[Cfrg] What is the standard we are going to apply?

Watson Ladd <watsonbladd@gmail.com> Mon, 23 December 2013 17:00 UTC

Return-Path: <watsonbladd@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 25E121AE1B3 for <cfrg@ietfa.amsl.com>; Mon, 23 Dec 2013 09:00:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.499
X-Spam-Level:
X-Spam-Status: No, score=0.499 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, J_CHICKENPOX_54=0.6, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yKhle8rk3s3W for <cfrg@ietfa.amsl.com>; Mon, 23 Dec 2013 09:00:54 -0800 (PST)
Received: from mail-wi0-x231.google.com (mail-wi0-x231.google.com [IPv6:2a00:1450:400c:c05::231]) by ietfa.amsl.com (Postfix) with ESMTP id C283D1ADF6E for <cfrg@irtf.org>; Mon, 23 Dec 2013 09:00:53 -0800 (PST)
Received: by mail-wi0-f177.google.com with SMTP id cc10so6429301wib.10 for <cfrg@irtf.org>; Mon, 23 Dec 2013 09:00:50 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=EHa2fI4fEKn08oi99tOEit7cjsIq9Kwldxw+D8PM+jE=; b=mVIrN+TUGuIkH5Oq3BwX6GlBTAz66j2PMvDSreL2WzSv1F7IVDKqqSbASFTVHafzJs 5p/QwHw6UQ6Xi4khGlYW58lVk+7DaByROo2/c2Wl/Ulgz98WvBWQOTPTvvLkl3sPvlz6 PYHI/5wanNeVeSb0VWbXdQgzbjb2ia0hm6UynWm6qAaEi3sZgyd+i1ZSd2jMQoviPnPU nZ6Qq0SockbaW7QqLJWI+AlCXLsrebQSxhkAHQhCguTQArYZtIV9XKp9SN3WI6ADmDa7 5iwyrWUSjSKT98oKrTCQaKvHjA+6Cqn8Fjf+sSqom4nemXo8/HkuhrzA39pCTLyGvVbA A8/g==
MIME-Version: 1.0
X-Received: by 10.180.13.242 with SMTP id k18mr19365945wic.44.1387818049872; Mon, 23 Dec 2013 09:00:49 -0800 (PST)
Received: by 10.194.242.131 with HTTP; Mon, 23 Dec 2013 09:00:49 -0800 (PST)
Date: Mon, 23 Dec 2013 09:00:49 -0800
Message-ID: <CACsn0ckyKisPzbVyQDkH-iR2rEwZvtojFpxx+sm=-Y3so7hFTg@mail.gmail.com>
From: Watson Ladd <watsonbladd@gmail.com>
To: "cfrg@irtf.org" <cfrg@irtf.org>
Content-Type: text/plain; charset=UTF-8
Subject: [Cfrg] What is the standard we are going to apply?
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 23 Dec 2013 17:00:55 -0000

This is a different but related issue to that of the removal of Kevin.
Simply put, when an IETF WG hands us a protocol to evaluate will we
a) demand a reduction in the ROM
b) demand a tight reduction in the ROM
c) demand a tight reduction in the standard model+some signatures
d) demand a reduction in the standard model+signatures
e) demand ProVerif verification
f) say "it looks good to us".

I vote for one of a-d, and e if applicable. f appears to be the
historic standard and
has resulted in a litany of failures, from TLS cipher combinations
that have side-channel
attacks and worse, to IPsec catastrophically failing in certain configurations.

Cryptography is subject to the twelve networking truths, and to a
rephrasing of one of them
"certain truths in cryptography are only apparent to mathematicians".
As a result I feel the
CFRG should take a more proactive stance on being "the crypto people"
at the IETF/IRTF, and should use this position to promote stronger
cryptography with better guarantees than what
has existed so far in the IETF.

After the work of Kenneth Patterson it is clear that those of us who
are cryptographers absolutely need to participate in the standards
process with an aim of ensuring that the most important cryptosystems
in the world are secure. Let's treat TLS like millions of dollars,
billions of confidential emails, and tons of confidential information
are entrusted to it daily, because
that is how it is used.

Sincerely,
Watson Ladd