Re: [CFRG] Adoption Call: Guidelines for Writing Cryptography Specifications
Christopher Patton <cpatton@cloudflare.com> Fri, 09 June 2023 23:27 UTC
Return-Path: <cpatton@cloudflare.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 045A0C152F3D for <cfrg@ietfa.amsl.com>; Fri, 9 Jun 2023 16:27:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cloudflare.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id f3kG1pVO6leI for <cfrg@ietfa.amsl.com>; Fri, 9 Jun 2023 16:27:17 -0700 (PDT)
Received: from mail-lj1-x22a.google.com (mail-lj1-x22a.google.com [IPv6:2a00:1450:4864:20::22a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3F5A3C15DD6A for <cfrg@ietf.org>; Fri, 9 Jun 2023 16:27:17 -0700 (PDT)
Received: by mail-lj1-x22a.google.com with SMTP id 38308e7fff4ca-2b1b06af50eso26254591fa.1 for <cfrg@ietf.org>; Fri, 09 Jun 2023 16:27:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cloudflare.com; s=google; t=1686353235; x=1688945235; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=Bo/JdlfyzacSVnvHlpcebAHqL6uBUkYnXf03X+G1Ak8=; b=UBjGJdttBfBJ2bKPYb1hJGJYI3IznZWVb/vSiQWJyuLMktQvhcFqMNd+ERbD/RHAqD gWBlrTILvB7CovBOOqSXEg0xRzmKLVqAOwMTFefl5VVHR7OFtwrWA/nai3uDreBcGKta N+OFC9JM9YWpve2b1Dt4+jbsBzTmCIyd7jTew=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1686353235; x=1688945235; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=Bo/JdlfyzacSVnvHlpcebAHqL6uBUkYnXf03X+G1Ak8=; b=JGMKA/bJbYSa5u/IM+5DFhzXSzKhqxKZGxPsWD49AHVES0tm5nunlZ1AdpW1oCN1os DhdYXgeY6V1uT3PTMp9XQPN4+MavvUHIClhNiqOWD5dSsBFNk5YquP/NxD+t0J0hyOBD tf7cQ9wLovioAkoEtbVodPZoLQZAzomUB92oQ61phFaEm7g6yjOXm4XjkTQcv1TwHV1H TorcJx16mxEHUG4/TSwG2yQZ3pVEflezYEYKBBVoB9DIZLyNyAT/X/U4tYIDktarw4cr ASRiOs6NR8VusLxXy3IBn0nueaQS8rZNjgbjzogSsAQTK5UA4/OGCGGEL3dT9OGe1TVL gN2g==
X-Gm-Message-State: AC+VfDyHV6FEvbJSDYfktWnFW5Y1ePrhX2nk8s0GA46P8KKL/pe437vf SHD+Y558fecht7w6Yj0zpo01R5mm0P9KbWMT1NG5NtbF4nLbTa+Q6H4=
X-Google-Smtp-Source: ACHHUZ7Ou4rrS8uo0JkrmF/CWhk2+WHTzGMjNBaXCifylcdZWU70jHzfgJ6RUNVa88L+MSprbG5aQXy/nPSu/0Qyyxo=
X-Received: by 2002:a2e:360e:0:b0:2b2:1d7a:bd3d with SMTP id d14-20020a2e360e000000b002b21d7abd3dmr93425lja.9.1686353235237; Fri, 09 Jun 2023 16:27:15 -0700 (PDT)
MIME-Version: 1.0
References: <CAMr0u6=oLzn1SzzuO5X4aLw2neRf=bqMJpMOB4h3ERTO4Ao-WA@mail.gmail.com>
In-Reply-To: <CAMr0u6=oLzn1SzzuO5X4aLw2neRf=bqMJpMOB4h3ERTO4Ao-WA@mail.gmail.com>
From: Christopher Patton <cpatton@cloudflare.com>
Date: Fri, 09 Jun 2023 16:27:04 -0700
Message-ID: <CAG2Zi212=uCb0rfVFEM5igba545RbOGLj8fw9XvbE4SfU7PL1g@mail.gmail.com>
To: "Stanislav V. Smyshlyaev" <smyshsv@gmail.com>
Cc: "<cfrg@ietf.org>" <cfrg@ietf.org>, cfrg-chairs@ietf.org
Content-Type: multipart/alternative; boundary="0000000000008dd68405fdbab5bd"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/oHc__iA4Ktv-vqOVjYOHEB5Ae78>
Subject: Re: [CFRG] Adoption Call: Guidelines for Writing Cryptography Specifications
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Jun 2023 23:27:21 -0000
I whole-heartedly support adoption. I think this would be a useful resource. (I particularly like the idea of including a list of exemplary specs and specs that didn't quite serve their purpose.) I think my primary concern is that this draft touches on a few aspects of spec writing that are somewhat subjective. In particular the draft uses the term "formal" as if all readers have the same bar for what "formality" entails. I'm not sure if anything can really be done about this, but there may be specific instances where we can provide some concrete recommendations. Specific comments: 1. Section 3.2 "Precision": It would be useful to cite specific examples where ambiguous specs (including those outside the CFRG) lead to security vulnerabilities. 2. Section 3.2 "Precision": "[use] formal notation or pseudocode": To me this feels too subjective. I realize this is the bikeshed of all bikesheds (for our community in particular), but I wonder if it could/should be in scope for a draft like this to come up with a concrete recommendation. It would be wonderful if all or many CFRG drafts used the same language. (I think a similar point can also be made about mathematical notation, though there I feel less strongly: consistency throughout the document, and clear definitions, are sufficient.) 3. Section 4.2.2 "Formalizing Security Definitions": "Specification authors should strive to express security definitions in a formal language": What bar are you trying to get spec authors to cross here? Like, "the ciphertext does not leak the plaintext" is pretty informal; "the ciphertext is computationally indistinguishable from a random string" is more formal; (forall A)(forall poly) Pr[A(C<-$Enc(K,M)) => 1] - Pr[A($) => 1] < poly is even more formal. Best, Chris P. On Thu, Jun 1, 2023 at 10:14 PM Stanislav V. Smyshlyaev <smyshsv@gmail.com> wrote: > Dear CFRG participants, > > This message is starting 3 weeks adoption call on "Guidelines for Writing > Cryptography Specifications" draft, > draft-sullivan-cryptography-specification-00 ( > https://datatracker.ietf.org/doc/draft-sullivan-cryptography-specification/) > that will end on June 23rd 2023. > > Please send your feedback in reply to this email or directly to CFRG > chairs <cfrg-chairs@ietf.org> <cfrg-chairs@ietf.org>. > > Best regards, > Stanislav (for CFRG chairs) > _______________________________________________ > CFRG mailing list > CFRG@irtf.org > https://www.irtf.org/mailman/listinfo/cfrg >
- [CFRG] Adoption Call: Guidelines for Writing Cryp… Stanislav V. Smyshlyaev
- Re: [CFRG] Adoption Call: Guidelines for Writing … Benjamin Beurdouche
- Re: [CFRG] [EXTERNAL] Adoption Call: Guidelines f… Mike Ounsworth
- Re: [CFRG] [EXT] Re: [EXTERNAL] Adoption Call: Gu… Blumenthal, Uri - 0553 - MITLL
- Re: [CFRG] Adoption Call: Guidelines for Writing … Russ Housley
- Re: [CFRG] [EXTERNAL] Adoption Call: Guidelines f… Christian Paquin
- Re: [CFRG] Adoption Call: Guidelines for Writing … Salz, Rich
- Re: [CFRG] Adoption Call: Guidelines for Writing … John Mattsson
- Re: [CFRG] Adoption Call: Guidelines for Writing … Riad S. Wahby
- Re: [CFRG] Adoption Call: Guidelines for Writing … David McGrew (mcgrew)
- Re: [CFRG] [EXTERNAL] Adoption Call: Guidelines f… Tim Hollebeek
- Re: [CFRG] [EXTERNAL] Adoption Call: Guidelines f… Kris Kwiatkowski
- Re: [CFRG] Adoption Call: Guidelines for Writing … Florence D
- Re: [CFRG] Adoption Call: Guidelines for Writing … Christopher Patton
- Re: [CFRG] Adoption Call: Guidelines for Writing … Deirdre Connolly
- Re: [CFRG] Adoption Call: Guidelines for Writing … Kai Mindermann
- Re: [CFRG] Adoption Call: Guidelines for Writing … Thom Wiggers
- Re: [CFRG] [EXT] Re: Adoption Call: Guidelines fo… Blumenthal, Uri - 0553 - MITLL
- Re: [CFRG] [EXT] Re: Adoption Call: Guidelines fo… Thom Wiggers
- Re: [CFRG] Adoption Call: Guidelines for Writing … Jonathan Hammell
- Re: [CFRG] Adoption Call: Guidelines for Writing … Hubert Kario
- Re: [CFRG] Adoption Call: Guidelines for Writing … Stanislav V. Smyshlyaev