmail.com>
To: Paul Hoffman <paul.hoffman@vpnc.org>
Content-Type: text/plain; charset="UTF-8"
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] NSA sabotaging crypto standards
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Feb 2014 19:10:28 -0000
On Thu, Feb 6, 2014 at 10:48 AM, Paul Hoffman <paul.hoffman@vpnc.org> wrote: > On Feb 6, 2014, at 9:00 AM, Watson Ladd <watsonbladd@gmail.com> wrote: > >> IETF working groups will follow suit if they see that some new >> protocol is documented by the CFRG. > > Can you give examples of that? Having been active in many IETF WGs for 15+ years, I can't think of one, but I could have forgotten some. Dragonfly in TLS was the first time this happened. Had Rene Struik not noticed that CFRG hadn't done anything, life would be interesting. My understanding was that CFRG existed so that IETF WGs without cryptographers could borrow some temporarily from us. That's what the HTTP auth people are doing, and what TLS did with Dragonfly. > >> That's the role >> the CFRG exists to play: supporting IETF WGs when they have to >> evaluate crypto. > > Evaluating crypto is quite different than creating "some new protocol". The CFRG most often evaluates existing crypto protocols and modes, it doesn't create them. I think we're saying the same thing: IETF WG wants a protocol that does blah. They look around and see the proposals blah1, blah2 etc. exist. Then one of them gets picked. Whether this is defining a new protocol or evaluating the existing blah1, blah2, etc. is I think more semantic than anything else. A useful evaluation results in changes to address found deficiencies, or a statement that there are none and will be none. The easiest time to replace a broken mechanism is when it is being designed, before it is deployed. If we are playing catchup to deployment, the only thing we can say is "we're doomed" when we find a problem. There is also the everpresent turning the paper into a spec. This is fairly routine for most protocols, but the details matter, and can completely change what actually is going on. SSL v3 looked like it was using CBC mode, but because they decided to use chained IV's, actually were doing something completely different. > >> Furthermore, if we aren't actually >> producing documents meant to say "This is X, and X is good" for some >> definition of good, what are we doing here? > > Lots of things: > > - This is X, and while X is good, doing Y in X would be very bad > > - This is X, and we have some shaky feelings about X, but we're totally fine with Z, which can be used in most of the same places > > - Current IETF protocols use X, but X is now out of favor for these reasons; please strongly consider using Z > > In the latter two cases, Z is not "some new protocol", they are existing ones that have been studied. Are any of the CFRG WG drafts/IRTF publications actually of this form? I really don't know: from my review of the mailing list the CFRG did very little up until last year or so. I agree these are also documents that require production, especially when some ancient protocol hasn't been studied because it isn't as attractive a target as TLS. We need some sort of idea how to do this kind of review systematically. I've tried by reviewing all cfrg drafts, but there are some emails I'm behind on, and there is no way I can do all 7 thousand RFCs in a reasonable amount of time. Sincerely, Watson Ladd
- [Cfrg] I-D Action: draft-irtf-cfrg-dragonfly-03.t… internet-drafts
- Re: [Cfrg] I-D Action: draft-irtf-cfrg-dragonfly-… Dan Harkins
- Re: [Cfrg] I-D Action: draft-irtf-cfrg-dragonfly-… Watson Ladd
- Re: [Cfrg] I-D Action: draft-irtf-cfrg-dragonfly-… David McGrew
- Re: [Cfrg] I-D Action: draft-irtf-cfrg-dragonfly-… Watson Ladd
- Re: [Cfrg] I-D Action: draft-irtf-cfrg-dragonfly-… David McGrew
- Re: [Cfrg] I-D Action: draft-irtf-cfrg-dragonfly-… Dan Harkins
- Re: [Cfrg] I-D Action: draft-irtf-cfrg-dragonfly-… Paul Lambert
- Re: [Cfrg] I-D Action: draft-irtf-cfrg-dragonfly-… Watson Ladd
- Re: [Cfrg] I-D Action: draft-irtf-cfrg-dragonfly-… Dan Harkins
- Re: [Cfrg] I-D Action: draft-irtf-cfrg-dragonfly-… Yoav Nir
- Re: [Cfrg] I-D Action: draft-irtf-cfrg-dragonfly-… Watson Ladd
- Re: [Cfrg] I-D Action: draft-irtf-cfrg-dragonfly-… Mike Hamburg
- Re: [Cfrg] I-D Action: draft-irtf-cfrg-dragonfly-… Dan Harkins
- Re: [Cfrg] I-D Action: draft-irtf-cfrg-dragonfly-… Robert Ransom
- Re: [Cfrg] I-D Action: draft-irtf-cfrg-dragonfly-… Watson Ladd
- Re: [Cfrg] I-D Action: draft-irtf-cfrg-dragonfly-… Blumenthal, Uri - 0558 - MITLL
- Re: [Cfrg] 2^40. I can't exhibit it, but it exist… Paul Lambert
- Re: [Cfrg] 2^40. I can't exhibit it, but it exist… Michael Hamburg
- Re: [Cfrg] 2^40. I can't exhibit it, but it exist… Watson Ladd
- [Cfrg] publishing dragonfly (was: Re: 2^40. I can… David McGrew
- Re: [Cfrg] publishing dragonfly (was: Re: 2^40. I… Eggert, Lars
- Re: [Cfrg] publishing dragonfly (was: Re: 2^40. I… Manger, James
- Re: [Cfrg] publishing dragonfly (was: Re: 2^40. I… Eggert, Lars
- [Cfrg] NSA sabotaging crypto standards Manger, James
- Re: [Cfrg] NSA sabotaging crypto standards Alexandre Anzala-Yamajako
- Re: [Cfrg] how can CFRG improve cryptography in t… Rob Stradling
- Re: [Cfrg] NSA sabotaging crypto standards Eggert, Lars
- Re: [Cfrg] NSA sabotaging crypto standards Watson Ladd
- Re: [Cfrg] NSA sabotaging crypto standards Paul Hoffman
- Re: [Cfrg] NSA sabotaging crypto standards Watson Ladd
- Re: [Cfrg] NSA sabotaging crypto standards Paul Hoffman
- Re: [Cfrg] NSA sabotaging crypto standards David McGrew
- Re: [Cfrg] NSA sabotaging crypto standards Dan Harkins
- Re: [Cfrg] NSA sabotaging crypto standards Watson Ladd
- Re: [Cfrg] how can CFRG improve cryptography in t… David McGrew
- Re: [Cfrg] NSA sabotaging crypto standards Nikos Mavrogiannopoulos
- Re: [Cfrg] NSA sabotaging crypto standards Watson Ladd
- Re: [Cfrg] NSA sabotaging crypto standards Blumenthal, Uri - 0558 - MITLL
- Re: [Cfrg] NSA sabotaging crypto standards Watson Ladd
- [Cfrg] how can CFRG improve cryptography in the I… David McGrew
- Re: [Cfrg] how can CFRG improve cryptography in t… Daniel Kahn Gillmor
- Re: [Cfrg] NSA sabotaging crypto standards Blumenthal, Uri - 0558 - MITLL
- Re: [Cfrg] how can CFRG improve cryptography in t… Hannes Tschofenig
- Re: [Cfrg] how can CFRG improve cryptography in t… Rene Struik
- Re: [Cfrg] how can CFRG improve cryptography in t… Stephen Farrell
- Re: [Cfrg] how can CFRG improve cryptography in t… dan
- Re: [Cfrg] how can CFRG improve cryptography in t… Watson Ladd
- Re: [Cfrg] how can CFRG improve cryptography in t… Daniel Kahn Gillmor
- Re: [Cfrg] how can CFRG improve cryptography in t… David McGrew
- Re: [Cfrg] how can CFRG improve cryptography in t… Stephen Farrell
- Re: [Cfrg] how can CFRG improve cryptography in t… Tom Ritter
- Re: [Cfrg] how can CFRG improve cryptography in t… Igoe, Kevin M.
- Re: [Cfrg] how can CFRG improve cryptography in t… Hannes Tschofenig
- Re: [Cfrg] how can CFRG improve cryptography in t… Hannes Tschofenig
- Re: [Cfrg] how can CFRG improve cryptography in t… Hannes Tschofenig
- Re: [Cfrg] how can CFRG improve cryptography in t… David McGrew
- Re: [Cfrg] how can CFRG improve cryptography in t… Paul Lambert
- Re: [Cfrg] how can CFRG improve cryptography in t… Watson Ladd
- Re: [Cfrg] how can CFRG improve cryptography in t… Rene Struik
- Re: [Cfrg] how can CFRG improve cryptography in t… Geoffrey Waters
- Re: [Cfrg] how can CFRG improve cryptography in t… S Moonesamy
- Re: [Cfrg] how can CFRG improve cryptography in t… David McGrew