Re: [Crypto-panel] Request for review: draft-irtf-cfrg-randomness-improvements
Russ Housley <housley@vigilsec.com> Sun, 15 March 2020 21:20 UTC
Return-Path: <housley@vigilsec.com>
X-Original-To: crypto-panel@ietfa.amsl.com
Delivered-To: crypto-panel@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B46683A1C7A for <crypto-panel@ietfa.amsl.com>; Sun, 15 Mar 2020 14:20:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qkcQtm6hTedV for <crypto-panel@ietfa.amsl.com>; Sun, 15 Mar 2020 14:20:14 -0700 (PDT)
Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2C7583A1C79 for <crypto-panel@irtf.org>; Sun, 15 Mar 2020 14:20:14 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id 89DAF300B27 for <crypto-panel@irtf.org>; Sun, 15 Mar 2020 17:20:11 -0400 (EDT)
X-Virus-Scanned: amavisd-new at mail.smeinc.net
Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id Wo2eLK_EMOgW for <crypto-panel@irtf.org>; Sun, 15 Mar 2020 17:20:10 -0400 (EDT)
Received: from a860b60074bd.fios-router.home (pool-72-66-113-56.washdc.fios.verizon.net [72.66.113.56]) by mail.smeinc.net (Postfix) with ESMTPSA id 43DE1300A20 for <crypto-panel@irtf.org>; Sun, 15 Mar 2020 17:20:10 -0400 (EDT)
From: Russ Housley <housley@vigilsec.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
Date: Sun, 15 Mar 2020 17:20:11 -0400
References: <8290ee48-83f6-863c-c163-868251ea220b@isode.com> <8F8F5EC1-1F03-4FA0-82BB-780CF91B59B4@gmail.com> <MN2PR11MB393645204695482526854809C1E30@MN2PR11MB3936.namprd11.prod.outlook.com> <MN2PR11MB39363F0E8F6FA26950EBB926C1FE0@MN2PR11MB3936.namprd11.prod.outlook.com> <F4DC2B76-1590-4705-8C64-4762A77659E1@callas.org>
To: "crypto-panel@irtf.org" <crypto-panel@irtf.org>
In-Reply-To: <F4DC2B76-1590-4705-8C64-4762A77659E1@callas.org>
Message-Id: <346D9EEE-FD9D-4240-BCDE-DD06BC2ED24D@vigilsec.com>
X-Mailer: Apple Mail (2.3445.104.11)
Archived-At: <https://mailarchive.ietf.org/arch/msg/crypto-panel/0vv0c04zZ2R2CSEuq6stCVUlLTw>
Subject: Re: [Crypto-panel] Request for review: draft-irtf-cfrg-randomness-improvements
X-BeenThere: crypto-panel@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <crypto-panel.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/crypto-panel>, <mailto:crypto-panel-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/crypto-panel/>
List-Post: <mailto:crypto-panel@irtf.org>
List-Help: <mailto:crypto-panel-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/crypto-panel>, <mailto:crypto-panel-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sun, 15 Mar 2020 21:20:16 -0000
Document: draft-irtf-cfrg-randomness-improvements-10 Reviewer: Russ Housley Review Date: 2020-03-15 The CFRG Chairs asked the Crypto Panel to review this document. I am providing one review. There may be others. Summary: A technique for improving the security of a random number generator is provided. Nice work, but some improvements in the document are desirable before publication as an Informational RFC. Major Concerns: Section 3 requires that "Sig MUST be a deterministic signature function". This is inconsistent with the third paragraph in Section 9. I think that any "good" signature algorithm with a "properly" generate private key should work out fine. So, please remove the requirement for a deterministic signature function. Section 4 says: "See Section 5 for example protocol information that can be used in the context of TLS 1.3." I did not find that in Section 5 or anywhere else. Section 9: Please inclue the rationale for this requirement that L >= n - L' for each value of tag2. Minor Concerns: Abstract: I think it is too long. I think the examples of broken random sources can be moved to the Introduction. Abstract and Intoduction: Why call out TLS? TLS, IPsec, S/MIME, PGP, and every other security protocol relies upon random numbers. Section 4: A real-time clock should be listed as a possible source for a portion of the tag2 value. Nits: I do not think the assignment of "Adv" to the adversary helps explain the goals. I think plain English is fine here. I suggest: Section 1: s/An adversary Adv with /An adversary with / Section 1: s/by adversary Adv,/by an adversary,/ Section 1: s/unknown to Adv./unknown to the adversary./ Suggestion: Appendix A of [SecAnalysis] required an implementation of the algorithm, with reasonable choices for all of the parameters. I think it would be useful to put that pseudo-code in an Appendix of this document along with a test vector.
- [Crypto-panel] Request for review: draft-irtf-cfr… Alexey Melnikov
- Re: [Crypto-panel] Request for review: draft-irtf… Russ Housley
- Re: [Crypto-panel] Request for review: draft-irtf… Karthikeyan Bhargavan
- Re: [Crypto-panel] Request for review: draft-irtf… Scott Fluhrer (sfluhrer)
- Re: [Crypto-panel] Request for review: draft-irtf… Scott Fluhrer (sfluhrer)
- Re: [Crypto-panel] Request for review: draft-irtf… Jon Callas
- Re: [Crypto-panel] Request for review: draft-irtf… Russ Housley