Re: [Cfrg] Raw minutes of today's meeting
Василий Долматов <vdolmatov@gmail.com> Fri, 26 July 2019 01:36 UTC
Return-Path: <vdolmatov@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ABE4F120242 for <cfrg@ietfa.amsl.com>; Thu, 25 Jul 2019 18:36:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.996
X-Spam-Level:
X-Spam-Status: No, score=-1.996 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, FROM_EXCESS_BASE64=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XNC--inXWort for <cfrg@ietfa.amsl.com>; Thu, 25 Jul 2019 18:36:15 -0700 (PDT)
Received: from mail-qt1-x832.google.com (mail-qt1-x832.google.com [IPv6:2607:f8b0:4864:20::832]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7AB8512024B for <cfrg@irtf.org>; Thu, 25 Jul 2019 18:36:15 -0700 (PDT)
Received: by mail-qt1-x832.google.com with SMTP id l9so51042728qtu.6 for <cfrg@irtf.org>; Thu, 25 Jul 2019 18:36:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=621oI9J0jayynJOR1czaQ5dCPIhmZxL3L/lmSSmvzVU=; b=Qku2tBNxEt2ax+SzPatWIhYGSkX0hbq23upPCqQ36pBVCKc02Tnk8lxjGUzwwul75q D6VcuzjcBIjVtcfMBNdV1Vz6pbHAG6LxZkwNPsohIsPw7lX29ktiMADAzxd5Rc7PAbk0 SLId4Dd85ZMsYqZX6ygGD3S8QoGocey36J6hNQbk9izJ9Qz/JxDV8hZboUeG3VCe3PMZ XG/zO4EIAC05Hqm/Sa/XsLzyYsTk+0HgbzFqr+BnG7rThPugXMhCcmua113fqa0WEqZT FsWH8mY0yIS9PsTldZFbgh0i5Smj2OHHN6dwFCCmHcGow9S8IuEVx4vD6Z/JcssV8Hzd F2Ng==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=621oI9J0jayynJOR1czaQ5dCPIhmZxL3L/lmSSmvzVU=; b=a560pk/FIXXJytJmNifIbVeKupMpL50Zgpoa+lappxA9WxXMUELSfJtz7GRf/MtI8T CidwCgfZQFck57cB3uMJAs7F/IbF33vnk6wj8DRsvNBUg00yFgLuqAm3+J/zM0HHFgyZ dVpxNC1t0fXuka8MwbozXkuOcUsWQ6lNHNSbroJRBrychJq4ZzPWjL5lFRCw5NeR/uY5 PA3HsnxXLwI2J55Zca+1w3vVRnSnVKcgEMZbhEQkpmvKpAdQEWos2E8a+ZBsVDKbOzyy cuear9X6tT2va4tlKvWGOqlDQfOkIo4NWzW1rUlFHv+qduPJJYoCQrgb5MJ4yFYQ2Hgf Suuw==
X-Gm-Message-State: APjAAAXdMQkOTXijkBT1TiZTzP/XDqh5Dj2G4MDl6AYSVZJcyKMoGqim 9oDhTxK764Fbg5xZAIB+d9g=
X-Google-Smtp-Source: APXvYqz8e6+euzdmXeL200zA7wBVuiIxWCJVZT7nZfISaiWmrxuw3fYfUeH/ds+tnF/4s7qXfTTZjA==
X-Received: by 2002:ac8:29c9:: with SMTP id 9mr64868443qtt.196.1564104974610; Thu, 25 Jul 2019 18:36:14 -0700 (PDT)
Received: from ?IPv6:2001:67c:1232:144:d43e:f732:65c:7a9f? ([2001:67c:1232:144:d43e:f732:65c:7a9f]) by smtp.gmail.com with ESMTPSA id r4sm19564814qtt.51.2019.07.25.18.36.13 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 25 Jul 2019 18:36:13 -0700 (PDT)
From: Василий Долматов <vdolmatov@gmail.com>
Message-Id: <F58C04AD-E054-4978-BC26-0F9DFA78A9CC@gmail.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_4D22D1AA-642C-4080-8663-A64BF9DFEE60"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
Date: Thu, 25 Jul 2019 21:36:12 -0400
In-Reply-To: <EC4ECAB6-C9F2-475D-8C9F-C9C66EE6DFEA@gmail.com>
Cc: IRTF CFRG <cfrg@irtf.org>
To: Yoav Nir <ynir.ietf@gmail.com>
References: <EC4ECAB6-C9F2-475D-8C9F-C9C66EE6DFEA@gmail.com>
X-Mailer: Apple Mail (2.3445.104.11)
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/p4huciZMzqlX-m10HPwoSFcdL3I>
Subject: Re: [Cfrg] Raw minutes of today's meeting
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 26 Jul 2019 01:36:19 -0000
Extremely _RAW_… Concerning my comments at least. :( its meaning is lost completely, I wonder whether it was a deliberate move. ;( > 25 июля 2019 г., в 17:19, Yoav Nir <ynir.ietf@gmail.com> написал(а): > > CFRG Summary - IETF 105 > > Meeting started at 15:52 > > New co-chair (Nick Sullivan). New secretary (Stanislav) > > Looking for volunteers for CFRG document review panel. Need both academic and industry experience. > > PAKE selection (summary by Stanislav later) > > HPKE (Richard Barnes) > Dan Harkins: Same key-pair - same key? > Richard: No, we got fresh enthropy > Tanja Lange: it depends on how they define ephemeral > Adam Langley: Consider NOISE. Shows we can do something worthwhile. Go there. > Richard: What does "go there" mean? > Adam: Don't need to do an all too general framework > Richard: This is orhtogonal to the NOISE approach > Riad: What would you remove if it was up to you? > Richard: The modes in which the center is authenticated with a symetric key. > Riad: Remove the unauthenticated case? > Richard: Not sure it would streamline things much. It's already a special case. > Joe Sallowey: In a WG I'd say we need to take things out. In an RG - less so. But still - less is more. > Richard: I think we have a consolidated set. Think we should leave things as they are. > Richard: naming? CASHEW: Combined Asymmetric/Symmetric Hybrid Encryption Wrapping > Chris Wood: Likes cashews. > > MGM (Stanislav): > Multilinear Galois Mode > Scott Fluhrer: GCM also has the property that you can begin encrypting before you have the AAD > Stanislav: Right > Yoav: why not call for adoption? > Stanislav: I am not the designer. Maybe in the future. > Watson Ladd: The cited attacks don't really break GCM. > Stanislav: MGM has better security bounds than GCM for some attacks. > Watson: The slides conflict. One says MGM performs better; the other says GCM does. > Stanislav: Depends on context. > > Pairing Friendly Curves (Shoko Yonezawa) > Riad: BLS12-381 is desigend for this purpose. Is it worthwhile to define 192- and 256- levels? It's already unblievably slow. > Shoko: We have to consider many curves. Not all for implementers to implement because they are confused as to which curve to implement. > Riad: Yes, but is that level needed? Don't know that people are using 581. > Tanja Lange: Optimal TNFS-secure pairings on elliptic curves with composite embedding degree Georgios Fotiadis and Chloe Martindale > > Anyone has applications? 3 hands are raised. > > Streebog and Kuznyechik (Lėo Perrin) > PHB: Some jiggering going on. > Yoav: Why does ISO standardization matter? > Russ Housley: We only know that something smells funny. > Stanislav: Thanks for doing the analysis. There was public info before standardization. > Maybe not as public as it should have been. Agree that any analysis should be done. > Concerns should be investigated. Papers say there are structures, not showing how it could be exploited. > If you find attack or hazard, I'll be happy to discuss with you. > For now we only have structures. > Léo: Right. No attack. Analyzers should have had all the information. > Vasily Dolmatov: Structure does not imply vulnerability. We appreciate this. It is important for transparency. > > Hash to curve update (Riad Wahby) > (no comment) > Alexey: 1 more revision? More? > Riad: Close to done; need to cover a few more curves. No huge changes. > > PAKE Contest Update (Stanislav) > Vasily Dolmatov: Hopefully people from TLS or IKEv2 are here. Otherwise we need to contact them. > Chairs: TLS people are here. > Yoav: Also IKE people > Bjoern Haase: Could you post the place where to find the replies regarding VTBPEKE? I did not find it on the mailing list. > Stanislav: Yes. They're either on the lNist or the chairs posted to the list. We'll try to publish again in a convenient way. > > Nick: Still looking for volunteers for the panel. Would like people to review more than one for better comparison. > > > > _______________________________________________ > Cfrg mailing list > Cfrg@irtf.org > https://www.irtf.org/mailman/listinfo/cfrg
- [Cfrg] Raw minutes of today's meeting Yoav Nir
- Re: [Cfrg] Raw minutes of today's meeting Василий Долматов
- Re: [Cfrg] Raw minutes of today's meeting Yoav Nir
- Re: [Cfrg] Raw minutes of today's meeting Shoko YONEZAWA