Re: [Cfrg] CFRG Review Panel - Draft Charter

"Paterson, Kenny" <Kenny.Paterson@rhul.ac.uk> Wed, 11 May 2016 14:11 UTC

Return-Path: <Kenny.Paterson@rhul.ac.uk>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CF35D12B060 for <cfrg@ietfa.amsl.com>; Wed, 11 May 2016 07:11:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=rhul.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dsFQ7uS8Qn6S for <cfrg@ietfa.amsl.com>; Wed, 11 May 2016 07:11:16 -0700 (PDT)
Received: from emea01-am1-obe.outbound.protection.outlook.com (mail-am1on0622.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe00::622]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 60C0412DAF1 for <cfrg@irtf.org>; Wed, 11 May 2016 07:11:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rhul.onmicrosoft.com; s=selector1-rhul-ac-uk; h=From:To:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=tnkRw5xwiVSTkaKkQ3Ii6uCj4RRtsUyuPqIDcr2G6bA=; b=OuZaSgSaagxhV6mY80qRy9nbs/f2MdvqbyHg0SVWQ9PMXttVM6i2vWFJgIxn9CzVcJQBkri/LgaijdGZaxVW4OnTPcN15KvxeBLaH3Cs4lr9O8uLsDr7vJxP8pNmfxZ0XbtnnawEKegf5Akx2UFcqDo+BkXGlOE1LwohZss3iAU=
Received: from VI1PR03MB1822.eurprd03.prod.outlook.com (10.166.42.148) by VI1PR03MB1821.eurprd03.prod.outlook.com (10.166.42.147) with Microsoft SMTP Server (TLS) id 15.1.492.11; Wed, 11 May 2016 14:10:54 +0000
Received: from VI1PR03MB1822.eurprd03.prod.outlook.com ([10.166.42.148]) by VI1PR03MB1822.eurprd03.prod.outlook.com ([10.166.42.148]) with mapi id 15.01.0492.016; Wed, 11 May 2016 14:10:54 +0000
From: "Paterson, Kenny" <Kenny.Paterson@rhul.ac.uk>
To: Aaron Zauner <azet@azet.org>, Yoav Nir <ynir.ietf@gmail.com>
Thread-Topic: [Cfrg] CFRG Review Panel - Draft Charter
Thread-Index: AQHRqrpB7uJdOYB4nkmSuzAd3KJ4JJ+ym62AgACjOgCAAJqjAA==
Date: Wed, 11 May 2016 14:10:54 +0000
Message-ID: <D358F386.6C24A%kenny.paterson@rhul.ac.uk>
References: <B8C1696D-A9B3-4CC5-A9E3-2F4C155ACCCA@isode.com> <9D2D5FC6-71B1-44D7-94CB-5804C534242F@gmail.com> <9CE2AD54-1032-4453-9B95-D05E98A125B1@azet.org>
In-Reply-To: <9CE2AD54-1032-4453-9B95-D05E98A125B1@azet.org>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.6.3.160329
authentication-results: azet.org; dkim=none (message not signed) header.d=none;azet.org; dmarc=none action=none header.from=rhul.ac.uk;
x-ms-exchange-messagesentrepresentingtype: 1
x-originating-ip: [213.47.226.15]
x-ms-office365-filtering-correlation-id: a2371540-b98f-4527-d0ff-08d379a6111e
x-microsoft-exchange-diagnostics: 1; VI1PR03MB1821; 5:2EKwY1vTNl9+5teAdW6C04hOAJ3YK3nBCDGW5z6PwqeykeewP0GgHsnC0+3EByaiCx40LGETvqtTHIIgpydaDKsbmbvsS/qf8C96tsegqoIzBA+QVlSmYv9bJnEmfCdxU/V8qYymcLYAcRTOwoWIXQ==; 24:0hGvA7a5qbxPmg8Zmy1ReqsbiUZsyMEIwq+2OUIbwp63ncRQ2WuC+maGRLdMTALduvLrf+0u3eBLPKRHSN+uwf5vi14rO+ojF52E8roYbsY=; 7:siRu4tlXJHZ8ZmH3yxQjD82F5Q6Fkn9Mz2iMZFLwNneoij2yYKzQyh49WkOcLt7PG5+bAF76/uVGf7IlpdU10VlRygFy7tWnI7gq3s78Eu/6mBBm7TwuY2WKbexbnQ9bZCGcEvdmk7n/utSIY1EChe+Cx28H9XItI4l3X1Bptkk=
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:VI1PR03MB1821;
x-microsoft-antispam-prvs: <VI1PR03MB1821AAF276C4A3CCBDE0D8F8BC720@VI1PR03MB1821.eurprd03.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(601004)(2401047)(8121501046)(5005006)(3002001)(10201501046); SRVR:VI1PR03MB1821; BCL:0; PCL:0; RULEID:; SRVR:VI1PR03MB1821;
x-forefront-prvs: 0939529DE2
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(24454002)(8936002)(10400500002)(5001770100001)(4001350100001)(19580405001)(19580395003)(77096005)(81166006)(3280700002)(87936001)(74482002)(561944003)(122556002)(11100500001)(86362001)(2900100001)(2950100001)(102836003)(5004730100002)(83506001)(5008740100001)(189998001)(66066001)(586003)(3846002)(4326007)(54356999)(5002640100001)(76176999)(6116002)(50986999)(3660700001)(1220700001)(106116001)(36756003)(92566002)(2906002); DIR:OUT; SFP:1101; SCL:1; SRVR:VI1PR03MB1821; H:VI1PR03MB1822.eurprd03.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en;
Content-Type: text/plain; charset="utf-8"
Content-ID: <05CB5997D2797D408129D0C348523C46@eurprd03.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: rhul.ac.uk
X-MS-Exchange-CrossTenant-originalarrivaltime: 11 May 2016 14:10:54.7042 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2efd699a-1922-4e69-b601-108008d28a2e
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR03MB1821
Archived-At: <http://mailarchive.ietf.org/arch/msg/cfrg/qoFrCfvmJDz1PUSD_YgH9KvPPN4>
Resent-From: <alias-bounces@ietf.org>
Resent-To: @ietf.org
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] CFRG Review Panel - Draft Charter
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 May 2016 14:11:24 -0000

Hi,

On 11/05/2016 06:58, "Cfrg on behalf of Aaron Zauner"
<cfrg-bounces@irtf.org on behalf of azet@azet.org> wrote:

>
>> On 11 May 2016, at 03:14, Yoav Nir <ynir.ietf@gmail.com> wrote:
>> But nonce reuse doesn’t happen in many of our favorite protocols: SSH,
>>TLS, IPsec, S/Mime, so AES-GCM-SIV is not a good algorithm for any of
>>those, or at least no better than regular AES-GCM. I’d like a review to
>>tell what kind of protocols or use cases might benefit from an algorithm
>>with this property, such as multicast IPsec with multiple senders or
>>group unicast IPsec such as Cisco’s GET-VPN.
>
>Full disclosure, since this is somewhat public by now anyways: It does
>happen in TLS. The chairs received an abstract on a soon-to-be published
>paper in the matter late yesterday as did Stephen Farrell (as you're
>aware you're not affected :)). One of the chairs has a full working
>copy/author version including PoC code for our attack.
>
>To that extent may I ask the following question: with proposals like
>AES-GCM-SIV, should I press cryptographers that initially submitted to
>CAESAR to submit drafts to CFRG, fill up everyones pipeline and get CFRG
>into dead-lock?
>How do we deal with that problem? How's CFRG better/different for IETF
>than a proper crypto competition (even if some take ages, or seem to be a
>never ending story).

Chairs' general preference is to wait for the outcomes of crypto
competitions and then adopt (and possibly adapt) winners or selected
finalists. We will do that with CASEAR once it eventually reaches its
conclusion. 

However, in this instance, a group of authors came to CFRG with a specific
proposal. We polled for feedback on the wisdom of accepting the proposal.
There was not a strong consensus for doing so, with some people being
strongly opposed, and other people being in favour. Chairs were then
required to make a decision on what to do. We decided to adopt the draft.
Some people continue to disagree with our decision. That's understandable,
but it's not going to change the decision that we made.

People are perfectly at liberty to continue to complain, but we would very
much prefer if their energy was instead directed towards analysing the
draft and providing useful feedback to the authors.

Regards,

Kenny


>
>Aaron