[Cfrg] CFRG Crypto Panel review: draft-krovetz-rc6-rc5-vectors-00
Yaron Sheffer <yaronf.ietf@gmail.com> Sun, 24 March 2019 17:28 UTC
Return-Path: <yaronf.ietf@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 42A39120106 for <cfrg@ietfa.amsl.com>; Sun, 24 Mar 2019 10:28:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.276
X-Spam-Level:
X-Spam-Status: No, score=-1.276 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, MIME_HTML_ONLY=0.723, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id n_lHoDQm8w1D for <cfrg@ietfa.amsl.com>; Sun, 24 Mar 2019 10:28:25 -0700 (PDT)
Received: from mail-wm1-x335.google.com (mail-wm1-x335.google.com [IPv6:2a00:1450:4864:20::335]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 84CA71200D7 for <cfrg@irtf.org>; Sun, 24 Mar 2019 10:28:25 -0700 (PDT)
Received: by mail-wm1-x335.google.com with SMTP id v14so6673640wmf.2 for <cfrg@irtf.org>; Sun, 24 Mar 2019 10:28:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=to:from:subject:message-id:date:user-agent:mime-version :content-language:content-transfer-encoding; bh=2Tm13QIYFG7TsSGb0SjbCC+QTh/FI/Q+fEDayXnpTiA=; b=T0iztPrLo7w+Ojv5rk584b81xwvrpPfollXkF0ZWQIaMwQYCx+yrmGey0szm09Dvz3 uVWZCPBCJqZakXJi2naXGVCmNdSR/f+j9gULslKD0sYxMfA2D7+qd7P5oqVpAAk51gou j5fOZ/LjhRrf7q7IZ6RvJ5cxnEiFgTsdxyJH7e5T+rh3z5mT5vzNyJ8HqMd9rG9L1MMQ CZXzFxnCI1AEekcxvqAAwYsQTvOcbIajk6PrnI5Dg4lmY9VhSNPeusz6Xe+JgcRWC3YQ FsKFd8bh8IGbqaoJpPIVeRmTgfphFUgsPkXx5isRWMttY+saZTuEq1tGmc6Tq70R2KS5 4iqQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:to:from:subject:message-id:date:user-agent :mime-version:content-language:content-transfer-encoding; bh=2Tm13QIYFG7TsSGb0SjbCC+QTh/FI/Q+fEDayXnpTiA=; b=sJ2kfmHKdIEgj8VDHWSeEA8b/wwSHfkZdYoQsYwKj+1dd047vloA6dV2Izolv9+WoD dAjJFAEdJojCkhe7Y9YW49wtZ6p0J4kH7w5cNj5VdWAJ6Muffw1griZhWCNiQqihUcNn 52pymvjxfMiIgt+KkdLvqq/Weozixj7Y6Tbib9mgQu3Dy9ej3BEgVkxtM9q1H3duTrre Y05Zg3CxdEDc/AJitOoI8+m4AWMYikGKLfX5JTjodUhBWp71/kmUxo7aHhuFIb0bmmS8 hjxx/jbWXHUuiyDODhSsw9D3nOuYgf0nm7vAZIOyTWHKPvArei9xAn9eonOqGIX4LEbV EH4Q==
X-Gm-Message-State: APjAAAXDZI8IIxzDd9mqoJ9ut/3PPwYPTMcpkUJxRwsSBTqZ31qVSjfm aMaaT/CgHzgasf6uBexV+Zw=
X-Google-Smtp-Source: APXvYqyAYmLmMpN7VkN5gPCdhawhPxc9dYugZKU0MczVOQwNrCZNS3NQBg21xx97HpbYXcvrRgTX8A==
X-Received: by 2002:a1c:c102:: with SMTP id r2mr9198277wmf.113.1553448504063; Sun, 24 Mar 2019 10:28:24 -0700 (PDT)
Received: from [172.18.129.84] (bzq-202-11.red.bezeqint.net. [212.179.202.11]) by smtp.gmail.com with ESMTPSA id a130sm17182502wma.14.2019.03.24.10.28.22 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 24 Mar 2019 10:28:23 -0700 (PDT)
To: cfrg@irtf.org, Adrian Farrel <rfc-ise@rfc-editor.org>
From: Yaron Sheffer <yaronf.ietf@gmail.com>
Message-ID: <3a59c377-66c2-3411-eb69-962d6607e31d@gmail.com>
Date: Sun, 24 Mar 2019 19:28:21 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.5.1
MIME-Version: 1.0
Content-Type: text/html; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/wGxMVuo10GzhNW1rcpjNZiDmvCM>
Subject: [Cfrg] CFRG Crypto Panel review: draft-krovetz-rc6-rc5-vectors-00
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sun, 24 Mar 2019 17:28:27 -0000
1) this is a good idea and should be taken by CFRG
2) this is a good idea and should be published in the Independent Stream
3) this is a good idea, but needs some fixes
4) this is not a good idea and should not be published.
I would pick #4, this is not a good idea. Formally, the document lists test vectors for algorithms that are not properly standardized. Pragmatically, I see no industry demand or need for these two algorithms to be standardized today.
Details:
- RC5 is not used by any Internet protocols, to the best of my knowledge, although it is specified for a few, e.g. ESP. It is defined by the old RFC 2040 (published back in 1996, when we still used to have 40-bit "export" keys, and cited by very few documents since).
- RFC 2040 actually does have test vectors.
- For some reason RFC 2040 is cited as an informative, not a normative reference for RC5.
- The I-D does not cite any standard as the authoritative reference for RC6 (a patent does not count, and Google does not find the cited normative reference). This seems to me a prerequisite before we can publish test vectors. The document refers to the algorithms' "specifications" and I fail to understand what this means, in the case of RC6. Wikipedia has a link to a paper on Ron Rivest's web page as their best authority. Academic papers on cryptographic protocols are not anywhere near a formal standard, as far as supporting implementors.
- The document makes security recommendations on how the algorithms should be used, by including recommended parameter sets. This is very good, but belongs in a normative specification of the algorithm rather than a document that lists test vectors.
- The first RC6 test vector uses a 32-bit key, and the second a 64-bit key. Both of which are not acceptable nowadays. Similarly for RC5.
- Another test vector is missing the key, which I assume is a typo.
- [Cfrg] CFRG Crypto Panel review: draft-krovetz-rc… Yaron Sheffer
- Re: [Cfrg] CFRG Crypto Panel review: draft-krovet… RFC ISE (Adrian Farrel)