Re: [Cfrg] CFRG Review Panel - Draft Charter

"Paterson, Kenny" <> Wed, 11 May 2016 14:11 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id CF35D12B060 for <>; Wed, 11 May 2016 07:11:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id dsFQ7uS8Qn6S for <>; Wed, 11 May 2016 07:11:16 -0700 (PDT)
Received: from ( [IPv6:2a01:111:f400:fe00::622]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 60C0412DAF1 for <>; Wed, 11 May 2016 07:11:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=selector1-rhul-ac-uk; h=From:To:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=tnkRw5xwiVSTkaKkQ3Ii6uCj4RRtsUyuPqIDcr2G6bA=; b=OuZaSgSaagxhV6mY80qRy9nbs/f2MdvqbyHg0SVWQ9PMXttVM6i2vWFJgIxn9CzVcJQBkri/LgaijdGZaxVW4OnTPcN15KvxeBLaH3Cs4lr9O8uLsDr7vJxP8pNmfxZ0XbtnnawEKegf5Akx2UFcqDo+BkXGlOE1LwohZss3iAU=
Received: from ( by ( with Microsoft SMTP Server (TLS) id 15.1.492.11; Wed, 11 May 2016 14:10:54 +0000
Received: from ([]) by ([]) with mapi id 15.01.0492.016; Wed, 11 May 2016 14:10:54 +0000
From: "Paterson, Kenny" <>
To: Aaron Zauner <>, Yoav Nir <>
Thread-Topic: [Cfrg] CFRG Review Panel - Draft Charter
Thread-Index: AQHRqrpB7uJdOYB4nkmSuzAd3KJ4JJ+ym62AgACjOgCAAJqjAA==
Date: Wed, 11 May 2016 14:10:54 +0000
Message-ID: <>
References: <> <> <>
In-Reply-To: <>
Accept-Language: en-GB, en-US
Content-Language: en-US
user-agent: Microsoft-MacOutlook/
authentication-results:; dkim=none (message not signed) header.d=none;; dmarc=none action=none;
x-ms-exchange-messagesentrepresentingtype: 1
x-originating-ip: []
x-ms-office365-filtering-correlation-id: a2371540-b98f-4527-d0ff-08d379a6111e
x-microsoft-exchange-diagnostics: 1; VI1PR03MB1821; 5:2EKwY1vTNl9+5teAdW6C04hOAJ3YK3nBCDGW5z6PwqeykeewP0GgHsnC0+3EByaiCx40LGETvqtTHIIgpydaDKsbmbvsS/qf8C96tsegqoIzBA+QVlSmYv9bJnEmfCdxU/V8qYymcLYAcRTOwoWIXQ==; 24:0hGvA7a5qbxPmg8Zmy1ReqsbiUZsyMEIwq+2OUIbwp63ncRQ2WuC+maGRLdMTALduvLrf+0u3eBLPKRHSN+uwf5vi14rO+ojF52E8roYbsY=; 7:siRu4tlXJHZ8ZmH3yxQjD82F5Q6Fkn9Mz2iMZFLwNneoij2yYKzQyh49WkOcLt7PG5+bAF76/uVGf7IlpdU10VlRygFy7tWnI7gq3s78Eu/6mBBm7TwuY2WKbexbnQ9bZCGcEvdmk7n/utSIY1EChe+Cx28H9XItI4l3X1Bptkk=
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:VI1PR03MB1821;
x-microsoft-antispam-prvs: <>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(601004)(2401047)(8121501046)(5005006)(3002001)(10201501046); SRVR:VI1PR03MB1821; BCL:0; PCL:0; RULEID:; SRVR:VI1PR03MB1821;
x-forefront-prvs: 0939529DE2
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(24454002)(8936002)(10400500002)(5001770100001)(4001350100001)(19580405001)(19580395003)(77096005)(81166006)(3280700002)(87936001)(74482002)(561944003)(122556002)(11100500001)(86362001)(2900100001)(2950100001)(102836003)(5004730100002)(83506001)(5008740100001)(189998001)(66066001)(586003)(3846002)(4326007)(54356999)(5002640100001)(76176999)(6116002)(50986999)(3660700001)(1220700001)(106116001)(36756003)(92566002)(2906002); DIR:OUT; SFP:1101; SCL:1; SRVR:VI1PR03MB1821;; FPR:; SPF:None; MLV:sfv; LANG:en;
Content-Type: text/plain; charset="utf-8"
Content-ID: <>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-originalarrivaltime: 11 May 2016 14:10:54.7042 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2efd699a-1922-4e69-b601-108008d28a2e
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR03MB1821
Archived-At: <>
Resent-From: <>
Cc: "" <>
Subject: Re: [Cfrg] CFRG Review Panel - Draft Charter
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Crypto Forum Research Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 11 May 2016 14:11:24 -0000


On 11/05/2016 06:58, "Cfrg on behalf of Aaron Zauner"
< on behalf of> wrote:

>> On 11 May 2016, at 03:14, Yoav Nir <> wrote:
>> But nonce reuse doesn’t happen in many of our favorite protocols: SSH,
>>TLS, IPsec, S/Mime, so AES-GCM-SIV is not a good algorithm for any of
>>those, or at least no better than regular AES-GCM. I’d like a review to
>>tell what kind of protocols or use cases might benefit from an algorithm
>>with this property, such as multicast IPsec with multiple senders or
>>group unicast IPsec such as Cisco’s GET-VPN.
>Full disclosure, since this is somewhat public by now anyways: It does
>happen in TLS. The chairs received an abstract on a soon-to-be published
>paper in the matter late yesterday as did Stephen Farrell (as you're
>aware you're not affected :)). One of the chairs has a full working
>copy/author version including PoC code for our attack.
>To that extent may I ask the following question: with proposals like
>AES-GCM-SIV, should I press cryptographers that initially submitted to
>CAESAR to submit drafts to CFRG, fill up everyones pipeline and get CFRG
>into dead-lock?
>How do we deal with that problem? How's CFRG better/different for IETF
>than a proper crypto competition (even if some take ages, or seem to be a
>never ending story).

Chairs' general preference is to wait for the outcomes of crypto
competitions and then adopt (and possibly adapt) winners or selected
finalists. We will do that with CASEAR once it eventually reaches its

However, in this instance, a group of authors came to CFRG with a specific
proposal. We polled for feedback on the wisdom of accepting the proposal.
There was not a strong consensus for doing so, with some people being
strongly opposed, and other people being in favour. Chairs were then
required to make a decision on what to do. We decided to adopt the draft.
Some people continue to disagree with our decision. That's understandable,
but it's not going to change the decision that we made.

People are perfectly at liberty to continue to complain, but we would very
much prefer if their energy was instead directed towards analysing the
draft and providing useful feedback to the authors.