Re: [Crypto-panel] Request for review: draft-ribose-openpgp-oscca-01
"Stanislav V. Smyshlyaev" <smyshsv@gmail.com> Thu, 21 December 2017 05:57 UTC
Return-Path: <smyshsv@gmail.com>
X-Original-To: crypto-panel@ietfa.amsl.com
Delivered-To: crypto-panel@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2E1BC127275 for <crypto-panel@ietfa.amsl.com>; Wed, 20 Dec 2017 21:57:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id h8jG0JZ0-KLF for <crypto-panel@ietfa.amsl.com>; Wed, 20 Dec 2017 21:57:56 -0800 (PST)
Received: from mail-qt0-x231.google.com (mail-qt0-x231.google.com [IPv6:2607:f8b0:400d:c0d::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DE2701201FA for <crypto-panel@irtf.org>; Wed, 20 Dec 2017 21:57:55 -0800 (PST)
Received: by mail-qt0-x231.google.com with SMTP id m59so31139648qte.11 for <crypto-panel@irtf.org>; Wed, 20 Dec 2017 21:57:55 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=vqwQLIfdamzfeu/RVigLXYq55jfbu1opE2ODo3ueH+c=; b=QoC9AS46HExTZkZATHG8Epucm2fWkR/izEUC4faV3CjmUwXoYmcmKmVl+YQNBrY8Ic kv/d/xZDfBZo0kew4AtnWMg3wcGA13QmgHvjrIVpzgbnrrMyMJDWHH5rP3E6y62ORR7T pdpR0FkDCyQAK16rclzbNTaaFkayZUor5PRuxr+rqpciJmD90lo91giLCqsz8R8TN/k0 jHPLICA2/Mhk5P/J6V6oeYB9G7USRuoT9N/97ORWuSlnPLetqybuKcIB/yMZ0wnSIWSD hER5gGgJ9AOKhmttQMOUzV3P7GO1U6rL4qDsfccRZbUpwSTtYsiCcrs5YUXS7dRk5r6n JLVA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=vqwQLIfdamzfeu/RVigLXYq55jfbu1opE2ODo3ueH+c=; b=l+McFJeFUn6t+cVByY3e9bhDSIA+oHHft76YVMA/rIV1hnECZkJRwlCWBH3+5K1aLT vDPFDcehyPOZVcFgS+1Q/l214i81a1nLA/RcAsztZdYbdwdZmFzhe4zJRpLgTH0JH1qk x+X18Z+83UbS63NU/mWNVFpKFRWywG0hAyIfu1cbibxTTaO60Xxhrucbvral4Sd+fd6H BotTYPLAqxoHOowKURKGW2BoH0Wud26tSEPaw1W3sKJKob115joKt+uY1+MH0CSXpP6R GaM/ZyktPhi+z5qtdj+YSJPovQkTvsqCJNATFyubgRmHhC4UlOFIZ3piIFrvI6AgjR9r gX7Q==
X-Gm-Message-State: AKGB3mIecJO7RUwSZOnwyqlrDRYJByxWJ4AxrIcrBWTAZUXA598IdY5I 5DcSAYVnGMYDtf9o/Qzrn5+/b4i05YJbUUiB3BU=
X-Google-Smtp-Source: ACJfBotRfRdO5ABhqEj+iO6aCzT5qxs49HkArZy2OdD1rMc0+rGrC+dM00C+kdOx0d4FVO7g9YJ12b8gJR2n6365wG4=
X-Received: by 10.200.19.11 with SMTP id e11mr13348733qtj.62.1513835875069; Wed, 20 Dec 2017 21:57:55 -0800 (PST)
MIME-Version: 1.0
Received: by 10.12.142.139 with HTTP; Wed, 20 Dec 2017 21:57:54 -0800 (PST)
In-Reply-To: <8CBA1FC8-A4BE-49F5-B7EC-3D872E1F2ACF@ribose.com>
References: <56db317a-07ad-0ad4-b1d1-31f12283115e@isode.com> <CAMr0u6nk5xo18Y93uWXKvXsbKX8o7pVx-MWrumvQnkYERPgbpw@mail.gmail.com> <E6993497-43A6-4CB2-866E-D5AF55E1D168@ribose.com> <CAMr0u6kk4HDKUKJqt3WPjO3jX+B4BoiidTQvdr7k7TLDqcG0-A@mail.gmail.com> <087A0995-B344-4CBE-B300-D2431F1E5552@ribose.com> <CAMr0u6kCzMeZgLALSoWxggMH6A=ou9U05umFLHGvT6MLdeSwng@mail.gmail.com> <23B65052-E3DC-4553-B729-BE1CE0899C62@ribose.com> <CAMr0u6=6hL2B8OcKkn4E8ivMw9Ta90NrVb7qm_t6_7qj5x4c4g@mail.gmail.com> <8CBA1FC8-A4BE-49F5-B7EC-3D872E1F2ACF@ribose.com>
From: "Stanislav V. Smyshlyaev" <smyshsv@gmail.com>
Date: Thu, 21 Dec 2017 08:57:54 +0300
Message-ID: <CAMr0u6=u0by1AWeY5SEo9qnCEBJbJ70a2USVgbRZ=bZxBexbEw@mail.gmail.com>
To: Ronald Tse <tse@ribose.com>
Cc: Alexey Melnikov <alexey.melnikov@isode.com>, "crypto-panel@irtf.org" <crypto-panel@irtf.org>, Nancy Cam-Winget <ncamwing@cisco.com>, "draft-ribose-openpgp-oscca.authors@ietf.org" <draft-ribose-openpgp-oscca.authors@ietf.org>, Tim Polk <tim.polk@nist.gov>, "Paterson, Kenny" <Kenny.Paterson@rhul.ac.uk>
Content-Type: multipart/alternative; boundary="089e0828a8fc94f2630560d36155"
Archived-At: <https://mailarchive.ietf.org/arch/msg/crypto-panel/dbmvzawIINAY8JRPvzCNdPJgDYg>
Subject: Re: [Crypto-panel] Request for review: draft-ribose-openpgp-oscca-01
X-BeenThere: crypto-panel@irtf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: <crypto-panel.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/crypto-panel>, <mailto:crypto-panel-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/crypto-panel/>
List-Post: <mailto:crypto-panel@irtf.org>
List-Help: <mailto:crypto-panel-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/crypto-panel>, <mailto:crypto-panel-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Dec 2017 05:57:59 -0000
Thank you very much, Ronald, my pleasure! Best wishes to you too! Kind regards, Stanislav 2017-12-21 3:01 GMT+03:00 Ronald Tse <tse@ribose.com>: > Dear Stanislav, > > Thank you again and hats off for the momentous review. > > We will incorporate all issues mentioned and the very helpful suggestions > to enhance the drafts as you described, and shall revert once it is done. > > Best wishes to you and your family in this holiday season! > > Kind regards, > Ron > > _____________________________________ > > Ronald Tse > Ribose Inc. > > On Dec 20, 2017, at 11:13 PM, Stanislav V. Smyshlyaev <smyshsv@gmail.com> > wrote: > > Dear colleagues, > > The review has been posted to the CFRG mailing list. > > P.S.: Ronald, I'll be happy to make an additional review after you finish > updating the SM2 I-D with design rationale and a summary of published > analysis results. Nevertheless, I've included my own summary of the > published results of SM2 to my review. > > Best regards, > Stanislav > > > > > 2017-11-29 21:24 GMT+03:00 Ronald Tse <tse@ribose.com>: > >> Hi Stanislav, >> >> Fully understand. Thank you again for your help! >> >> Ron >> >> _____________________________________ >> >> Ronald Tse >> Ribose Inc. >> >> +=========================================================+ >> This message may contain confidential and/or privileged >> information. If you are not the addressee or authorized to >> receive this for the addressee, you must not use, copy, >> disclose or take any action based on this message or any >> information herein. If you have received this message in >> error, please advise the sender immediately by reply e-mail >> and delete this message. Thank you for your cooperation. >> +=========================================================+ >> >> On Nov 29, 2017, at 9:23 PM, Stanislav V. Smyshlyaev <smyshsv@gmail.com> >> wrote: >> >> Dear Ronald, >> >> Thank you very much for the links! >> The review is conducted by Crypto Review Panel, thus the analysis is >> being done more from the cryptographic perspective, and the current state >> of the analysis of the proposed mechanisms is taken into account. >> >> Best regards, >> Stanislav >> >> >> 2017-11-28 19:28 GMT+03:00 Ronald Tse <tse@ribose.com>: >> >>> Dear Stanislav, >>> >>> You are absolutely right. Here are the IETF drafts of SM2, SM3 and SM4 >>> (they are referred to within this draft, too): >>> >>> SM2: https://tools.ietf.org/html/draft-shen-sm2-ecdsa-02 >>> SM3: https://tools.ietf.org/html/draft-oscca-cfrg-sm3-02 >>> SM4: https://tools.ietf.org/html/draft-ribose-cfrg-sm4-05 >>> >>> The SM3 and SM4 drafts contain both a design rationale and a >>> cryptanalysis section. Specifically, the cryptanalysis section contain >>> bibliography references with links to research publications of the latest >>> cryptanalysis results (English + Chinese). Most of these results are freely >>> available in English (Google Scholar). >>> >>> As a matter of fact, we are currently updating the SM2 draft to provide >>> the same level of detail as the other two. >>> >>> I’d just like to clarify that the current review is purely on the >>> OpenPGP side of things. That said, we have previously requested a CFRG >>> review of the SM4 draft too, so if you have some time to review that draft, >>> it would be even more awesome :-) >>> >>> Hope this helps! >>> >>> Kind regards, >>> Ron >>> >>> _____________________________________ >>> >>> Ronald Tse >>> Ribose Inc. >>> >>> On Nov 29, 2017, at 12:08 AM, Stanislav V. Smyshlyaev <smyshsv@gmail.com> >>> wrote: >>> >>> Dear Ronald, >>> >>> Since the document is dedicated to the algorithms and elliptic curve >>> parameters, it would be very helpful if you could point at papers with >>> their analysis in English, if some of them are not publicly available (or >>> could not be easily found via public resources). Also, it will be extremely >>> important if you could provide some materials with design rationale of the >>> algorithms and parameters presented in the I-D. >>> >>> Of course, full cryptanalysis from a scratch is impossible to be made as >>> a part of review, so all known results/attacks/notes on design >>> rationale/results of evaluation of curve parameters will be very important >>> for making the review(s) as objective as possible. >>> >>> Best regards, >>> Stanislav Smyshlyaev, Ph.D. >>> Head of Information Security Department, >>> CryptoPro LLC >>> >>> >>> >>> 2017-11-28 18:47 GMT+03:00 Ronald Tse <tse@ribose.com>: >>> >>>> Dear Stanislav, >>>> >>>> Thank you very much for performing the review. Look forward to it! >>>> >>>> Kind regards, >>>> Ron >>>> >>>> _____________________________________ >>>> >>>> Ronald Tse >>>> Ribose Inc. >>>> >>>> On Nov 28, 2017, at 11:21 PM, Stanislav V. Smyshlyaev < >>>> smyshsv@gmail.com> wrote: >>>> >>>> Dear Alexey, >>>> >>>> I'll be happy to do this. >>>> >>>> Will it be OK, if I provide a review by the 20th of December? >>>> >>>> Best regards, >>>> >>>> Stanislav >>>> >>>> >>>> 2017-11-28 17:02 GMT+03:00 Alexey Melnikov <alexey.melnikov@isode.com>: >>>> >>>>> Dear Crypto Panel, >>>>> >>>>> SAAG’s SECDISPATCH chairs have requested review of >>>>> <https://datatracker.ietf.org/doc/draft-ribose-openpgp-oscca/> >>>>> before the document fate will be decided (it is likely to end up in >>>>> the CURDLE WG). >>>>> >>>>> Can we have some volunteer(s) please? >>>>> >>>>> The draft Abstract is: >>>>> >>>>> This document enables OpenPGP (RFC4880) usage in an compliant manner >>>>> with OSCCA (Office of State Commercial Cipher Administration) >>>>> regulations for use within China. >>>>> >>>>> Specifically, it extends OpenPGP to support the usage of SM2, SM3 >>>>> and >>>>> SM4 algorithms, and provides the OSCCA-compliant OpenPGP profile >>>>> "OSCCA-SM234". >>>>> >>>>> >>>>> Thank you, >>>>> Alexey >>>>> >>>>> _______________________________________________ >>>>> Crypto-panel mailing list >>>>> Crypto-panel@irtf.org >>>>> https://www.irtf.org/mailman/listinfo/crypto-panel >>>>> >>>> >>>> >>>> >>> >>> >> >> > >
- [Crypto-panel] Request for review: draft-ribose-o… Alexey Melnikov
- Re: [Crypto-panel] Request for review: draft-ribo… Stanislav V. Smyshlyaev
- Re: [Crypto-panel] Request for review: draft-ribo… Alexey Melnikov
- Re: [Crypto-panel] Request for review: draft-ribo… Ronald Tse
- Re: [Crypto-panel] Request for review: draft-ribo… Ronald Tse
- Re: [Crypto-panel] Request for review: draft-ribo… Stanislav V. Smyshlyaev
- Re: [Crypto-panel] Request for review: draft-ribo… Ronald Tse
- Re: [Crypto-panel] Request for review: draft-ribo… Russ Housley
- Re: [Crypto-panel] Request for review: draft-ribo… Bjoern Tackmann
- Re: [Crypto-panel] Request for review: draft-ribo… Ronald Tse
- Re: [Crypto-panel] Request for review: draft-ribo… Stanislav V. Smyshlyaev
- Re: [Crypto-panel] Request for review: draft-ribo… Ronald Tse
- Re: [Crypto-panel] Request for review: draft-ribo… Stanislav V. Smyshlyaev
- Re: [Crypto-panel] Request for review: draft-ribo… Stanislav V. Smyshlyaev
- Re: [Crypto-panel] Request for review: draft-ribo… Ronald Tse
- Re: [Crypto-panel] Request for review: draft-ribo… Stanislav V. Smyshlyaev
- Re: [Crypto-panel] Request for review: draft-ribo… Bjoern Tackmann
- Re: [Crypto-panel] Request for review: draft-ribo… Ronald Tse
- Re: [Crypto-panel] Request for review: draft-ribo… Bjoern Tackmann
- Re: [Crypto-panel] Request for review: draft-ribo… Ronald Tse