Re: [Cfrg] Adoption call for draft-sullivan-cfrg-voprf
Richard Barnes <rlb@ipv.sx> Fri, 17 May 2019 09:01 UTC
Return-Path: <rlb@ipv.sx>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 01E6E120354 for <cfrg@ietfa.amsl.com>; Fri, 17 May 2019 02:01:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ipv-sx.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BQQ11FRaB8vf for <cfrg@ietfa.amsl.com>; Fri, 17 May 2019 02:01:47 -0700 (PDT)
Received: from mail-oi1-x231.google.com (mail-oi1-x231.google.com [IPv6:2607:f8b0:4864:20::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6E5CA12007C for <cfrg@irtf.org>; Fri, 17 May 2019 02:01:47 -0700 (PDT)
Received: by mail-oi1-x231.google.com with SMTP id y124so313209oiy.3 for <cfrg@irtf.org>; Fri, 17 May 2019 02:01:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipv-sx.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=xg2nvqyKMNNJef/NTYrflfSqnxqjIgv+PiVhZzjEcww=; b=JKq5LEpc871bxlzj/D+QEiQxMVEdKsx9ROTrJz9BBnCZ4cUa8IHH+TAxePZDVTavdS RVZEEbdV/rAVWKcMfEbu1tueEVs/spW6SUwbPAGmjWrDriuyyA69D6yxUYD1dn5dJ+Mr Npaldykiluqb/wtrkBICtcL4IALfwyYsvRgQ6tqVA2ckpfdCc42uTgY5lEC7DY/uB+9u bLemqb2ePrhbSV3571q1yOlrynjXzPh7+7LN6+rHchKPEt4jDgcNF0PSc/oFB8PjhymR pOSlU7gOXHJGba4lD+tdPjJ9v1NgkdXAbRKqMdoOmjXSso2enPlFg9Mev5rKgN1wVGh4 +j4A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=xg2nvqyKMNNJef/NTYrflfSqnxqjIgv+PiVhZzjEcww=; b=GYQI7QmX5hqIQkF19456qm3pTYBGk2Ms4f7nFmy/YQGI3uQmeC+MyQfbMQ/AADmbkR su3e7kiX303ZpKnAVXPUaIV64lYU/+NAuufoUyIDPfx67PD1F48F9t2YzE3epPCHnI8c iOEDWf8vZInKDJvzpRhQou0B4hcVblg8FR+UkqopHUDBZ46F4zRhW1r4zmPMwMpXTFth hisVLgWyUuyomt2+j8Ablr+zjNQcEDVJFO9uSqul4IrcWDQlQt1XNKdL8te9llsoYvR7 Bt0Pfe2z05mCBW7jGz6PTkQdPsyBfyTPwR02UXsuuwHOe1DRO1XH+ZW7ig6DyE4MgTOC vsFw==
X-Gm-Message-State: APjAAAWRs3SNSDmXFZIsJ3hrgQttkcb28jg2eS6yXyx+LQVvw0duNMtV XihYt/th03iJ9JwH21//8Y3KwxbT3LX6fAe9KPjHsA==
X-Google-Smtp-Source: APXvYqz+e65Fru0NXK1PA+LCsa93p0+6Nm31jmsTiJZpBjGw6WNWeFST5eBNMna2B6sq6KNbJsPDq9XXpjBjcHvmy3g=
X-Received: by 2002:aca:d6d0:: with SMTP id n199mr12569824oig.51.1558083706515; Fri, 17 May 2019 02:01:46 -0700 (PDT)
MIME-Version: 1.0
References: <54235333-9FEA-4543-93B6-2D4B1C8FCC2D@inf.ethz.ch> <0a67411b-9a2d-9e08-ca06-08ea938c0c89@gmail.com> <B62E70D5-9BAE-4332-8CE4-4AB0E3B229C8@inf.ethz.ch>
In-Reply-To: <B62E70D5-9BAE-4332-8CE4-4AB0E3B229C8@inf.ethz.ch>
From: Richard Barnes <rlb@ipv.sx>
Date: Fri, 17 May 2019 11:01:34 +0200
Message-ID: <CAL02cgSm5ZcMX00kOoGK5wP6dEctJLTJd=K18_-imCdSYsiqzg@mail.gmail.com>
To: Paterson Kenneth <kenny.paterson@inf.ethz.ch>
Cc: CFRG <cfrg@irtf.org>, Rene Struik <rstruik.ext@gmail.com>, "draft-sullivan-cfrg-voprf.authors@ietf.org" <draft-sullivan-cfrg-voprf.authors@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000db8545058911a1b1"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/nazmyTR_zkRaiAJph7T7VZlg3AA>
Subject: Re: [Cfrg] Adoption call for draft-sullivan-cfrg-voprf
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 17 May 2019 09:01:50 -0000
I agree with Kenny’s analysis here. This seems like a problem area that has overlap a few applications within the usual CFRG customer space (IETF, but also internet infrastructure things more broadly). I have reviewed the document, and it seems like a reasonable starting point. I support its adoption. —Richard On Wed, May 8, 2019 at 09:36 Paterson Kenneth <kenny.paterson@inf.ethz.ch> wrote: > Hi Rene, > > > > You’re right that there’s not been much discussion on the list about this > draft. It was presented at IETF 101 and there was some discussion in person > at the meeting; below is a relevant extract from the minutes of the meeting > ( > https://datatracker.ietf.org/meeting/101/materials/minutes-101-cfrg-00.pdf > ): > > > > > > Verifiable Oblivious Pseudorandom Functions (VOPRFs) > > ==================================================== > > presenter: Nick Sullivan > > slides: > https://datatracker.ietf.org/meeting/101/materials/slides-101-cfrg-4-voprfs-00 > > draft: https://datatracker.ietf.org/doc/draft-sullivan-cfrg-voprf/ > > > > Sullivan introduced a draft that constructs VOPRF based on Elliptic Curves. > > > > Q: (): What is the contents of the draft -- I didn't read it. You > discussed several crypto primitives. > > A: (Sullivan): A generic description of VOPRFs and a specific > instantiation. > > > > Q: (Melnikov): What are you interest in having happen to this draft? > > A: (Sullivan): CFRG adoption. > > A: (Paterson): How do you you see this and the above draft progressing > given the dependency? > > A: (Sullivan): They can proceed in parallel. > > > > Q: (Gillmor): One of the concerns is how the key remains constant? > > A: (Sullivan): You're noting the tagging attack. The signer’s public key > needs public verifiability -- maybe a transparency log or consensus > protocol. Those are outside of the scope of the draft. > > A: (Gillmor): I was hoping to hear that they should be separate. > > A: (Sullivan): We'll add language to the draft. > > A: (Melnikov): Let's take further discussion to the mailing list. > > > > > > Perhaps the draft’s authors can clarify here on the extent to which there > is a dependency on other drafts, especially the ristretto draft (which is > not a CFRG document, currently). > > > > I think this draft does fit with the CFRG charter, in that VOPRFs are an > emerging cryptographic mechanism that at least some people here see as > being useful in contexts traditionally associated with IETF. Again, the > authors of the draft can explain their intended applications better than > me, but I think a good starting point if you are interested in knowing more > would be: > > > > https://petsymposium.org/2018/files/papers/issue3/popets-2018-0026.pdf > > > > > > My personal take on the “CFRG philosophy” is that we should respond to the > interests and needs of the CFRG community, interpreted broadly. So if > people express a willingness to work on something, there is general support > for adoption, and the technical content is cryptographic and useful in > contexts traditionally associated with IETF, then we should do it. Of > course, the previous sentence is deliberately imprecise, and a case-by-case > judgement call on the part of the chairs is needed. The mechanism of having > a call for adoption provides key input to that decision-making process. > > > > I hope this helps – happy to discuss further of course, but perhaps the > more general discussion should be on a different thread to this adoption > call. > > > > Best wishes, > > > > Kenny > > > > > > *From: *Rene Struik <rstruik.ext@gmail.com> > *Date: *Tuesday, 7 May 2019 at 23:01 > *To: *Paterson Kenneth <kenny.paterson@inf.ethz.ch>, CFRG <cfrg@irtf.org> > *Cc: *"draft-sullivan-cfrg-voprf.authors@ietf.org" < > draft-sullivan-cfrg-voprf.authors@ietf.org> > *Subject: *Re: [Cfrg] Adoption call for draft-sullivan-cfrg-voprf > > > > Hi Kenny: > > > > I had some trouble finding recent discussions on this document. The > document seems to have dependencies on other drafts (e.g., Ristretto) for > which it is very hard to find any discussion either (and are not that easy > to read ). If you could point to this, that would be great. > > > > Could you explain how this fits within CFRG's charter? What is the general > philosophy nowadays ("more is better" vs. "less is more", protocols with > wide applicability vs. specialized, etc, etc.)? > > > > Best regards, Rene > > > > [excerpted from https://datatracker.ietf.org/rg/cfrg/about/] > > > > The Crypto Forum Research Group (CFRG) is a general forum for discussing > and reviewing uses of cryptographic mechanisms, both for network security > in general and for the IETF in particular. > > The CFRG serves as a bridge between theory and practice, bringing new > cryptographic techniques to the Internet community and promoting an > understanding of the use and applicability of these mechanisms via > Informational RFCs (in the tradition of, e.g., RFC 1321 (MD5) and RFC 2104 > (HMAC). Our goal is to provide a forum for discussing and analyzing general > cryptographic aspects of security protocols, and to offer guidance on the > use of emerging mechanisms and new uses of existing mechanisms. IETF > working groups developing protocols that include cryptographic elements are > welcome to bring questions concerning the protocols to the CFRG for advice. > > Meetings and Membership > > The CFRG meetings, membership, and mailing list are open to all who wish > to participate. > > > > On 5/7/2019 11:44 AM, Paterson Kenneth wrote: > > Dear CFRG, > > > > This email starts a 2-week adoption call for: > > > > https://datatracker.ietf.org/doc/draft-sullivan-cfrg-voprf/ > > Oblivious Pseudorandom Functions (OPRFs) using Prime-Order Groups > > > > Please give your views on whether this document should be adopted as a CFRG draft, and if so, whether you'd be willing to help work on it/review it. > > > > (We have two other adoption calls running concurrently; they will end this Friday, May 10th.) > > > > Thanks, > > > > Kenny (for the chairs) > > > > > > _______________________________________________ > > Cfrg mailing list > > Cfrg@irtf.org > > https://www.irtf.org/mailman/listinfo/cfrg > > > > -- > > email: rstruik.ext@gmail.com | Skype: rstruik > > cell: +1 (647) 867-5658 | US: +1 (415) 690-7363 > > _______________________________________________ > Cfrg mailing list > Cfrg@irtf.org > https://www.irtf.org/mailman/listinfo/cfrg >
- [Cfrg] Adoption call for draft-sullivan-cfrg-voprf Paterson Kenneth
- Re: [Cfrg] Adoption call for draft-sullivan-cfrg-… Rene Struik
- Re: [Cfrg] Adoption call for draft-sullivan-cfrg-… Paterson Kenneth
- Re: [Cfrg] Adoption call for draft-sullivan-cfrg-… Alex Davidson
- Re: [Cfrg] Adoption call for draft-sullivan-cfrg-… David Wong
- Re: [Cfrg] Adoption call for draft-sullivan-cfrg-… Richard Barnes
- Re: [Cfrg] Adoption call for draft-sullivan-cfrg-… Marek Jankowski
- Re: [Cfrg] Adoption call for draft-sullivan-cfrg-… Hugo Krawczyk
- Re: [Cfrg] Adoption call for draft-sullivan-cfrg-… Hugo Krawczyk
- Re: [Cfrg] Adoption call for draft-sullivan-cfrg-… Eli-Shaoul Khedouri
- Re: [Cfrg] Adoption call for draft-sullivan-cfrg-… Steven Valdez
- Re: [Cfrg] Adoption call for draft-sullivan-cfrg-… Kobi Gurkan
- Re: [Cfrg] Adoption call for draft-sullivan-cfrg-… David Wong
- Re: [Cfrg] Adoption call for draft-sullivan-cfrg-… Hugo Krawczyk
- Re: [Cfrg] Adoption call for draft-sullivan-cfrg-… Paterson Kenneth