Re: [Crypto-panel] Request for review: draft-ribose-openpgp-oscca-01

Thank you very much, Ronald, my pleasure!

Best wishes to you too!

Kind regards,
Stanislav

2017-12-21 3:01 GMT+03:00 Ronald Tse <tse@ribose.com>:

> Dear Stanislav,
>
> Thank you again and hats off for the momentous review.
>
> We will incorporate all issues mentioned and the very helpful suggestions
> to enhance the drafts as you described, and shall revert once it is done.
>
> Best wishes to you and your family in this holiday season!
>
> Kind regards,
> Ron
>
> _____________________________________
>
> Ronald Tse
> Ribose Inc.
>
> On Dec 20, 2017, at 11:13 PM, Stanislav V. Smyshlyaev <smyshsv@gmail.com>
> wrote:
>
> Dear colleagues,
>
> The review has been posted to the CFRG mailing list.
>
> P.S.: Ronald, I'll be happy to make an additional review after you finish
> updating the SM2 I-D with design rationale and a summary of published
> analysis results. Nevertheless, I've included my own summary of the
> published results of SM2 to my review.
>
> Best regards,
> Stanislav
>
>
>
>
> 2017-11-29 21:24 GMT+03:00 Ronald Tse <tse@ribose.com>:
>
>> Hi Stanislav,
>>
>> Fully understand. Thank you again for your help!
>>
>> Ron
>>
>> _____________________________________
>>
>> Ronald Tse
>> Ribose Inc.
>>
>> +=========================================================+
>> This message may contain confidential and/or privileged
>> information.  If you are not the addressee or authorized to
>> receive this for the addressee, you must not use, copy,
>> disclose or take any action based on this message or any
>> information herein.  If you have received this message in
>> error, please advise the sender immediately by reply e-mail
>> and delete this message.  Thank you for your cooperation.
>> +=========================================================+
>>
>> On Nov 29, 2017, at 9:23 PM, Stanislav V. Smyshlyaev <smyshsv@gmail.com>
>> wrote:
>>
>> Dear Ronald,
>>
>> Thank you very much for the links!
>> The review is conducted by Crypto Review Panel, thus the analysis is
>> being done more from the cryptographic perspective, and the current state
>> of the analysis of the proposed mechanisms is taken into account.
>>
>> Best regards,
>> Stanislav
>>
>>
>> 2017-11-28 19:28 GMT+03:00 Ronald Tse <tse@ribose.com>:
>>
>>> Dear Stanislav,
>>>
>>> You are absolutely right. Here are the IETF drafts of SM2, SM3 and SM4
>>> (they are referred to within this draft, too):
>>>
>>> SM2: https://tools.ietf.org/html/draft-shen-sm2-ecdsa-02
>>> SM3: https://tools.ietf.org/html/draft-oscca-cfrg-sm3-02
>>> SM4: https://tools.ietf.org/html/draft-ribose-cfrg-sm4-05
>>>
>>> The SM3 and SM4 drafts contain both a design rationale and a
>>> cryptanalysis section. Specifically, the cryptanalysis section contain
>>> bibliography references with links to research publications of the latest
>>> cryptanalysis results (English + Chinese). Most of these results are freely
>>> available in English (Google Scholar).
>>>
>>> As a matter of fact, we are currently updating the SM2 draft to provide
>>> the same level of detail as the other two.
>>>
>>> I’d just like to clarify that the current review is purely on the
>>> OpenPGP side of things. That said, we have previously requested a CFRG
>>> review of the SM4 draft too, so if you have some time to review that draft,
>>> it would be even more awesome :-)
>>>
>>> Hope this helps!
>>>
>>> Kind regards,
>>> Ron
>>>
>>> _____________________________________
>>>
>>> Ronald Tse
>>> Ribose Inc.
>>>
>>> On Nov 29, 2017, at 12:08 AM, Stanislav V. Smyshlyaev <smyshsv@gmail.com>
>>> wrote:
>>>
>>> Dear Ronald,
>>>
>>> Since the document is dedicated to the algorithms and elliptic curve
>>> parameters, it would be very helpful if you could point at papers with
>>> their analysis in English, if some of them are not publicly available (or
>>> could not be easily found via public resources). Also, it will be extremely
>>> important if you could provide some materials with design rationale of the
>>> algorithms and parameters presented in the I-D.
>>>
>>> Of course, full cryptanalysis from a scratch is impossible to be made as
>>> a part of review, so all known results/attacks/notes on design
>>> rationale/results of evaluation of curve parameters will be very important
>>> for making the review(s) as objective as possible.
>>>
>>> Best regards,
>>> Stanislav Smyshlyaev, Ph.D.
>>> Head of Information Security Department,
>>> CryptoPro LLC
>>>
>>>
>>>
>>> 2017-11-28 18:47 GMT+03:00 Ronald Tse <tse@ribose.com>:
>>>
>>>> Dear Stanislav,
>>>>
>>>> Thank you very much for performing the review. Look forward to it!
>>>>
>>>> Kind regards,
>>>> Ron
>>>>
>>>> _____________________________________
>>>>
>>>> Ronald Tse
>>>> Ribose Inc.
>>>>
>>>> On Nov 28, 2017, at 11:21 PM, Stanislav V. Smyshlyaev <
>>>> smyshsv@gmail.com> wrote:
>>>>
>>>> Dear Alexey,
>>>>
>>>> I'll be happy to do this.
>>>>
>>>> Will it be OK, if I provide a review by the 20th of December?
>>>>
>>>> Best regards,
>>>>
>>>> Stanislav
>>>>
>>>>
>>>> 2017-11-28 17:02 GMT+03:00 Alexey Melnikov <alexey.melnikov@isode.com>:
>>>>
>>>>> Dear Crypto Panel,
>>>>>
>>>>> SAAG’s SECDISPATCH chairs have requested review of
>>>>> <https://datatracker.ietf.org/doc/draft-ribose-openpgp-oscca/>
>>>>> before the document fate will be decided (it is likely to end up in
>>>>> the CURDLE WG).
>>>>>
>>>>> Can we have some volunteer(s) please?
>>>>>
>>>>> The draft Abstract is:
>>>>>
>>>>>    This document enables OpenPGP (RFC4880) usage in an compliant manner
>>>>>    with OSCCA (Office of State Commercial Cipher Administration)
>>>>>    regulations for use within China.
>>>>>
>>>>>    Specifically, it extends OpenPGP to support the usage of SM2, SM3
>>>>> and
>>>>>    SM4 algorithms, and provides the OSCCA-compliant OpenPGP profile
>>>>>    "OSCCA-SM234".
>>>>>
>>>>>
>>>>> Thank you,
>>>>> Alexey
>>>>>
>>>>> _______________________________________________
>>>>> Crypto-panel mailing list
>>>>> Crypto-panel@irtf.org
>>>>> https://www.irtf.org/mailman/listinfo/crypto-panel
>>>>>
>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>