Re: [CFRG] (I don't agree) Re: [Errata Held for Document Update] RFC8032 (5759)
"Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu> Tue, 15 February 2022 21:49 UTC
Return-Path: <prvs=00452c4725=uri@ll.mit.edu>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8A2363A0C36 for <cfrg@ietfa.amsl.com>; Tue, 15 Feb 2022 13:49:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id R_QpILdmFHfQ for <cfrg@ietfa.amsl.com>; Tue, 15 Feb 2022 13:49:52 -0800 (PST)
Received: from MX3.LL.MIT.EDU (mx3.ll.mit.edu [129.55.12.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3FADC3A0C0A for <cfrg@irtf.org>; Tue, 15 Feb 2022 13:49:51 -0800 (PST)
Received: from LLEX2019-1.mitll.ad.local (llex2019-1.llan.ll.mit.edu [172.25.4.123]) by MX3.LL.MIT.EDU (8.16.1.2/8.16.1.2) with ESMTPS id 21FLnp1r245027 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Tue, 15 Feb 2022 16:49:51 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector5401; d=microsoft.com; cv=none; b=WCypSbbtEE/i9jxwMzWiq+rBLzGRWtFajdkH+ozHBhtKJ1gCeWFbs0X3GwF5OcehWY6EkobqhCz2tAgr2awIOIzS1RQmyNY8/oTXrt4Tyo4ouoixtv39hyCOFXJQBbwKFkNQjiVtss1D5glzJS2s0GZ9fPU9an8rQnDTQLy3CXvE1KihP374QhxgBUJB/OYuWXlNUvHvI+q1ArE7lmFKOaJ9BAG2hvruB2k/kw9Q17z3TMfXF9UAM954gHQ1NF07bM3/xQRN66erIA2PR6xLtjB+K00KT9xhEqFcwbHP9ct9rv36hGtkvjNfeYGQuTId2T9zaD5lcoq+oXEi2YW20A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector5401; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=4jYOz19NmVwUdCI5st7CAenurOhWBvzzho+X2ypO8cs=; b=Y1+BRyri9QHb1cTlS6sZMr5VxkYOcwArwVLxmdV/g9kdDIw55bGjz9atmrHsvZRWEwH6BX2lXyIseSt/WRlrlUdSslSp9EnUKrQb/wWeBGV3zy4xuh/iwrnI/rJgG3n3QkiUgtkbtkLiJ0LgU5P5BSqaf0qJHlwN1chEIhsgA6Qrl+lq+M+1301R+tNr/+2k2XDJVItDngtyZGQFNqfLfXvdPLU5qNHwYbWdhZSU4U7bgVb0gyuuFfaplifl8r5NHDOg+bN5V7R0B6FYeSD23N5qOKslvszgUAaosH522d3releKNMk29GaBlh5A4Ii2tB5T9yinS/fNkG60HfIjkA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ll.mit.edu; dmarc=pass action=none header.from=ll.mit.edu; dkim=pass header.d=ll.mit.edu; arc=none
From: "Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu>
To: Rene Struik <rstruik.ext@gmail.com>
CC: "cfrg@irtf.org" <cfrg@irtf.org>
Thread-Topic: [CFRG] (I don't agree) Re: [Errata Held for Document Update] RFC8032 (5759)
Thread-Index: AQHYIq6M5JpAryMSIESDrjuUn2NPoKyVJoAA
Date: Tue, 15 Feb 2022 21:49:41 +0000
Message-ID: <06FD621A-356B-46B1-AF52-E5A545623E3B@ll.mit.edu>
References: <dae8733b-7317-f82b-6f56-3b2e7980c759@gmail.com>
In-Reply-To: <dae8733b-7317-f82b-6f56-3b2e7980c759@gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: a5746ba1-230d-47df-b31f-08d9f0cd1246
x-ms-traffictypediagnostic: BN0P110MB1226:EE_
x-microsoft-antispam-prvs: <BN0P110MB1226C1AAB1E454EB920F64C390349@BN0P110MB1226.NAMP110.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:1107;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: TCl0sd40ITBIt9eYfxfnWdhG1UwQLYgUCg5GX1Iv1w9xJ0n1G83H2J5tawBLX6o6i3Mce9PFilm+iVjY/nY3JViPf9v+t4g9rkNsBOoZHqIy3JS7gwL+iGuXvat+aASnTSzOyZvlNcrS70Utm93ORXxasNolg+JNadOit1vV6p+oxK1Em1MjIjmwMh39LaqVPWuIcRLmkWV/pIO6AMAV5GURd/7J3PsBV4xccfYa1DzY3hvCgCtfuaGAxrvilaShVwg3KWDJhnnc7vmI/Tc4NRqDXMbJFf86OEineJ4jWnHqS9kvdSRRRU6e3w1IovNzZzyhDtFPJTt9C4IQh8IIwqvVPlxwvp3F8hsjNG5ohGM24cA4h0/XpWAKbd1XKsyVzmohXFI+JzUWFARfetlqKD1w+l3zcxsXAEQH43sbw+NgPdgHdpFd3lh/YO7YbBE3tHrNOWL2VrdxVi/yub+8X4Y9xCo9IKYQedBvVat8j6T+vTwQys+Kw8le6R4+lxV1CeozpOZNF5tVpc2kLEbu1yytr9x2INqtX3kM0sK0EUsS3Pa+jJSetEFog1jeA8WeV4jggq8XqlyWVcljJcdsEx1F1lU6iuc7UV1LqnuWtLyvEriK8pRL399P8p96FmE/SF+9+tQAxyVLZbyFpgcCqXDu/QgbQLHaF66smt8san0uH/6syfBUpujlOoWqLeWNiRDwIho7j2qXb/x4EP3ne7y2em3zLXp0Z17M7tDt4jI=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BN0P110MB1419.NAMP110.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230001)(366004)(75432002)(15650500001)(38070700005)(83380400001)(508600001)(8936002)(5660300002)(71200400001)(2906002)(33656002)(40140700001)(2616005)(66946007)(86362001)(6512007)(316002)(53546011)(6506007)(4326008)(8676002)(966005)(6486002)(6916009)(64756008)(76116006)(99936003)(66446008)(66476007)(66556008)(186003)(122000001)(45980500001); DIR:OUT; SFP:1102;
Content-Type: multipart/signed; boundary="Apple-Mail-15D2AFDF-E00C-465A-AAFF-1CD11C6EC36E"; protocol="application/pkcs7-signature"; micalg="sha-256"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BN0P110MB1419.NAMP110.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: a5746ba1-230d-47df-b31f-08d9f0cd1246
X-MS-Exchange-CrossTenant-originalarrivaltime: 15 Feb 2022 21:49:41.4440 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 83d1efe3-698e-4819-911b-0a8fbe79d01c
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN0P110MB1226
X-Proofpoint-ORIG-GUID: jZ2wqCp1NljYV7WDLDeznpVGtjAxCA6k
X-Proofpoint-GUID: jZ2wqCp1NljYV7WDLDeznpVGtjAxCA6k
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.425, 18.0.816 definitions=2022-02-15_06:2022-02-14, 2022-02-15 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 phishscore=0 mlxscore=0 mlxlogscore=999 suspectscore=0 spamscore=0 bulkscore=0 malwarescore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2201110000 definitions=main-2202150123
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/taqFbEB-xPzpxBLOrLIKUBkvww0>
Subject: Re: [CFRG] (I don't agree) Re: [Errata Held for Document Update] RFC8032 (5759)
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Feb 2022 21:49:58 -0000
Respectfully disagree. IMHO, both IETF and IRTF documents should provide as much guidance on secure efficient implementation of the algorithms they define, as practically possible. After all, the target audience of these documents supposed to be implementers. Of course, this assumes that the authors do have a clue how to implement their algorithm securely and efficiently. Regards, Uri > On Feb 15, 2022, at 15:56, Rene Struik <rstruik.ext@gmail.com> wrote: > > slightly changed the subject header to facilitate tracking (my apologies for resend) > >> On 2022-02-15 3:53 p.m., Rene Struik wrote: >> Hi Stanislav: >> >> I do not agree: work products of CFRG should try and avoid the tendency to try and be the ultimate implementation guidance as well (which we should have learned by now). >> >> For CFRG to produce technically sound, well-written documents is hard enough. For it to also be a know-all on how to securely or efficiently implement things is a recipe for trouble (although it should of course not specify things that cannot reasonably be implemented securely). >> >> In this case, while the formulae in RFC 8032 are clumsy, these are correct, and the relative merit of changing these (~1% efficiency gain) is insufficient to warrant time and effort (including effort to find knowledgeable people to review this, explain this to be people who were not in the room while changing this, etc.). >> >> As I wrote in my email of Jan 31, 2022, 3.47pm EST: >> In my mind, one of the lessons to be learned here is that it would be highly recommended to stop the recent practice of CFRG to produce drafts that are a curious mix of specification and implementation details (which makes of this academic paper generators in the SCA space and, moreover, monolithic documents that are hard to maintain of, e.g., adapt to an instantiation with another hash function, say SHA-256). >> >> Rene >> >> >>> On 2022-02-15 12:42 a.m., RFC Errata System wrote: >>> The following errata report has been held for document update >>> for RFC8032, "Edwards-Curve Digital Signature Algorithm (EdDSA)". >>> >>> -------------------------------------- >>> You may review the report below and at: >>> https://www.rfc-editor.org/errata/eid5759 >>> >>> -------------------------------------- >>> Status: Held for Document Update >>> Type: Technical >>> >>> Reported by: Franck Rondepierre <franck.rondepierre@gmail.com> >>> Date Reported: 2019-06-21 >>> Held by: Stanislav Smyshlyaev (IRSG) >>> >>> Section: 5.2. >>> >>> Original Text >>> ------------- >>> (p+1)/4 3 (p-3)/4 >>> x = (u/v) = u v (u^5 v^3) (mod p) >>> >>> Corrected Text >>> -------------- >>> (p+1)/4 (p-3)/4 >>> x = (u/v) = u (u v) (mod p) >>> >>> Notes >>> ----- >>> --VERIFIER NOTES-- >>> The original text was correct (verified by Nick Sullivan). >>> 01/28/2022: RFC Editor changed status to Reported per discussion with Stanislav V. Smyshlyaev. >>> 02/15/2022: The status is changed to "Held for Document Update" by Stanislav Smyshlyaev. The proposed formulas are correct as well (for the specific case of the EdDSA parameters) and provide a slight efficiency gain. >>> >>> -------------------------------------- >>> RFC8032 (draft-irtf-cfrg-eddsa-08) >>> -------------------------------------- >>> Title : Edwards-Curve Digital Signature Algorithm (EdDSA) >>> Publication Date : January 2017 >>> Author(s) : S. Josefsson, I. Liusvaara >>> Category : INFORMATIONAL >>> Source : Crypto Forum Research Group >>> Area : N/A >>> Stream : IRTF >>> Verifying Party : IRSG >>> >>> _______________________________________________ >>> CFRG mailing list >>> CFRG@irtf.org >>> https://www.irtf.org/mailman/listinfo/cfrg >> >> > > -- > email: rstruik.ext@gmail.com | Skype: rstruik > cell: +1 (647) 867-5658 | US: +1 (415) 287-3867 > > _______________________________________________ > CFRG mailing list > CFRG@irtf.org > https://www.irtf.org/mailman/listinfo/cfrg
- [CFRG] [Errata Held for Document Update] RFC8032 … RFC Errata System
- Re: [CFRG] [Errata Held for Document Update] RFC8… Rene Struik
- [CFRG] (I don't agree) Re: [Errata Held for Docum… Rene Struik
- Re: [CFRG] (I don't agree) Re: [Errata Held for D… Blumenthal, Uri - 0553 - MITLL