Re: [Cfrg] [irsg] IRSG review of draft-irtf-cfrg-ocb

Stephen Farrell <> Mon, 13 January 2014 23:35 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 5768E1AE1EF; Mon, 13 Jan 2014 15:35:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.438
X-Spam-Status: No, score=-2.438 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.538] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id kt0sEocPEeAx; Mon, 13 Jan 2014 15:35:11 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id BEDD31AE1E2; Mon, 13 Jan 2014 15:35:07 -0800 (PST)
Received: from localhost (localhost []) by (Postfix) with ESMTP id A5A02BE3E; Mon, 13 Jan 2014 23:34:55 +0000 (GMT)
X-Virus-Scanned: Debian amavisd-new at
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id rducZXSbPo3k; Mon, 13 Jan 2014 23:34:54 +0000 (GMT)
Received: from [] (unknown []) by (Postfix) with ESMTPSA id 270DABE35; Mon, 13 Jan 2014 23:34:54 +0000 (GMT)
Message-ID: <>
Date: Mon, 13 Jan 2014 23:34:53 +0000
From: Stephen Farrell <>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.2.0
MIME-Version: 1.0
To: David McGrew <>, "Eggert, Lars" <>, Kevin Fall <>
References: <> <> <> <> <>
In-Reply-To: <>
X-Enigmail-Version: 1.6
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Cc: Börje Ohlman <>,, "" <>
Subject: Re: [Cfrg] [irsg] IRSG review of draft-irtf-cfrg-ocb
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 13 Jan 2014 23:35:14 -0000

Hi David,

On 01/13/2014 07:48 PM, David McGrew wrote:
> So you don't need to look for it: the ticket for draft-irtf-cfrg-ocb
> Stephen, thanks for offering to do the review.

No problem. My review below. My points are all nits. This is

- I think s/privacy/confidentiality/g would be a good change.
Privacy involves more than confidentiality and crypto only
provides the latter. But this draft is by no means the only
sinner in this respect.

- "As with most modes of operation, security degrades in the
square of the number of blocks of texts divided by two to the
blocklength." That could do with a reference or being expanded a
bit. The CFRG reader should be ok with it but if/when OCB gets
some IETF adoption, or when this is read by less crypto-aware
folk, that will be too terse I think. (The same point is made in
the security considerations more clearly so maybe could be
deleted from the earlier section. But maybe its now in twice
because of someone else's comment;-)

- I didn't check the algorithm description nor examples in
detail as IRSG review assumes the RG did that.

Process crapology below. CFRG can ignore.

- Section 6 - Its normal to actually ask IANA to do stuff so
they know what to do when reviewing the draft. And then the text
is changed by the RFC editor to say that IANA has added etc. No
big deal because they'll figure it out.

- Not related to this draft: RFC 5116 says AEAD registrations
SHOULD be reviewed by CFRG. What if CFRG ceases to exist? Be no
harm to sometime say who'd inherit that role maybe. I guess if
the IRTF don't say, and if/when CFRG passes away, then IANA will
ask the IAB/IRSG/IESG probably and there'll be a minor fuss when
someone gets the wrong end of the stick. That's one for Lars
really - what should happen in general with IANA registries
depending on expired RGs for review? (My take - IRTF chair
appoints an expert reviewer or two when killing an RG with
registries and use IRSG list for discussion of requests until
that gets to be a PITA. But before Lars asks, no, I won't
write a draft describing that just now:-)

- I note that the IETF tools page doesn't list the IPR for this
but does for draft-krovetz-ocb. The datatracker page does show
the IPR correctly. I thought that had been fixed since the
replaced-by stuff seems right here. Ah well.