IETF Logo Mail Archive

Re: [CFRG] Adoption Call: Guidelines for Writing Cryptography Specifications

Christopher Patton <cpatton@cloudflare.com> Fri, 09 June 2023 23:27 UTC

Return-Path: <cpatton@cloudflare.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 045A0C152F3D for <cfrg@ietfa.amsl.com>; Fri, 9 Jun 2023 16:27:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cloudflare.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id f3kG1pVO6leI for <cfrg@ietfa.amsl.com>; Fri, 9 Jun 2023 16:27:17 -0700 (PDT)
Received: from mail-lj1-x22a.google.com (mail-lj1-x22a.google.com [IPv6:2a00:1450:4864:20::22a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3F5A3C15DD6A for <cfrg@ietf.org>; Fri, 9 Jun 2023 16:27:17 -0700 (PDT)
Received: by mail-lj1-x22a.google.com with SMTP id 38308e7fff4ca-2b1b06af50eso26254591fa.1 for <cfrg@ietf.org>; Fri, 09 Jun 2023 16:27:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cloudflare.com; s=google; t=1686353235; x=1688945235; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=Bo/JdlfyzacSVnvHlpcebAHqL6uBUkYnXf03X+G1Ak8=; b=UBjGJdttBfBJ2bKPYb1hJGJYI3IznZWVb/vSiQWJyuLMktQvhcFqMNd+ERbD/RHAqD gWBlrTILvB7CovBOOqSXEg0xRzmKLVqAOwMTFefl5VVHR7OFtwrWA/nai3uDreBcGKta N+OFC9JM9YWpve2b1Dt4+jbsBzTmCIyd7jTew=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1686353235; x=1688945235; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=Bo/JdlfyzacSVnvHlpcebAHqL6uBUkYnXf03X+G1Ak8=; b=JGMKA/bJbYSa5u/IM+5DFhzXSzKhqxKZGxPsWD49AHVES0tm5nunlZ1AdpW1oCN1os DhdYXgeY6V1uT3PTMp9XQPN4+MavvUHIClhNiqOWD5dSsBFNk5YquP/NxD+t0J0hyOBD tf7cQ9wLovioAkoEtbVodPZoLQZAzomUB92oQ61phFaEm7g6yjOXm4XjkTQcv1TwHV1H TorcJx16mxEHUG4/TSwG2yQZ3pVEflezYEYKBBVoB9DIZLyNyAT/X/U4tYIDktarw4cr ASRiOs6NR8VusLxXy3IBn0nueaQS8rZNjgbjzogSsAQTK5UA4/OGCGGEL3dT9OGe1TVL gN2g==
X-Gm-Message-State: AC+VfDyHV6FEvbJSDYfktWnFW5Y1ePrhX2nk8s0GA46P8KKL/pe437vf SHD+Y558fecht7w6Yj0zpo01R5mm0P9KbWMT1NG5NtbF4nLbTa+Q6H4=
X-Google-Smtp-Source: ACHHUZ7Ou4rrS8uo0JkrmF/CWhk2+WHTzGMjNBaXCifylcdZWU70jHzfgJ6RUNVa88L+MSprbG5aQXy/nPSu/0Qyyxo=
X-Received: by 2002:a2e:360e:0:b0:2b2:1d7a:bd3d with SMTP id d14-20020a2e360e000000b002b21d7abd3dmr93425lja.9.1686353235237; Fri, 09 Jun 2023 16:27:15 -0700 (PDT)
MIME-Version: 1.0
References: <CAMr0u6=oLzn1SzzuO5X4aLw2neRf=bqMJpMOB4h3ERTO4Ao-WA@mail.gmail.com>
In-Reply-To: <CAMr0u6=oLzn1SzzuO5X4aLw2neRf=bqMJpMOB4h3ERTO4Ao-WA@mail.gmail.com>
From: Christopher Patton <cpatton@cloudflare.com>
Date: Fri, 09 Jun 2023 16:27:04 -0700
Message-ID: <CAG2Zi212=uCb0rfVFEM5igba545RbOGLj8fw9XvbE4SfU7PL1g@mail.gmail.com>
To: "Stanislav V. Smyshlyaev" <smyshsv@gmail.com>
Cc: "<cfrg@ietf.org>" <cfrg@ietf.org>, cfrg-chairs@ietf.org
Content-Type: multipart/alternative; boundary="0000000000008dd68405fdbab5bd"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/oHc__iA4Ktv-vqOVjYOHEB5Ae78>
Subject: Re: [CFRG] Adoption Call: Guidelines for Writing Cryptography Specifications
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Jun 2023 23:27:21 -0000

I whole-heartedly support adoption. I think this would be a useful
resource. (I particularly like the idea of including a list of exemplary
specs and specs that didn't quite serve their purpose.)

I think my primary concern is that this draft touches on a few aspects of
spec writing that are somewhat subjective. In particular the draft uses the
term "formal" as if all readers have the same bar for what "formality"
entails. I'm not sure if anything can really be done about this, but there
may be specific instances where we can provide some concrete
recommendations.

Specific comments:

   1. Section 3.2 "Precision": It would be useful to cite specific examples
   where ambiguous specs (including those outside the CFRG) lead to security
   vulnerabilities.
   2. Section 3.2 "Precision": "[use] formal notation or pseudocode": To me
   this feels too subjective. I realize this is the bikeshed of all bikesheds
   (for our community in particular), but I wonder if it could/should be in
   scope for a draft like this to come up with a concrete recommendation. It
   would be wonderful if all or many CFRG drafts used the same language. (I
   think a similar point can also be made about mathematical notation, though
   there I feel less strongly: consistency throughout the document, and clear
   definitions, are sufficient.)
   3. Section 4.2.2 "Formalizing Security Definitions":  "Specification
   authors should strive to express security definitions in a formal
   language": What bar are you trying to get spec authors to cross here? Like,
   "the ciphertext does not leak the plaintext" is pretty informal; "the
   ciphertext is computationally indistinguishable from a random string" is
   more formal; (forall A)(forall poly) Pr[A(C<-$Enc(K,M)) => 1] - Pr[A($) =>
   1] < poly is even more formal.

Best,
Chris P.

On Thu, Jun 1, 2023 at 10:14 PM Stanislav V. Smyshlyaev <smyshsv@gmail.com>
wrote:

> Dear CFRG participants,
>
> This message is starting 3 weeks adoption call on "Guidelines for Writing
> Cryptography Specifications" draft,
> draft-sullivan-cryptography-specification-00 (
> https://datatracker.ietf.org/doc/draft-sullivan-cryptography-specification/)
> that will end on June 23rd 2023.
>
> Please send your feedback in reply to this email or directly to CFRG
> chairs <cfrg-chairs@ietf.org> <cfrg-chairs@ietf.org>.
>
> Best regards,
> Stanislav (for CFRG chairs)
> _______________________________________________
> CFRG mailing list
> CFRG@irtf.org
> https://www.irtf.org/mailman/listinfo/cfrg
>

v2.23.0 | Report a Bug | By Email