Re: [CFRG] IRTF Chair review of draft-irtf-cfrg-vrf-12
Colin Perkins <csp@csperkins.org> Thu, 16 June 2022 11:38 UTC
Return-Path: <csp@csperkins.org>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E849FC157908; Thu, 16 Jun 2022 04:38:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=csperkins.org
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wvcLLpjEiJJR; Thu, 16 Jun 2022 04:38:11 -0700 (PDT)
Received: from mx2.mythic-beasts.com (mx2.mythic-beasts.com [IPv6:2a00:1098:0:82:1000:0:2:1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1D325C14CF05; Thu, 16 Jun 2022 04:38:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=csperkins.org; s=mythic-beasts-k1; h=Date:Subject:To:From; bh=TEaOep+1tg28rXh69b+X37VFD4h5YTqrGw4iXamFwm0=; b=UtHYc49OsiSQru5mOYNVx5BUdq S8BcpIWiAJEU32jz35dDr8SyOC1MEG/ai+t/XmkAak18xO38knKRs+Suc/OF06T7bfM3Sw0dYkFZz CzC8TrmjVxMI11E94jOXz/HotnuTy1BotA7J/jyAQKvzxefdlOthatNw9YJbMC6x5NZq7xlRaIRDJ AvAOxBAu86yxRlr6nGejOKZqINzM4Ey/tR03Ta8H5D9lkrkNuzLEkoMSBpAge0AOhbFPcR/2mJcyW L3W5mzwAOmO8m9mAeE4kyd4TCBMLhDKVGjn4HWkJ++S/34IWM5ZJQNSWkML7Zz9T6+DRWHRv7ZsuM xgCzTUnQ==;
Received: from [81.187.2.149] (port=40474 helo=[172.28.128.1]) by balrog.mythic-beasts.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92.3) (envelope-from <csp@csperkins.org>) id 1o1np7-0007Kc-HR; Thu, 16 Jun 2022 12:38:09 +0100
From: Colin Perkins <csp@csperkins.org>
To: Leonid Reyzin <reyzin@cs.bu.edu>
Cc: draft-irtf-cfrg-vrf@ietf.org, cfrg@ietf.org
Date: Thu, 16 Jun 2022 12:37:50 +0100
X-Mailer: MailMate (1.14r5898)
Message-ID: <9CD2685D-BD10-4DCA-9A30-1FCE1EA61806@csperkins.org>
In-Reply-To: <CAHZ6D0v5NtY__Ymuj42osPDFVoPhc8xjy=+OTG3DK-gCYSTSkg@mail.gmail.com>
References: <527361AC-2443-41B0-B74C-8534D816CCC2@csperkins.org> <CAHZ6D0v5NtY__Ymuj42osPDFVoPhc8xjy=+OTG3DK-gCYSTSkg@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="=_MailMate_2BC5743A-FAC1-486D-8FF5-15DDB69051FE_="
Content-Transfer-Encoding: 8bit
Embedded-HTML: [{"plain":[195, 3607], "uuid":"39083EE4-1C18-4ADF-94EF-E9CCF431C257"}]
X-BlackCat-Spam-Score: 9
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/q53fTgcTYqeaqvRZasFn6uooCUo>
Subject: Re: [CFRG] IRTF Chair review of draft-irtf-cfrg-vrf-12
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Jun 2022 11:38:16 -0000
Dear Leo, Thank you for the fast response and update. This new version addresses my comments. I’ll move the draft on to IRSG review. Colin On 15 Jun 2022, at 21:21, Leonid Reyzin wrote: > Dear Colin, > > Thank you for your feedback. We addressed all your comments. > Specifically, > for Section 5.4.5, we explained that this algorithm MAY be used, and > added > a considerable amount of rationale for its design, including the > rationale > for the choice of bad_y2. For deciding which algorithm to use, we > added a > paragraph to Section 1 that points to security differences among the > algorithms as addressed in Sections 3 and 7. > > As far as the test vectors, the entire section is generated directly > by the > reference implementation, which directly outputs xml2rfc version 3. > The > reference implementation itself has been extensively debugged and > tested > against other implementations of relevant components. > > We uploaded the new version (-13) to > https://datatracker.ietf.org/doc/draft-irtf-cfrg-vrf/ > > Finally, regarding IPR disclosures, we are not aware of any IPR > claims. > > Thanks for your work, > > Leo > > > On Wed, Jun 15, 2022 at 9:28 AM Colin Perkins <csp@csperkins.org> > wrote: > >> The CFRG chairs have requested that draft-irtf-cfrg-vrf-12 be >> published as >> an RFC on the IRTF stream. The IRTF publication process is described >> in RFC >> 5743, and comprises a review by the IRSG to ensure technical and >> editorial >> quality, followed by a check by the IESG to ensure the work does not >> conflict with IETF standards activities. >> >> As IRTF Chair, I perform an initial review of all drafts submitted >> for >> publication on the IRTF stream before sending them for detailed >> review by >> the IRSG. This note provides my review comments, for discussion. >> >> Authors, please can you also respond to this message to confirm that >> all >> necessary IPR disclosures, as described on >> https://irtf.org/policies/ipr, >> have been made? >> >> Result: Almost Ready >> >> RFC 5743 compliance: The draft follows the guidelines in RFC 5743 >> >> Comments: >> >> Thank you for preparing this draft. On the whole, I found it clearly >> written and easy to follow. I have some minor questions for >> clarification, >> and a couple of nits to address: >> >> - >> >> Nit: I suggest to remove the §1.1 sub-heading, and to move the >> sentence “This document represents the consensus of the Crypto >> Forum >> Research Group (CFRG)” to follow the two paragraphs that >> currently comprise >> Section 1.1. >> - >> >> Nit: RFC 8174 updates RFC 2119 and suggests a slightly different >> phrasing for the key words section. Suggest updating to use that >> reference >> instead of RFC 2119. >> - >> >> Section 5.4.5 defines bad_y2 = >> 2707385501144840649318225287225658788936804267575313519463743609750303402022. >> It’s not clear why this particular value was chosen. The >> discussion at the >> end of the section hints at an answer, but I wonder if it should >> be more >> specific? >> - >> >> Section 5.4.5 says “For example, the following algorithm may be >> used…”. This seems imprecise. How important is the choice of >> algorithm? >> - >> >> As a general point, I found that the draft clearly describes the >> algorithms to be used, but was less clear in describing when to >> use each of >> them, and what are the trade-offs between the different choices. >> It may be >> worth expanding the Introduction a little to outline applicability >> of the >> different options. >> - >> >> The appendix contains extensive test vectors. Has there been some >> test >> performed to compare these with known-correct outputs, to make >> sure no >> typos have been introduced when preparing the draft? >> >> Colin Perkins >> IRTF Chair >>
- [CFRG] IRTF Chair review of draft-irtf-cfrg-vrf-12 Colin Perkins
- Re: [CFRG] IRTF Chair review of draft-irtf-cfrg-v… Leonid Reyzin
- Re: [CFRG] IRTF Chair review of draft-irtf-cfrg-v… Colin Perkins