Re: [CFRG] [Technical Errata Reported] RFC9180 (7790)
Dennis Jackson <ietf@dennis-jackson.uk> Thu, 11 April 2024 15:21 UTC
Return-Path: <ietf@dennis-jackson.uk>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5960DC14F610 for <cfrg@ietfa.amsl.com>; Thu, 11 Apr 2024 08:21:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.095
X-Spam-Level:
X-Spam-Status: No, score=-7.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=dennis-jackson.uk
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ms7L7bjS97_u for <cfrg@ietfa.amsl.com>; Thu, 11 Apr 2024 08:21:13 -0700 (PDT)
Received: from mout-p-103.mailbox.org (mout-p-103.mailbox.org [80.241.56.161]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B7274C14F70E for <cfrg@irtf.org>; Thu, 11 Apr 2024 08:21:10 -0700 (PDT)
Received: from smtp2.mailbox.org (smtp2.mailbox.org [IPv6:2001:67c:2050:b231:465::2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mout-p-103.mailbox.org (Postfix) with ESMTPS id 4VFk1G1XcMz9sq5 for <cfrg@irtf.org>; Thu, 11 Apr 2024 17:21:06 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dennis-jackson.uk; s=MBO0001; t=1712848866; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=ayY6Ah1ZFNIbfOmeNiOuumi0yCysc/zR6FB2AhuQm1k=; b=RsYOiFuZIe2Wkz/TOUbT5w4rKNd1WjeJds7/ah5hn+oWdtqu5Pe5zrYwEDR2Uk7z3u9599 5fbZNUT6uFLl/CmWutpEu41QqshjwPNEAhmso6859eqI41q3IK1yZN3/detudJMPRcdE+b CeuMzy2fG3C4O9q0U/EILIRtLp6LmVIMnvXgiGgMSf+4FwzEQ6rXc2trWF3IYkRrb6QFk4 uPgPnCFC/gfZqmyoOt2p89UEctxl+MgWA87wrUM53NpmlNwmgeI+Vtnh0A1PvT7UwNNyJ8 KKaMWOR2EFPkmmRmJeJp/3OITC44/U0iAkE4YXdQJ+Wx3nAHVQyRHVA5i/bi+A==
Content-Type: multipart/alternative; boundary="------------eFv8mnALKSsw9WoJhg0e95t7"
Message-ID: <5a7baa04-926a-456e-a043-19c8e728d558@dennis-jackson.uk>
Date: Thu, 11 Apr 2024 16:21:04 +0100
MIME-Version: 1.0
To: cfrg@irtf.org
References: <73d28971-0470-4339-9ae8-f2d07f2303ae@dennis-jackson.uk> <6B2EF6E4-91E0-4F26-9623-A722BAAEDF3B@gmail.com> <789eeffd-c021-480c-81b0-6b424aac4b11@app.fastmail.com> <1C2E29BB-63A5-4190-A3DB-6274FFC76427@gmail.com> <f19fed7a-8feb-4fa1-a390-b256d7994da0@dennis-jackson.uk> <BB82C718-B193-4365-8D55-34203E21C60D@gmail.com>
Content-Language: en-US
From: Dennis Jackson <ietf@dennis-jackson.uk>
In-Reply-To: <BB82C718-B193-4365-8D55-34203E21C60D@gmail.com>
X-Rspamd-Queue-Id: 4VFk1G1XcMz9sq5
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/p4ECeXml_d4ov-UY6Ir1uCr1TGM>
Subject: Re: [CFRG] [Technical Errata Reported] RFC9180 (7790)
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://mailman.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://mailman.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Apr 2024 15:21:18 -0000
On 08/04/2024 22:40, Neil Madden wrote:
> Why do you need to "assess the importance" of the erratum? Either it's
> valid or it's not.
If something is imperfectly worded, it's typically marked "Hold For
Document Update".
>> FWIW, it's not the case that 2-party insider-auth implies multiparty
>> insider auth - so its pretty irrelevant here.
>>
> But we are talking about the contrapositive here: lack of 2-party
> insider-auth implies (obviously) lack of multi-party insider-auth.
> HPKE has neither.
>
>> More significantly and immediately prior to the paragraph you're
>> concerned about, the RFC details the attack on insider security
>> presented in the paper at length (9.1.1).
>
> It describes a (related, to be sure) KCI attack. This is not the exact
> same thing, and it's in a section about KCI. As the paper says, KCI
> security is a relaxation of Insider-Auth security.
As you wrote above, we're talking about the contrapositive. If KCI is
violated, obviously Insider-Auth is too.
>> I agree the RFC could be better phrased, but do not think anyone
>> could read the RFC and conclude that HPKE was proven to achieve
>> Insider Security - let alone establish the type of Insider Security
>> being discussed. Further, the paper lays out a clear attack on KCI in
>> accessible language which is the material consequence of the lack of
>> insider security anyway.
>>
> Firstly, KCI is not the only consequence of the lack of Insider-Auth,
> as discussed. Secondly, what are you trying to argue here? That the
> erratum is incorrect? That incorrect statements should remain in the
> RFC because... well, what exactly? Because a different paragraph in a
> different section almost says the right thing?
I'm pointing out as imperfect as the sentence is, a reader is going to
come away with the correct understanding. Minimally:
* HPKE is vulnerable to KCI attacks (and if the reader knows what
Insider-Auth is, therefore doesn't have Insider-Auth).
* They need to read the referenced paper for the details of exactly
what properties HPKE is proven to have, where they will find a clear
statement it does not enjoy Insider-Auth.
As I said previously, if folks need a multi-party HPKE, that seems like
a good thing for the CFRG to work on.
Best,
Dennis
>
> -- Neil
>
> _______________________________________________
> CFRG mailing list
> CFRG@irtf.org
> https://mailman.irtf.org/mailman/listinfo/cfrg
- [CFRG] Fwd: [Technical Errata Reported] RFC9180 (… Neil Madden
- Re: [CFRG] Fwd: [Technical Errata Reported] RFC91… Martin Thomson
- Re: [CFRG] Fwd: [Technical Errata Reported] RFC91… Neil Madden
- Re: [CFRG] Fwd: [Technical Errata Reported] RFC91… Martin Thomson
- Re: [CFRG] Fwd: [Technical Errata Reported] RFC91… Benjamin Lipp
- Re: [CFRG] Fwd: [Technical Errata Reported] RFC91… Karthik Bhargavan
- Re: [CFRG] [Technical Errata Reported] RFC9180 (7… Colin Perkins
- Re: [CFRG] Fwd: [Technical Errata Reported] RFC91… Neil Madden
- Re: [CFRG] Fwd: [Technical Errata Reported] RFC91… Karthik Bhargavan
- Re: [CFRG] [Technical Errata Reported] RFC9180 (7… Neil Madden
- Re: [CFRG] [Technical Errata Reported] RFC9180 (7… Dennis Jackson
- Re: [CFRG] [Technical Errata Reported] RFC9180 (7… Neil Madden
- Re: [CFRG] [Technical Errata Reported] RFC9180 (7… Thad Thompson
- Re: [CFRG] [Technical Errata Reported] RFC9180 (7… Neil Madden
- Re: [CFRG] [Technical Errata Reported] RFC9180 (7… Dennis Jackson
- Re: [CFRG] [Technical Errata Reported] RFC9180 (7… Neil Madden
- Re: [CFRG] [Technical Errata Reported] RFC9180 (7… Eric Rescorla
- Re: [CFRG] [Technical Errata Reported] RFC9180 (7… Dennis Jackson
- Re: [CFRG] [Technical Errata Reported] RFC9180 (7… Neil Madden