Re: [Cfrg] Adoption call for draft-sullivan-cfrg-voprf

Richard Barnes <rlb@ipv.sx> Fri, 17 May 2019 09:01 UTC

Return-Path: <rlb@ipv.sx>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 01E6E120354 for <cfrg@ietfa.amsl.com>; Fri, 17 May 2019 02:01:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ipv-sx.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BQQ11FRaB8vf for <cfrg@ietfa.amsl.com>; Fri, 17 May 2019 02:01:47 -0700 (PDT)
Received: from mail-oi1-x231.google.com (mail-oi1-x231.google.com [IPv6:2607:f8b0:4864:20::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6E5CA12007C for <cfrg@irtf.org>; Fri, 17 May 2019 02:01:47 -0700 (PDT)
Received: by mail-oi1-x231.google.com with SMTP id y124so313209oiy.3 for <cfrg@irtf.org>; Fri, 17 May 2019 02:01:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipv-sx.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=xg2nvqyKMNNJef/NTYrflfSqnxqjIgv+PiVhZzjEcww=; b=JKq5LEpc871bxlzj/D+QEiQxMVEdKsx9ROTrJz9BBnCZ4cUa8IHH+TAxePZDVTavdS RVZEEbdV/rAVWKcMfEbu1tueEVs/spW6SUwbPAGmjWrDriuyyA69D6yxUYD1dn5dJ+Mr Npaldykiluqb/wtrkBICtcL4IALfwyYsvRgQ6tqVA2ckpfdCc42uTgY5lEC7DY/uB+9u bLemqb2ePrhbSV3571q1yOlrynjXzPh7+7LN6+rHchKPEt4jDgcNF0PSc/oFB8PjhymR pOSlU7gOXHJGba4lD+tdPjJ9v1NgkdXAbRKqMdoOmjXSso2enPlFg9Mev5rKgN1wVGh4 +j4A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=xg2nvqyKMNNJef/NTYrflfSqnxqjIgv+PiVhZzjEcww=; b=GYQI7QmX5hqIQkF19456qm3pTYBGk2Ms4f7nFmy/YQGI3uQmeC+MyQfbMQ/AADmbkR su3e7kiX303ZpKnAVXPUaIV64lYU/+NAuufoUyIDPfx67PD1F48F9t2YzE3epPCHnI8c iOEDWf8vZInKDJvzpRhQou0B4hcVblg8FR+UkqopHUDBZ46F4zRhW1r4zmPMwMpXTFth hisVLgWyUuyomt2+j8Ablr+zjNQcEDVJFO9uSqul4IrcWDQlQt1XNKdL8te9llsoYvR7 Bt0Pfe2z05mCBW7jGz6PTkQdPsyBfyTPwR02UXsuuwHOe1DRO1XH+ZW7ig6DyE4MgTOC vsFw==
X-Gm-Message-State: APjAAAWRs3SNSDmXFZIsJ3hrgQttkcb28jg2eS6yXyx+LQVvw0duNMtV XihYt/th03iJ9JwH21//8Y3KwxbT3LX6fAe9KPjHsA==
X-Google-Smtp-Source: APXvYqz+e65Fru0NXK1PA+LCsa93p0+6Nm31jmsTiJZpBjGw6WNWeFST5eBNMna2B6sq6KNbJsPDq9XXpjBjcHvmy3g=
X-Received: by 2002:aca:d6d0:: with SMTP id n199mr12569824oig.51.1558083706515; Fri, 17 May 2019 02:01:46 -0700 (PDT)
MIME-Version: 1.0
References: <54235333-9FEA-4543-93B6-2D4B1C8FCC2D@inf.ethz.ch> <0a67411b-9a2d-9e08-ca06-08ea938c0c89@gmail.com> <B62E70D5-9BAE-4332-8CE4-4AB0E3B229C8@inf.ethz.ch>
In-Reply-To: <B62E70D5-9BAE-4332-8CE4-4AB0E3B229C8@inf.ethz.ch>
From: Richard Barnes <rlb@ipv.sx>
Date: Fri, 17 May 2019 11:01:34 +0200
Message-ID: <CAL02cgSm5ZcMX00kOoGK5wP6dEctJLTJd=K18_-imCdSYsiqzg@mail.gmail.com>
To: Paterson Kenneth <kenny.paterson@inf.ethz.ch>
Cc: CFRG <cfrg@irtf.org>, Rene Struik <rstruik.ext@gmail.com>, "draft-sullivan-cfrg-voprf.authors@ietf.org" <draft-sullivan-cfrg-voprf.authors@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000db8545058911a1b1"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/nazmyTR_zkRaiAJph7T7VZlg3AA>
Subject: Re: [Cfrg] Adoption call for draft-sullivan-cfrg-voprf
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 17 May 2019 09:01:50 -0000

I agree with Kenny’s analysis here.

This seems like a problem area that has overlap a few applications within
the usual CFRG customer space (IETF, but also internet infrastructure
things more broadly).  I have reviewed the document, and it seems like a
reasonable starting point.  I support its adoption.

—Richard


On Wed, May 8, 2019 at 09:36 Paterson Kenneth <kenny.paterson@inf.ethz.ch>
wrote:

> Hi Rene,
>
>
>
> You’re right that there’s not been much discussion on the list about this
> draft. It was presented at IETF 101 and there was some discussion in person
> at the meeting; below is a relevant extract from the minutes of the meeting
> (
> https://datatracker.ietf.org/meeting/101/materials/minutes-101-cfrg-00.pdf
> ):
>
>
>
>
>
> Verifiable Oblivious Pseudorandom Functions (VOPRFs)
>
> ====================================================
>
> presenter: Nick Sullivan
>
> slides:
> https://datatracker.ietf.org/meeting/101/materials/slides-101-cfrg-4-voprfs-00
>
> draft: https://datatracker.ietf.org/doc/draft-sullivan-cfrg-voprf/
>
>
>
> Sullivan introduced a draft that constructs VOPRF based on Elliptic Curves.
>
>
>
> Q: (): What is the contents of the draft -- I didn't read it.  You
> discussed several crypto primitives.
>
> A: (Sullivan): A generic description of VOPRFs and a specific
> instantiation.
>
>
>
> Q: (Melnikov): What are you interest in having happen to this draft?
>
> A: (Sullivan): CFRG adoption.
>
> A: (Paterson): How do you you see this and the above draft progressing
> given the dependency?
>
> A: (Sullivan): They can proceed in parallel.
>
>
>
> Q: (Gillmor): One of the concerns is how the key remains constant?
>
> A: (Sullivan): You're noting the tagging attack.  The signer’s public key
> needs public verifiability -- maybe a transparency log or consensus
> protocol.  Those are outside of the scope of the draft.
>
> A: (Gillmor): I was hoping to hear that they should be separate.
>
> A: (Sullivan): We'll add language to the draft.
>
> A: (Melnikov): Let's take further discussion to the mailing list.
>
>
>
>
>
> Perhaps the draft’s authors can clarify here on the extent to which there
> is a dependency on other drafts, especially the ristretto draft (which is
> not a CFRG document, currently).
>
>
>
> I think this draft does fit with the CFRG charter, in that VOPRFs are an
> emerging cryptographic mechanism that at least some people here see as
> being useful in contexts traditionally associated with IETF. Again, the
> authors of the draft can explain their intended applications better than
> me, but I think a good starting point if you are interested in knowing more
> would be:
>
>
>
> https://petsymposium.org/2018/files/papers/issue3/popets-2018-0026.pdf
>
>
>
>
>
> My personal take on the “CFRG philosophy” is that we should respond to the
> interests and needs of the CFRG community, interpreted broadly. So if
> people express a willingness to work on something, there is general support
> for adoption, and the technical content is cryptographic and useful in
> contexts traditionally associated with IETF, then we should do it. Of
> course, the previous sentence is deliberately imprecise, and a case-by-case
> judgement call on the part of the chairs is needed. The mechanism of having
> a call for adoption provides key input to that decision-making process.
>
>
>
> I hope this helps – happy to discuss further of course, but perhaps the
> more general discussion should be on a different thread to this adoption
> call.
>
>
>
> Best wishes,
>
>
>
> Kenny
>
>
>
>
>
> *From: *Rene Struik <rstruik.ext@gmail.com>
> *Date: *Tuesday, 7 May 2019 at 23:01
> *To: *Paterson Kenneth <kenny.paterson@inf.ethz.ch>ch>, CFRG <cfrg@irtf.org>
> *Cc: *"draft-sullivan-cfrg-voprf.authors@ietf.org" <
> draft-sullivan-cfrg-voprf.authors@ietf.org>
> *Subject: *Re: [Cfrg] Adoption call for draft-sullivan-cfrg-voprf
>
>
>
> Hi Kenny:
>
>
>
> I had some trouble finding recent discussions on this document. The
> document seems to have dependencies on other drafts (e.g., Ristretto) for
> which it is very hard to find any discussion either (and are not that easy
> to read ). If you could point to this, that would be great.
>
>
>
> Could you explain how this fits within CFRG's charter? What is the general
> philosophy nowadays ("more is better" vs. "less is more", protocols with
> wide applicability vs. specialized, etc, etc.)?
>
>
>
> Best regards, Rene
>
>
>
> [excerpted from https://datatracker.ietf.org/rg/cfrg/about/]
>
>
>
> The Crypto Forum Research Group (CFRG) is a general forum for discussing
> and reviewing uses of cryptographic mechanisms, both for network security
> in general and for the IETF in particular.
>
> The CFRG serves as a bridge between theory and practice, bringing new
> cryptographic techniques to the Internet community and promoting an
> understanding of the use and applicability of these mechanisms via
> Informational RFCs (in the tradition of, e.g., RFC 1321 (MD5) and RFC 2104
> (HMAC). Our goal is to provide a forum for discussing and analyzing general
> cryptographic aspects of security protocols, and to offer guidance on the
> use of emerging mechanisms and new uses of existing mechanisms. IETF
> working groups developing protocols that include cryptographic elements are
> welcome to bring questions concerning the protocols to the CFRG for advice.
>
> Meetings and Membership
>
> The CFRG meetings, membership, and mailing list are open to all who wish
> to participate.
>
>
>
> On 5/7/2019 11:44 AM, Paterson Kenneth wrote:
>
> Dear CFRG,
>
>
>
> This email starts a 2-week adoption call for:
>
>
>
> https://datatracker.ietf.org/doc/draft-sullivan-cfrg-voprf/
>
> Oblivious Pseudorandom Functions (OPRFs) using Prime-Order Groups
>
>
>
> Please give your views on whether this document should be adopted as a CFRG draft, and if so, whether you'd be willing to help work on it/review it.
>
>
>
> (We have two other adoption calls running concurrently; they will end this Friday, May 10th.)
>
>
>
> Thanks,
>
>
>
> Kenny (for the chairs)
>
>
>
>
>
> _______________________________________________
>
> Cfrg mailing list
>
> Cfrg@irtf.org
>
> https://www.irtf.org/mailman/listinfo/cfrg
>
>
>
> --
>
> email: rstruik.ext@gmail.com | Skype: rstruik
>
> cell: +1 (647) 867-5658 | US: +1 (415) 690-7363
>
> _______________________________________________
> Cfrg mailing list
> Cfrg@irtf.org
> https://www.irtf.org/mailman/listinfo/cfrg
>