[Crypto-panel] Re: Request for review: Usage Limits on AEAD Algorithms

Martin Thomson <mt@lowentropy.net> Thu, 01 August 2024 01:55 UTC

Return-Path: <mt@lowentropy.net>
X-Original-To: crypto-panel@ietfa.amsl.com
Delivered-To: crypto-panel@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 164B8C14CE24 for <crypto-panel@ietfa.amsl.com>; Wed, 31 Jul 2024 18:55:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.808
X-Spam-Level:
X-Spam-Status: No, score=-2.808 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=lowentropy.net header.b="FFfxE1Dr"; dkim=pass (2048-bit key) header.d=messagingengine.com header.b="cgcd43IL"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HU6C_LVsT-Lq for <crypto-panel@ietfa.amsl.com>; Wed, 31 Jul 2024 18:55:46 -0700 (PDT)
Received: from fout8-smtp.messagingengine.com (fout8-smtp.messagingengine.com [103.168.172.151]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6F525C151545 for <crypto-panel@irtf.org>; Wed, 31 Jul 2024 18:55:46 -0700 (PDT)
Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailfout.nyi.internal (Postfix) with ESMTP id 3A1011382A75; Wed, 31 Jul 2024 21:55:45 -0400 (EDT)
Received: from imap41 ([10.202.2.91]) by compute5.internal (MEProxy); Wed, 31 Jul 2024 21:55:45 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lowentropy.net; h=cc:cc:content-transfer-encoding:content-type:content-type :date:date:from:from:in-reply-to:in-reply-to:message-id :mime-version:references:reply-to:subject:subject:to:to; s=fm1; t=1722477345; x=1722563745; bh=xbDR82sFW30xyLxg6px5OU0AQvEnKk2T obWwm4Mf7uo=; b=FFfxE1DrVlPxwhrMcyiObD+WyotDmNIIEGe/2oIzBIVCKDIY MgII4ER0l0M3Lgykq0PoTyD7qhgAa5dqZyWeyuK86O3y4AM2uu5/UvkxDPfgXs/8 0DEURpAgglCX7eUBQuqxyXvBj89elbt5VOUW34/0oZfeENYXCggfO5qx75gXXWF2 fGXorDWTEnJ5Oar6dOuWgEA4l71nKiJuV3HDFQN7hXVBMyizR3wAg8BYGB2LcM4h BCja7CDBJqs6Cz4xDUgKtTI3OkVcoggbxTY+sL7BMAWH44Zlfx9oEOCshK277MTY vrcUbwnsWGiXna4GEUPjLrBiiHHy23NlPBhE/A==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:content-type:date:date:feedback-id:feedback-id :from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm3; t=1722477345; x= 1722563745; bh=xbDR82sFW30xyLxg6px5OU0AQvEnKk2TobWwm4Mf7uo=; b=c gcd43ILmq77gym1tTiV0742H7kfEdoWUCEIAw6cS6gMH2ddtpnrh2j+kQqdyrRLc Jo9XFs3WYI5vWQ29wNXdY4Qsi3ozf15cauEBCcZAaLD0MwS/XEmFRynPGfBU8BQw GD/S/3SsEt24TBT8L+9K801Ld/btsNQv5hIIsHRMXpV9Ibnrzmu+9oissIPer184 ByCP0+NgmB9TRbk6ErO2g8Shee1WmHNU6Db3YfiRdFJhs7iMG3m6Bb9dah4YBrqR cMG1G3Yp0kZU/3Wg/zgqzrvdYOQtvp2C3893WgxCXagUCPs6IBEBCbvenoVYm11l 5/ZcmWqOV5BjIpwYx3mOg==
X-ME-Sender: <xms:IOuqZh2GluPEX_Yuvx6SG5A3F6YIAJy4cqfyiElkgEAR7nGSdWgw5A> <xme:IOuqZoFERzQF9lJvZeHBzUBUg0fRFvYs_nT2oSSHjbldn9Gj5At6bDT3e_Z9mqldk dQqcbi4wjD7Mu1H0W8>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeeftddrjeejgdehfecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenuc fjughrpefoggffhffvvefkjghfufgtgfesthhqredtredtjeenucfhrhhomhepfdforghr thhinhcuvfhhohhmshhonhdfuceomhhtsehlohifvghnthhrohhphidrnhgvtheqnecugg ftrfgrthhtvghrnhepkeffkeejjedvgeffteevfeetvedufefhhfdvvdefkedvvedtteek ueehffeffedvnecuffhomhgrihhnpehgihhthhhusgdrtghomhdpihgvthhfrdhorhhgne cuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomhepmhhtsehl ohifvghnthhrohhphidrnhgvthdpnhgspghrtghpthhtoheptd
X-ME-Proxy: <xmx:IOuqZh5pMEbhp2Nf0tdUqLUNL8mUUSGoIP_2FM_9C3xuTFNoUlRDOA> <xmx:IOuqZu0hmZEl-etm0itBugWDyRXJNftYTDQnaTbENXfWoX6swNgWsw> <xmx:IOuqZkEkbpsuPN4G0xKD_110DiSD2JH1aJCWD9Ur3Kpq5ARmGfEskg> <xmx:IOuqZv9xSm0eInmI3a-TKEG8bdUJcZUzsRpZwu9W5MLKuMm90JpfcQ> <xmx:IeuqZgjuPivISMEzsoKVRCWbiKoYzCzmLII5D1G1yIN7sdgOd4VXGYbG>
Feedback-ID: ic129442d:Fastmail
Received: by mailuser.nyi.internal (Postfix, from userid 501) id D33042340080; Wed, 31 Jul 2024 21:55:44 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
MIME-Version: 1.0
Date: Thu, 01 Aug 2024 11:55:24 +1000
From: Martin Thomson <mt@lowentropy.net>
To: Thomas Pornin <thomas.pornin@nccgroup.com>, "Stanislav V. Smyshlyaev" <smyshsv@gmail.com>
Message-Id: <e8d471ec-cea4-4d11-b7db-ad2a8ee47d88@betaapp.fastmail.com>
In-Reply-To: <CH2PPFCDF62ED4C490EC37D17DCA1E60DC782B12@CH2PPFCDF62ED4C.namprd06.prod.outlook.com>
References: <CAMr0u6=n0b85hZ-a4Sm73dUru4U6bXHBbfgNOOgQE+T4WtBRyA@mail.gmail.com> <CO6PR06MB7441DB10F91F68F7D6253AE482C02@CO6PR06MB7441.namprd06.prod.outlook.com> <CAMr0u6kgjGeJWfBf6KdtpSsUcirH8xj1Ju176hCLWuja2Y9=HA@mail.gmail.com> <CH2PPFCDF62ED4C490EC37D17DCA1E60DC782B12@CH2PPFCDF62ED4C.namprd06.prod.outlook.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Message-ID-Hash: NX4HZRLVRUYH2JCJY244ARJRLEESN2FI
X-Message-ID-Hash: NX4HZRLVRUYH2JCJY244ARJRLEESN2FI
X-MailFrom: mt@lowentropy.net
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-crypto-panel.irtf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "cfrg-chairs@ietf.org" <cfrg-chairs@ietf.org>, "crypto-panel@irtf.org" <crypto-panel@irtf.org>, "draft-irtf-cfrg-aead-limits@ietf.org" <draft-irtf-cfrg-aead-limits@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [Crypto-panel] Re: Request for review: Usage Limits on AEAD Algorithms
List-Id: Crypto Review Panel review coordination <crypto-panel.irtf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/crypto-panel/97ovF3mLCyIj_atFYPq3XElIflE>
List-Archive: <https://mailarchive.ietf.org/arch/browse/crypto-panel>
List-Help: <mailto:crypto-panel-request@irtf.org?subject=help>
List-Owner: <mailto:crypto-panel-owner@irtf.org>
List-Post: <mailto:crypto-panel@irtf.org>
List-Subscribe: <mailto:crypto-panel-join@irtf.org>
List-Unsubscribe: <mailto:crypto-panel-leave@irtf.org>

Thanks for this.  Just from skimming through it seems like this is all very useful feedback that should be fairly straightforward to address on the whole.

I've dumped this all on an issue, so we don't lose it, but we'll probably come at it piecewise.

https://github.com/cfrg/draft-irtf-cfrg-aead-limits/issues/67

We'll post to the list (and cc you) if there are questions that come up.

On Thu, Aug 1, 2024, at 00:26, Thomas Pornin wrote:
> Oops, looks like I had forgotten it. Sorry.
> 
> Here is my review. Overall, the document is a nice endeavour; since the 
> focus is on IETF protocols, it might be worth to give a few more 
> applied examples? The tables in the document give number of 1500-byte 
> messages (“a common Internet MTU”) which would conceptually apply to 
> something like IPsec, though less so for e.g. SSH or TLS, which have 
> larger “records”. I also have some misgivings on the advice in section 
> 7 which amounts to, basically, ignoring in implementations the limits 
> that the rest of the document takes pains to define; as a “security 
> consideration”, it does not seem conductive of security.
> 
> Thomas
> 
> *From: *Stanislav V. Smyshlyaev <smyshsv@gmail.com>
> *Date: *Wednesday, June 12, 2024 at 12:07
> *To: *Thomas Pornin <thomas.pornin@nccgroup.com>
> *Cc: *cfrg-chairs@ietf.org <cfrg-chairs@ietf.org>, 
> crypto-panel@irtf.org <crypto-panel@irtf.org>, 
> draft-irtf-cfrg-aead-limits@ietf.org 
> <draft-irtf-cfrg-aead-limits@ietf.org>
> *Subject: *Re: [Crypto-panel] Request for review: Usage Limits on AEAD 
> Algorithms
> Thank you so much, Thomas!
> 
> Regards,
> Stanislav
> 
> On Wed, 12 Jun 2024 at 19:04, Thomas Pornin <thomas.pornin@nccgroup.com> wrote:
>> I can make a review (by mid-July, possibly much sooner).
>>  
>> Thomas
>>  
>> *From: *Stanislav V. Smyshlyaev <smyshsv@gmail.com>
>> *Date: *Tuesday, June 11, 2024 at 03:30
>> *To: *crypto-panel@irtf.org <crypto-panel@irtf.org>
>> *Cc: *cfrg-chairs@ietf.org <cfrg-chairs@ietf.org>, draft-irtf-cfrg-aead-limits@ietf.org <draft-irtf-cfrg-aead-limits@ietf.org>
>> *Subject: *[Crypto-panel] Request for review: Usage Limits on AEAD Algorithms
>> Dear Crypto Panel experts,
>> 
>> The chairs would like to ask the Crypto Panel to provide a review for the current version (-08) of the "Usage Limits on AEAD Algorithms" draft, draft-irtf-cfrg-aead-limits-08  (https://www.ietf.org/archive/id/draft-irtf-cfrg-aead-limits-08.html)
>> 
>> Volunteers?
>> 
>> Stanislav (on behalf of the CFRG Chairs)
> Attachments:
> * review-draft-irtf-cfrg-aead-limits-08.txt