[Crypto-panel] Re: Request for review: Usage Limits on AEAD Algorithms

"Stanislav V. Smyshlyaev" <smyshsv@gmail.com> Mon, 05 August 2024 06:06 UTC

Return-Path: <smyshsv@gmail.com>
X-Original-To: crypto-panel@ietfa.amsl.com
Delivered-To: crypto-panel@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AD95FC151088 for <crypto-panel@ietfa.amsl.com>; Sun, 4 Aug 2024 23:06:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.103
X-Spam-Level:
X-Spam-Status: No, score=-2.103 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yzBdjKOCh_Vm for <crypto-panel@ietfa.amsl.com>; Sun, 4 Aug 2024 23:06:55 -0700 (PDT)
Received: from mail-yb1-xb35.google.com (mail-yb1-xb35.google.com [IPv6:2607:f8b0:4864:20::b35]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CFE8AC15108C for <crypto-panel@irtf.org>; Sun, 4 Aug 2024 23:06:55 -0700 (PDT)
Received: by mail-yb1-xb35.google.com with SMTP id 3f1490d57ef6-e0bfa541c05so1342972276.0 for <crypto-panel@irtf.org>; Sun, 04 Aug 2024 23:06:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1722838015; x=1723442815; darn=irtf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=X3taDzLjb2CSgQ98zjNZ2EtqHsmyJgcRPB1lJntEFB8=; b=VJv+J/uDHAF5FuTnifBl9cNon3pdDPn0oVSLqD0lP7iAlkGCeFkQ1oSQ7bLPeX5y7c rkptPXVIiYtZSncP0I45UMbUVbzfbqfNKd+AAYLEWwkyDyWPFw/+stSClFsRNgLBdZxa PXCnTpHAr230I52ZJNUw/KV9o5PLkfkwinPN2Ig2JveSqAHgrmEDqkJsoihJoRPgE7ZM xiE9OyL8W8tZBTD8G/BtaTNaQ1tD/P6llNlqauHAxDqf+CNbJe3sR2LqBKbxC4henGUY ztzX+DAuqbav6PbjCQhCEfacWMO3cY0/I94g8Pt8ZLJXhDaZoPy+bhUA23FCNLnNowfs TKBQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1722838015; x=1723442815; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=X3taDzLjb2CSgQ98zjNZ2EtqHsmyJgcRPB1lJntEFB8=; b=ddsxE2BaCUWHJNpmZqkyFntLgYwiKc7uyDpzNPyZqbL+tQwO7d+MuzRLjQskSvdGol DP3nfneyJ30y1Ut8+3tK5MP2mK0VVEQ9Eoq7WjzIltO4k/s8Vc7V8dEYbpVS6xPJp900 6A9RhyNV4rN2l7n9w7zu179sshz3eyAd/H4AwZjMCGwj7bHYafv8GXjiRP8nhV/DEY7D ieFlpAyA9pdZzBWfxS0JOh5XkZuZA4+dRxqmDTS2qwIfAdKQiOrCJI96oOtTE2SxJnSc 29p7IcGHXXn5wJCirvvB1Do6wIhOAh1cNTD4lSGIBE6atAaBXyiu8MbOqLSKKd342YFi sNpw==
X-Forwarded-Encrypted: i=1; AJvYcCXRmP1pe3B7UlqCtsDbOfnp362aAw+cL0TMImFZ2zdILqtgKDqW9GxLuVp8JwiJrCLZ3FRlm4usLDamG6KzstVxEhEEq2M=
X-Gm-Message-State: AOJu0YyienvA3PRklV5eBTQQftS9tW2uaPm3gaHv0Fq4CgXxSHMPK3jz 8cQDfdRowpjOvYTPI+oXm8Oym2nc0Pt4wjBKaySyh8fKPoItwcJHnbiA/6lv8rapO0VBb4i3cWT CDx5fbJhN5iUn8/HLr3CK/gvSkFo=
X-Google-Smtp-Source: AGHT+IHooVLPhSBo8TT6XclmaFNzYENBsoZXwsuokFQxD9pxpQ0N8a/nAswzGtHKAKQ319ilpAODqNE37qmZ7penj58=
X-Received: by 2002:a25:a189:0:b0:e0b:b2d6:f551 with SMTP id 3f1490d57ef6-e0bde4db54cmr10292761276.37.1722838014735; Sun, 04 Aug 2024 23:06:54 -0700 (PDT)
MIME-Version: 1.0
References: <CAMr0u6=n0b85hZ-a4Sm73dUru4U6bXHBbfgNOOgQE+T4WtBRyA@mail.gmail.com> <CO6PR06MB7441DB10F91F68F7D6253AE482C02@CO6PR06MB7441.namprd06.prod.outlook.com> <CAMr0u6kgjGeJWfBf6KdtpSsUcirH8xj1Ju176hCLWuja2Y9=HA@mail.gmail.com> <CH2PPFCDF62ED4C490EC37D17DCA1E60DC782B12@CH2PPFCDF62ED4C.namprd06.prod.outlook.com> <e8d471ec-cea4-4d11-b7db-ad2a8ee47d88@betaapp.fastmail.com> <66391df6-9c05-4f8f-9e69-5f66eab7ec85@betaapp.fastmail.com>
In-Reply-To: <66391df6-9c05-4f8f-9e69-5f66eab7ec85@betaapp.fastmail.com>
From: "Stanislav V. Smyshlyaev" <smyshsv@gmail.com>
Date: Mon, 05 Aug 2024 09:06:43 +0300
Message-ID: <CAMr0u6mK-1xdQ=U6_yLwF7=EOVvqMon5os_kP8HwdSLoP4W3=Q@mail.gmail.com>
To: Martin Thomson <mt@lowentropy.net>
Content-Type: multipart/alternative; boundary="000000000000dfbc58061ee97b05"
Message-ID-Hash: NXIGMPR4LZBMZAJKBDHNSKJSLV367QVQ
X-Message-ID-Hash: NXIGMPR4LZBMZAJKBDHNSKJSLV367QVQ
X-MailFrom: smyshsv@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-crypto-panel.irtf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Thomas Pornin <thomas.pornin@nccgroup.com>, "cfrg-chairs@ietf.org" <cfrg-chairs@ietf.org>, "crypto-panel@irtf.org" <crypto-panel@irtf.org>, "draft-irtf-cfrg-aead-limits@ietf.org" <draft-irtf-cfrg-aead-limits@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [Crypto-panel] Re: Request for review: Usage Limits on AEAD Algorithms
List-Id: Crypto Review Panel review coordination <crypto-panel.irtf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/crypto-panel/4pjGkqCMHOaRF0QqGmoaEDFSBZA>
List-Archive: <https://mailarchive.ietf.org/arch/browse/crypto-panel>
List-Help: <mailto:crypto-panel-request@irtf.org?subject=help>
List-Owner: <mailto:crypto-panel-owner@irtf.org>
List-Post: <mailto:crypto-panel@irtf.org>
List-Subscribe: <mailto:crypto-panel-join@irtf.org>
List-Unsubscribe: <mailto:crypto-panel-leave@irtf.org>

Hi Martin,

>> Stanislav, we can get you a fresh revision if you think this is ready to
push.
Yes, that would be great – the updates look good to me.
After you do that and we understand that the concerns are addressed in the
updated version, I'll be happy to start the RGLC immediately.

Thomas, could you please look at the updated version and confirm (or not)
that you are happy with the changes?

Regards,
Stanislav

On Mon, Aug 5, 2024 at 3:21 AM Martin Thomson <mt@lowentropy.net> wrote:

> Hey,
>
> Felix went through and addressed these comments.  They were, as I
> suspected, quite straightforward.
>
> Thanks again Thomas.
>
> Stanislav, we can get you a fresh revision if you think this is ready to
> push.  Let me know.  (I'll assume you want a revision unless I hear
> otherwise.)
>
> Cheers,
> Martin
>
> On Thu, Aug 1, 2024, at 11:55, Martin Thomson wrote:
> > Thanks for this.  Just from skimming through it seems like this is all
> > very useful feedback that should be fairly straightforward to address
> > on the whole.
> >
> > I've dumped this all on an issue, so we don't lose it, but we'll
> > probably come at it piecewise.
> >
> > https://github.com/cfrg/draft-irtf-cfrg-aead-limits/issues/67
> >
> > We'll post to the list (and cc you) if there are questions that come up.
> >
> > On Thu, Aug 1, 2024, at 00:26, Thomas Pornin wrote:
> >> Oops, looks like I had forgotten it. Sorry.
> >>
> >> Here is my review. Overall, the document is a nice endeavour; since the
> >> focus is on IETF protocols, it might be worth to give a few more
> >> applied examples? The tables in the document give number of 1500-byte
> >> messages (“a common Internet MTU”) which would conceptually apply to
> >> something like IPsec, though less so for e.g. SSH or TLS, which have
> >> larger “records”. I also have some misgivings on the advice in section
> >> 7 which amounts to, basically, ignoring in implementations the limits
> >> that the rest of the document takes pains to define; as a “security
> >> consideration”, it does not seem conductive of security.
> >>
> >> Thomas
> >>
> >> *From: *Stanislav V. Smyshlyaev <smyshsv@gmail.com>
> >> *Date: *Wednesday, June 12, 2024 at 12:07
> >> *To: *Thomas Pornin <thomas.pornin@nccgroup.com>
> >> *Cc: *cfrg-chairs@ietf.org <cfrg-chairs@ietf.org>,
> >> crypto-panel@irtf.org <crypto-panel@irtf.org>,
> >> draft-irtf-cfrg-aead-limits@ietf.org
> >> <draft-irtf-cfrg-aead-limits@ietf.org>
> >> *Subject: *Re: [Crypto-panel] Request for review: Usage Limits on AEAD
> >> Algorithms
> >> Thank you so much, Thomas!
> >>
> >> Regards,
> >> Stanislav
> >>
> >> On Wed, 12 Jun 2024 at 19:04, Thomas Pornin <thomas.pornin@nccgroup.com>
> wrote:
> >>> I can make a review (by mid-July, possibly much sooner).
> >>>
> >>> Thomas
> >>>
> >>> *From: *Stanislav V. Smyshlyaev <smyshsv@gmail.com>
> >>> *Date: *Tuesday, June 11, 2024 at 03:30
> >>> *To: *crypto-panel@irtf.org <crypto-panel@irtf.org>
> >>> *Cc: *cfrg-chairs@ietf.org <cfrg-chairs@ietf.org>,
> draft-irtf-cfrg-aead-limits@ietf.org <draft-irtf-cfrg-aead-limits@ietf.org
> >
> >>> *Subject: *[Crypto-panel] Request for review: Usage Limits on AEAD
> Algorithms
> >>> Dear Crypto Panel experts,
> >>>
> >>> The chairs would like to ask the Crypto Panel to provide a review for
> the current version (-08) of the "Usage Limits on AEAD Algorithms" draft,
> draft-irtf-cfrg-aead-limits-08  (
> https://www.ietf.org/archive/id/draft-irtf-cfrg-aead-limits-08.html)
> >>>
> >>> Volunteers?
> >>>
> >>> Stanislav (on behalf of the CFRG Chairs)
> >> Attachments:
> >> * review-draft-irtf-cfrg-aead-limits-08.txt
>