Re: [Crypto-panel] Request for review: draft-ribose-openpgp-oscca-01

Ronald Tse <tse@ribose.com> Wed, 29 November 2017 18:24 UTC

Return-Path: <tse@ribose.com>
X-Original-To: crypto-panel@ietfa.amsl.com
Delivered-To: crypto-panel@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B92D212896F for <crypto-panel@ietfa.amsl.com>; Wed, 29 Nov 2017 10:24:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.92
X-Spam-Level:
X-Spam-Status: No, score=-1.92 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ribose.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QPO_68KxAo3R for <crypto-panel@ietfa.amsl.com>; Wed, 29 Nov 2017 10:24:36 -0800 (PST)
Received: from APC01-PU1-obe.outbound.protection.outlook.com (mail-pu1apc01on0055.outbound.protection.outlook.com [104.47.126.55]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 01754128961 for <crypto-panel@irtf.org>; Wed, 29 Nov 2017 10:24:35 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ribose.onmicrosoft.com; s=selector1-ribose-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=Ypx0rvJi6pSdOQqAf/zDwg23KIBHN601Y0wPfxwjdus=; b=qmWId0TsUwxn+luZOJgvyp45luO9u3M+4Zmy9pzGfhir7tbFyHETSECzzfTr1atcw0zWvKucEp7L6b88n55yaPsT1+yzc9FOASHg0bvt9mdDTNWfibsAHVj7fxSoChOiUrmPgE1QWT5MgKZKqhCiNE6jh0IQ5Bu2hvweVUzoJUQ=
Received: from PS1PR01MB1050.apcprd01.prod.exchangelabs.com (10.165.210.30) by PS1PR01MB1051.apcprd01.prod.exchangelabs.com (10.165.211.141) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.282.5; Wed, 29 Nov 2017 18:24:30 +0000
Received: from PS1PR01MB1050.apcprd01.prod.exchangelabs.com ([fe80::7990:d65:5722:9b79]) by PS1PR01MB1050.apcprd01.prod.exchangelabs.com ([fe80::7990:d65:5722:9b79%13]) with mapi id 15.20.0282.006; Wed, 29 Nov 2017 18:24:30 +0000
From: Ronald Tse <tse@ribose.com>
To: "Stanislav V. Smyshlyaev" <smyshsv@gmail.com>
CC: Alexey Melnikov <alexey.melnikov@isode.com>, "crypto-panel@irtf.org" <crypto-panel@irtf.org>, Nancy Cam-Winget <ncamwing@cisco.com>, "draft-ribose-openpgp-oscca.authors@ietf.org" <draft-ribose-openpgp-oscca.authors@ietf.org>, Tim Polk <tim.polk@nist.gov>
Thread-Topic: [Crypto-panel] Request for review: draft-ribose-openpgp-oscca-01
Thread-Index: AQHTaFGk9+I6QWZrjkm2FNPI8aRJY6Mp6JeAgAAHKYCAAAW+AIAABcIAgAFepwCAAFQLAA==
Date: Wed, 29 Nov 2017 18:24:30 +0000
Message-ID: <23B65052-E3DC-4553-B729-BE1CE0899C62@ribose.com>
References: <56db317a-07ad-0ad4-b1d1-31f12283115e@isode.com> <CAMr0u6nk5xo18Y93uWXKvXsbKX8o7pVx-MWrumvQnkYERPgbpw@mail.gmail.com> <E6993497-43A6-4CB2-866E-D5AF55E1D168@ribose.com> <CAMr0u6kk4HDKUKJqt3WPjO3jX+B4BoiidTQvdr7k7TLDqcG0-A@mail.gmail.com> <087A0995-B344-4CBE-B300-D2431F1E5552@ribose.com> <CAMr0u6kCzMeZgLALSoWxggMH6A=ou9U05umFLHGvT6MLdeSwng@mail.gmail.com>
In-Reply-To: <CAMr0u6kCzMeZgLALSoWxggMH6A=ou9U05umFLHGvT6MLdeSwng@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=tse@ribose.com;
x-originating-ip: [220.246.174.191]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; PS1PR01MB1051; 6:LcetK3d2GVpy4wzjLVXaIz3YYBKasdHx3Dnvx1LCId620nDwyjHjkWyw3A1o8AK9zLGnvb5oBXNq2vAzhEBoLXpRNvKGMUWaBwVcCVHAgzO/Ag/1nWmt8nQVFost7TG3fSJOsfxck6FSPpj5IMEj+2K+bN5ivYIHjUFE2K8OPngsHxFX0u/zJwQfBbnCwPgqVq6KtbdE1s0RAAxQbI1hlrWSJBx6TKT9PSIu0oPLkBnoXpBCsFkJA5u1nS4T01VrodboKw3yqoOZOSYyBxiO28g52N2SFTDTvRaUyBWmokh1hrexD0rqWNY3XhGm/TpIgHioZocriw3Q903T4lVLMA22QEt1UDlYu5fUcv7UoVE=; 5:nLWtJ2H3/rQ9/FzuMxI777VQF5xqcIZCApRvFVCmlY+11v+9Uytsrn50p0SENRddqzhIv7u+YbCrjM4cyHiR99QZK3HTUsgP8rOvGCChl7IuzVYDGiW2kytuFx4tZkBEHsqJ1JOnauCPtSR2fQl1o7/3CxUz6iXHn8xF6UIFcxY=; 24:yne1SBlX2gWbb5ELs1MNipMkYRGr4t5DqVDMwEf/rBbMkRZANeBApi2HBVSaKyec81JG4mz8KkXBxedrW8+spVmxO7KuVIiJ/skX02szmJU=; 7:oJ5RjM3lQg7RnU9LVuni8zxQ89+cxuv7xeQveBE73XMS9ZVo4hB337aJk4ctCRv/CGPq2dzShy6JfTdcrpjngyg2W0xE8GmxO5oyjbY0Y24UAl8O+l2q3U5s8/I0Ba29WHu/BR3TbcGp5arlfaz9VRT55fQaa0cFXsezVaEFcdUwIvYAybnjVTLnAzEtau5s0nzJ7akWP1iH7kEWvVLxFKLcuFmM9qlmW7NaY2blXeUkgnMwbukVgm1aCZR+JsGk
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-correlation-id: 3871337a-2b27-44aa-e7a6-08d537566e96
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(4534020)(4602075)(4603075)(4627115)(201702281549075)(5600026)(4604075)(2017052603274)(49563074); SRVR:PS1PR01MB1051;
x-ms-traffictypediagnostic: PS1PR01MB1051:
x-microsoft-antispam-prvs: <PS1PR01MB10511CC3640B01A202C46448D73B0@PS1PR01MB1051.apcprd01.prod.exchangelabs.com>
x-exchange-antispam-report-test: UriScan:(120809045254105)(192374486261705);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(102415395)(6040450)(2401047)(8121501046)(5005006)(93006095)(93001095)(3002001)(10201501046)(3231022)(6041248)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(2016111802025)(20161123558100)(20161123560025)(20161123555025)(20161123562025)(20161123564025)(6072148)(6043046)(201708071742011); SRVR:PS1PR01MB1051; BCL:0; PCL:0; RULEID:(100000803101)(100110400095); SRVR:PS1PR01MB1051;
x-forefront-prvs: 05066DEDBB
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(346002)(39830400002)(376002)(366004)(199003)(189002)(377424004)(24454002)(45984002)(129404003)(82746002)(2906002)(7736002)(8656006)(6436002)(4326008)(606006)(3846002)(8676002)(3280700002)(230783001)(101416001)(3660700001)(4001150100001)(36756003)(6116002)(86362001)(1411001)(6486002)(83716003)(54906003)(6506006)(81166006)(102836003)(81156014)(99286004)(5250100002)(316002)(345774005)(105586002)(106356001)(33656002)(53546010)(93886005)(2900100001)(6246003)(68736007)(5660300001)(97736004)(99936001)(478600001)(6916009)(236005)(53936002)(2950100002)(189998001)(966005)(25786009)(39060400002)(14454004)(229853002)(8936002)(6306002)(54896002)(6512007)(66066001); DIR:OUT; SFP:1101; SCL:1; SRVR:PS1PR01MB1051; H:PS1PR01MB1050.apcprd01.prod.exchangelabs.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
received-spf: None (protection.outlook.com: ribose.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: pvf7rIhkzFwj/rJqYBmgl0crcVio8mzyuqD1r1IKXL3PZwBPi4VIpBHb1nRzwK1V8DijQ96glShnCdGKlMaUqg==
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/signed; boundary="Apple-Mail=_4083E44F-562F-4538-89E7-24B6CE458600"; protocol="application/pgp-signature"; micalg=pgp-sha256
MIME-Version: 1.0
X-OriginatorOrg: ribose.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 3871337a-2b27-44aa-e7a6-08d537566e96
X-MS-Exchange-CrossTenant-originalarrivaltime: 29 Nov 2017 18:24:30.2547 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: d98a04ff-ef98-489b-b33c-13c23a2e091a
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PS1PR01MB1051
Archived-At: <https://mailarchive.ietf.org/arch/msg/crypto-panel/2ncrUMoxFv1zYf4UzWQv4j8iF1I>
Subject: Re: [Crypto-panel] Request for review: draft-ribose-openpgp-oscca-01
X-BeenThere: crypto-panel@irtf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: <crypto-panel.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/crypto-panel>, <mailto:crypto-panel-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/crypto-panel/>
List-Post: <mailto:crypto-panel@irtf.org>
List-Help: <mailto:crypto-panel-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/crypto-panel>, <mailto:crypto-panel-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Nov 2017 18:24:40 -0000

Hi Stanislav,

Fully understand. Thank you again for your help!

Ron

_____________________________________

Ronald Tse
Ribose Inc.

+=========================================================+
This message may contain confidential and/or privileged
information.  If you are not the addressee or authorized to
receive this for the addressee, you must not use, copy,
disclose or take any action based on this message or any
information herein.  If you have received this message in
error, please advise the sender immediately by reply e-mail
and delete this message.  Thank you for your cooperation.
+=========================================================+

> On Nov 29, 2017, at 9:23 PM, Stanislav V. Smyshlyaev <smyshsv@gmail.com> wrote:
> 
> Dear Ronald,
> 
> Thank you very much for the links!
> The review is conducted by Crypto Review Panel, thus the analysis is being done more from the cryptographic perspective, and the current state of the analysis of the proposed mechanisms is taken into account.
> 
> Best regards,
> Stanislav
> 
> 
> 2017-11-28 19:28 GMT+03:00 Ronald Tse <tse@ribose.com <mailto:tse@ribose.com>>:
> Dear Stanislav,
> 
> You are absolutely right. Here are the IETF drafts of SM2, SM3 and SM4 (they are referred to within this draft, too):
> 
> SM2: https://tools.ietf.org/html/draft-shen-sm2-ecdsa-02 <https://tools.ietf.org/html/draft-shen-sm2-ecdsa-02>
> SM3: https://tools.ietf.org/html/draft-oscca-cfrg-sm3-02 <https://tools.ietf.org/html/draft-oscca-cfrg-sm3-02>
> SM4: https://tools.ietf.org/html/draft-ribose-cfrg-sm4-05 <https://tools.ietf.org/html/draft-ribose-cfrg-sm4-05>
> 
> The SM3 and SM4 drafts contain both a design rationale and a cryptanalysis section. Specifically, the cryptanalysis section contain bibliography references with links to research publications of the latest cryptanalysis results (English + Chinese). Most of these results are freely available in English (Google Scholar).
> 
> As a matter of fact, we are currently updating the SM2 draft to provide the same level of detail as the other two.
> 
> I’d just like to clarify that the current review is purely on the OpenPGP side of things. That said, we have previously requested a CFRG review of the SM4 draft too, so if you have some time to review that draft, it would be even more awesome :-)
> 
> Hope this helps!
> 
> Kind regards,
> Ron
> 
> _____________________________________
> 
> Ronald Tse
> Ribose Inc.
> 
>> On Nov 29, 2017, at 12:08 AM, Stanislav V. Smyshlyaev <smyshsv@gmail.com <mailto:smyshsv@gmail.com>> wrote:
>> 
>> Dear Ronald,
>> 
>> Since the document is dedicated to the algorithms and elliptic curve parameters, it would be very helpful if you could point at papers with their analysis in English, if some of them are not publicly available (or could not be easily found via public resources). Also, it will be extremely important if you could provide some materials with design rationale of the algorithms and parameters presented in the I-D.
>> 
>> Of course, full cryptanalysis from a scratch is impossible to be made as a part of review, so all known results/attacks/notes on design rationale/results of evaluation of curve parameters will be very important for making the review(s) as objective as possible.
>> 
>> Best regards,
>> Stanislav Smyshlyaev, Ph.D.
>> Head of Information Security Department,
>> CryptoPro LLC
>> 
>> 
>> 
>> 2017-11-28 18:47 GMT+03:00 Ronald Tse <tse@ribose.com <mailto:tse@ribose.com>>:
>> Dear Stanislav,
>> 
>> Thank you very much for performing the review. Look forward to it!
>> 
>> Kind regards,
>> Ron
>> 
>> _____________________________________
>> 
>> Ronald Tse
>> Ribose Inc.
>> 
>>> On Nov 28, 2017, at 11:21 PM, Stanislav V. Smyshlyaev <smyshsv@gmail.com <mailto:smyshsv@gmail.com>> wrote:
>>> 
>>> Dear Alexey,
>>> 
>>> I'll be happy to do this.
>>> 
>>> Will it be OK, if I provide a review by the 20th of December?
>>> 
>>> Best regards,
>>> 
>>> Stanislav
>>> 
>>> 
>>> 
>>> 2017-11-28 17:02 GMT+03:00 Alexey Melnikov <alexey.melnikov@isode.com <mailto:alexey.melnikov@isode.com>>:
>>> Dear Crypto Panel,
>>> 
>>> SAAG’s SECDISPATCH chairs have requested review of
>>> <https://datatracker.ietf.org/doc/draft-ribose-openpgp-oscca/ <https://datatracker.ietf.org/doc/draft-ribose-openpgp-oscca/>>
>>> before the document fate will be decided (it is likely to end up in the CURDLE WG).
>>> 
>>> Can we have some volunteer(s) please?
>>> 
>>> The draft Abstract is:
>>> 
>>>    This document enables OpenPGP (RFC4880) usage in an compliant manner
>>>    with OSCCA (Office of State Commercial Cipher Administration)
>>>    regulations for use within China.
>>> 
>>>    Specifically, it extends OpenPGP to support the usage of SM2, SM3 and
>>>    SM4 algorithms, and provides the OSCCA-compliant OpenPGP profile
>>>    "OSCCA-SM234".
>>> 
>>> 
>>> Thank you,
>>> Alexey
>>> 
>>> _______________________________________________
>>> Crypto-panel mailing list
>>> Crypto-panel@irtf.org <mailto:Crypto-panel@irtf.org>
>>> https://www.irtf.org/mailman/listinfo/crypto-panel <https://www.irtf.org/mailman/listinfo/crypto-panel>
>>> 
>> 
>> 
> 
>