[CFRG] (I don't agree) Re: [Errata Held for Document Update] RFC8032 (5758)
Rene Struik <rstruik.ext@gmail.com> Tue, 15 February 2022 20:52 UTC
Return-Path: <rstruik.ext@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 97A943A043F; Tue, 15 Feb 2022 12:52:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ViY4XFBz5mS0; Tue, 15 Feb 2022 12:52:06 -0800 (PST)
Received: from mail-qt1-x82a.google.com (mail-qt1-x82a.google.com [IPv6:2607:f8b0:4864:20::82a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 894583A064B; Tue, 15 Feb 2022 12:52:06 -0800 (PST)
Received: by mail-qt1-x82a.google.com with SMTP id q20so43472qtw.8; Tue, 15 Feb 2022 12:52:06 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=message-id:date:mime-version:user-agent:content-language:to:cc :references:from:subject:in-reply-to:content-transfer-encoding; bh=+v6NZI7Pr9wIR2hLjnkkCqyabg/e8m9hjoGAVQSE/is=; b=kfaQxRexJnCEYHPjVP33F8pKaeAZvw9lXKNLJvEk3GXjo+AND7KyTc9FN20Sb10TIy rxeK2L/fLonWVahZ9CH4RAYBgnNAPPeNYJbO8W/navWMHw0EgZL2NaK5eOtnan4AmkFY ZjGFj9UmqSyA9IlD2yJJCfzi/Hu76hH+qebuojgU5kR4gIieaQV1I0HVHj2p9NHNa4lQ 3yCouzVghMt9L2whLIaLDJTg9KDHp2LVb/ZLaYlTLWihn74tONZX++fwwvePjXbWku68 uZ36JblAox3C2H5uRb9ngtZ2SjFnMUK9UgUxh8zchXyYdk5xxhMRI2lHhvHd1Rjayhxc ylHQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:message-id:date:mime-version:user-agent :content-language:to:cc:references:from:subject:in-reply-to :content-transfer-encoding; bh=+v6NZI7Pr9wIR2hLjnkkCqyabg/e8m9hjoGAVQSE/is=; b=ZmVYqrUz1gDs9mBCCcf/tawHctdpUOd5agmE4lGHGZOCxtq/KLcE6Cs38/Wbq8Qhso mtmAMnIWStOVU9p9P/EwL3M5N+vJEBnl8oM35tgXmXqPvf8BQdAMuxyR3HSbFhfrqYW1 BoKsfCNbdlsW7vCHPpiri0yU9b1nSoaD6/zkFvzuCdFQkvIMFeoAgmXVMEwGeEKiIuoj vR6fe/tf2ZdI3A4C5zIcUmZE494Q5QwYY0XTkMmjXVhQx0z16PUPK5gD4SVg07cGxvfZ j139/lD60r6A1uJz1hTioarfZLxLXXbYGHG4Mn5IcFPl97wNNN6cW0FjbNCYhdpZDlPN WglQ==
X-Gm-Message-State: AOAM5301/VzDCfKs82Ra26JuHvZkEFeQaM6MvIefMiBPhAgd17rDVX0y 1v9+Q+NFOcVpOSUF/FBHlzM=
X-Google-Smtp-Source: ABdhPJxp4LjuKoYm+6cGP02rQ0FAZuIMkx+F/Yp4MAkup3LYxVBjnNNZekVMFCK3pOxzjD/hhjmksA==
X-Received: by 2002:ac8:5fce:: with SMTP id k14mr735119qta.235.1644958324307; Tue, 15 Feb 2022 12:52:04 -0800 (PST)
Received: from ?IPV6:2607:fea8:8a0:1397:b920:3bac:c83:f4e3? ([2607:fea8:8a0:1397:b920:3bac:c83:f4e3]) by smtp.gmail.com with ESMTPSA id v17sm19849179qtx.97.2022.02.15.12.52.03 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 15 Feb 2022 12:52:03 -0800 (PST)
Message-ID: <b0bf3b9e-60f4-9b48-0a92-2aa8ef20999a@gmail.com>
Date: Tue, 15 Feb 2022 15:52:02 -0500
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.6.0
Content-Language: en-US
To: RFC Errata System <rfc-editor@rfc-editor.org>, franck.rondepierre@gmail.com, simon@josefsson.org, ilariliusvaara@welho.com
Cc: cfrg@irtf.org, irsg@irtf.org
References: <20220215054201.0427C4C1D0@rfc-editor.org>
From: Rene Struik <rstruik.ext@gmail.com>
In-Reply-To: <20220215054201.0427C4C1D0@rfc-editor.org>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/zG3c00gqEcAKj8v1LwEXRCtImw4>
Subject: [CFRG] (I don't agree) Re: [Errata Held for Document Update] RFC8032 (5758)
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Feb 2022 20:52:12 -0000
Hi Stanislav: I do not agree: work products of CFRG should try and avoid the tendency to try and be the ultimate implementation guidance as well (which we should have learned by now). For CFRG to produce technically sound, well-written documents is hard enough. For it to also be a know-all on how to securely or efficiently implement things is a recipe for trouble (although it should of course not specify things that cannot reasonably be implemented securely). In this case, while the formulae in RFC 8032 are clumsy, these are correct, and the relative merit of changing these (~1% efficiency gain) is insufficient to warrant time and effort (including effort to find knowledgeable people to review this, explain this to be people who were not in the room while changing this, etc.). As I wrote in my email of Jan 31, 2022, 3.47pm EST: In my mind, one of the lessons to be learned here is that it would be highly recommended to stop the recent practice of CFRG to produce drafts that are a curious mix of specification and implementation details (which makes of this academic paper generators in the SCA space and, moreover, monolithic documents that are hard to maintain of, e.g., adapt to an instantiation with another hash function, say SHA-256). Rene On 2022-02-15 12:42 a.m., RFC Errata System wrote: > The following errata report has been held for document update > for RFC8032, "Edwards-Curve Digital Signature Algorithm (EdDSA)". > > -------------------------------------- > You may review the report below and at: > https://www.rfc-editor.org/errata/eid5758 > > -------------------------------------- > Status: Held for Document Update > Type: Technical > > Reported by: Franck Rondepierre <franck.rondepierre@gmail.com> > Date Reported: 2019-06-21 > Held by: Stanislav Smyshlyaev (IRSG) > > Section: 5.1. > > Original Text > ------------- > (p+3)/8 3 (p-5)/8 > x = (u/v) = u v (u v^7) (mod p) > > Corrected Text > -------------- > (p+3)/8 (p-5)/8 > x = (u/v) = u (u v) (mod p) > > Notes > ----- > --VERIFIER NOTES-- > The original text was correct (verified by Nick Sullivan). > 01/28/2022: RFC Editor changed status to Reported per discussion with Stanislav V. Smyshlyaev. > 02/15/2022: The status is changed to "Held for Document Update" by Stanislav Smyshlyaev. The proposed formulas are correct as well (for the specific case of the EdDSA parameters) and provide a slight efficiency gain. > > -------------------------------------- > RFC8032 (draft-irtf-cfrg-eddsa-08) > -------------------------------------- > Title : Edwards-Curve Digital Signature Algorithm (EdDSA) > Publication Date : January 2017 > Author(s) : S. Josefsson, I. Liusvaara > Category : INFORMATIONAL > Source : Crypto Forum Research Group > Area : N/A > Stream : IRTF > Verifying Party : IRSG > > _______________________________________________ > CFRG mailing list > CFRG@irtf.org > https://www.irtf.org/mailman/listinfo/cfrg -- email: rstruik.ext@gmail.com | Skype: rstruik cell: +1 (647) 867-5658 | US: +1 (415) 287-3867
- [CFRG] [Errata Held for Document Update] RFC8032 … RFC Errata System
- [CFRG] (I don't agree) Re: [Errata Held for Docum… Rene Struik
- Re: [CFRG] (I don't agree) Re: [Errata Held for D… Alexey Melnikov