Re: [Cfrg] I-D Action: draft-irtf-cfrg-chacha20-poly1305-06.txt

Yoav Nir <ynir.ietf@gmail.com> Thu, 15 January 2015 10:49 UTC

Return-Path: <ynir.ietf@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BEEBC1B2BDF for <cfrg@ietfa.amsl.com>; Thu, 15 Jan 2015 02:49:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.6
X-Spam-Level:
X-Spam-Status: No, score=-0.6 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nhhuzjzgRjvd for <cfrg@ietfa.amsl.com>; Thu, 15 Jan 2015 02:49:47 -0800 (PST)
Received: from mail-wg0-x235.google.com (mail-wg0-x235.google.com [IPv6:2a00:1450:400c:c00::235]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 778B41B2BE3 for <cfrg@irtf.org>; Thu, 15 Jan 2015 02:49:47 -0800 (PST)
Received: by mail-wg0-f53.google.com with SMTP id x13so14087016wgg.12 for <cfrg@irtf.org>; Thu, 15 Jan 2015 02:49:46 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=H6B5rkU1lxjgFNuELD4Tug3gMF+okfPwO8AFI/pawXU=; b=pZa5XoB9TnGjKLBQgEAZcR5OHvB7m/kb9tyS12emOKaPmXf7Y1YsItqFUBWpqmWG/d gGJnoHxyhPlsDqORX3U64q97TrxUCaKrwiD3OmAJ0Kg+OI6gzeFVA3GjJ2tcFunTyNP3 q/B0CovNVhu6swQp+R5n7N0NNJn5eT8QQeZdfGVMH28Umgoy4okpfpe10RUkR7faWLXm WO+yyoql32xp4WAq9pdPcDrkJO5THUMSMKEsmye3E8InoOF5GcodLEaJ2m7a0dcBhW9R VITJPSXjq7c1D+PLtrfRUDdEcGjDNjB2iPYkgQlDz5x0RNv8a0GjhnCIVNk5/0n3IVJj C8Qg==
X-Received: by 10.180.20.177 with SMTP id o17mr11212050wie.64.1421318986169; Thu, 15 Jan 2015 02:49:46 -0800 (PST)
Received: from [172.24.251.208] (dyn32-131.checkpoint.com. [194.29.32.131]) by mx.google.com with ESMTPSA id x2sm1582209wjx.9.2015.01.15.02.49.45 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Thu, 15 Jan 2015 02:49:45 -0800 (PST)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 8.1 \(1993\))
From: Yoav Nir <ynir.ietf@gmail.com>
In-Reply-To: <54B775C8.9070802@akr.io>
Date: Thu, 15 Jan 2015 12:49:42 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <D1F75AFE-D628-4209-90F1-29ECBF7751D5@gmail.com>
References: <20150114143413.12276.29693.idtracker@ietfa.amsl.com> <0ED4D299-2CCC-4427-A52C-2F7BDD4634EE@akr.io> <7FB23519-5635-46AA-AFB7-C4D8A4210AF1@gmail.com> <CAGvU-a7x6SaeCiqX5DtKeDhLTTmc8fF9j56V+5J6UOVYEE5LZg@mail.gmail.com> <54B775C8.9070802@akr.io>
To: Alyssa Rowan <akr@akr.io>
X-Mailer: Apple Mail (2.1993)
Archived-At: <http://mailarchive.ietf.org/arch/msg/cfrg/rFgx3Q5cxsW8I9jNhVkJ92plIaM>
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] I-D Action: draft-irtf-cfrg-chacha20-poly1305-06.txt
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Jan 2015 10:49:53 -0000

> On Jan 15, 2015, at 10:09 AM, Alyssa Rowan <akr@akr.io> wrote:
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
> 
> On 14/01/2015 16:06, Yoav Nir wrote:
> 
>>> ..."in constant time", perhaps we should add there, in case 
>>> someone gets some bright ideas with plain vanilla memcmp() from 
>>> that paragraph? Just a thought.
>> Does it matter?
> 
> Possibly not, as you say; but caution definitely can't hurt here.

I’m guessing anyone who is implementing a security algorithm or security protocol already has a constant-time variation of memcmp (and if they don’t, they really really should). So a reminder to use this API instead of that API is not such an onerous requirement.

>> OK. Submitted
> 
> Thanks very much.
> 
> - -- 
> /akr