IETF Logo Mail Archive

Re: [Crypto-panel] [Cfrg] Fwd: Rev RFC 7539?

Yoav Nir <ynir.ietf@gmail.com> Mon, 30 January 2017 15:46 UTC

Return-Path: <ynir.ietf@gmail.com>
X-Original-To: crypto-panel@ietfa.amsl.com
Delivered-To: crypto-panel@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D6B491294C1 for <crypto-panel@ietfa.amsl.com>; Mon, 30 Jan 2017 07:46:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.698
X-Spam-Level:
X-Spam-Status: No, score=-2.698 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hU1ZLTOoKgyQ for <crypto-panel@ietfa.amsl.com>; Mon, 30 Jan 2017 07:46:13 -0800 (PST)
Received: from mail-wm0-x230.google.com (mail-wm0-x230.google.com [IPv6:2a00:1450:400c:c09::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D9EC512951B for <crypto-panel@irtf.org>; Mon, 30 Jan 2017 07:46:12 -0800 (PST)
Received: by mail-wm0-x230.google.com with SMTP id v77so52714107wmv.0 for <crypto-panel@irtf.org>; Mon, 30 Jan 2017 07:46:12 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=scTKMqFJYfiJQOBcyli2SNhtZgc5U8k3JNcALTUugsU=; b=R5t4eTQ6Ea+wBcFLXDAhJAh/RYu2znqjZPJun8oCMkyG1jA0k5//TMHcaQTpQPbGhm kp2uL7Wcorh3Bw2q9XLzunMQ9UfdfrBZ4AZI+t3AFm/cFDX+QbFS8bjAqv6A35Qr+Vk5 sH0NI32c12cRHdw92y7eWrKL9K9HSwNcIO/ZTSLA976bP7/b4kl0dE3on7xlcxupdfFq v4FURMc83KCUwfHYfkMYjmR2lNPh1QYM21YAu/haJyziYnOLRFVvc34TwFhH8t1K9Onm wh5MNR8sGskAT4KEngIkAt36hXYBaKnK+SjTBYjd+/h6+ScQlpRc9FMIW1W0fq5P/Uch ETnA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=scTKMqFJYfiJQOBcyli2SNhtZgc5U8k3JNcALTUugsU=; b=lrsvAYgxAeT7amiFG3vAIP91rwgDLwceT4vvVdJMcG7HnapoSm3zfi1WtIhCPHfvlA Cl6caKhfHxwYHyzaaGYPs2PSmnJhD1KTceS8N7HPhchxC2AlpPiaiPxL/OjyZuI1nZiC TnsQ6CVdGTDxP8mmYvnTgenQTOcZ0ga3MjtVMYS7o97tJzTMGTknup+9USZifoNLv7Sc 9wEKQmW6AHJNvjoHULbwCBuP81uQNBiyFmXt4hxNHFH1renCmjN4vpIjnDtIya9pZoN4 t/XS20pOwokwYRPbVaArX9bGtzJ6KP49IaP+600Znan5261tbeRi9SyvC1LBgukdPYNv zqZg==
X-Gm-Message-State: AIkVDXJBMylhi0hDI9cTkDBRkfSXLjC8WBnTXk3Y8pLhKoYrwefbmT0u5aBrnucORsTeUA==
X-Received: by 10.28.212.82 with SMTP id l79mr14010781wmg.101.1485791171267; Mon, 30 Jan 2017 07:46:11 -0800 (PST)
Received: from [172.24.248.204] (dyn32-131.checkpoint.com. [194.29.32.131]) by smtp.gmail.com with ESMTPSA id z67sm23457905wrb.49.2017.01.30.07.46.09 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 30 Jan 2017 07:46:10 -0800 (PST)
From: Yoav Nir <ynir.ietf@gmail.com>
Message-Id: <83BAF748-9702-468A-8061-60EDA967CA5A@gmail.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_C7540EB7-CE74-4EED-B6E8-2C5E8879ADC1"
Mime-Version: 1.0 (Mac OS X Mail 10.2 \(3259\))
Date: Mon, 30 Jan 2017 17:46:07 +0200
In-Reply-To: <DDE9A7AA-E280-41A4-B56C-757177C963BF@gmail.com>
To: "Paterson, Kenny" <Kenny.Paterson@rhul.ac.uk>
References: <46ECD4D0-07BB-4082-82AC-4B2AE656AE09@gmail.com> <A57288FC-C629-472F-8394-DB58C45EEC25@gmail.com> <D4A3ABF6.7E151%kenny.paterson@rhul.ac.uk> <94C03201-A023-412C-BE42-808BCE93B010@vigilsec.com> <D4A52F76.7E25E%kenny.paterson@rhul.ac.uk> <22F124C4-62D3-4511-AC37-EA9880687DA4@vigilsec.com> <44785B40-77C2-4B41-803E-DCD030E84C3B@rhul.ac.uk> <CAMr0u6mo=9pj7m2uLYRE3mavAMAcsfysxC2NE_-9bN_-TO8qdg@mail.gmail.com> <9BB90216-1CE2-4BDB-BC77-D30293D1A040@rhul.ac.uk> <DDE9A7AA-E280-41A4-B56C-757177C963BF@gmail.com>
X-Mailer: Apple Mail (2.3259)
Archived-At: <https://mailarchive.ietf.org/arch/msg/crypto-panel/v5OWDJhAxtreotdg1IDeIpezSXI>
Cc: "crypto-panel@irtf.org" <crypto-panel@irtf.org>, Alexey Melnikov <alexey.melnikov@isode.com>, Russ Housley <housley@vigilsec.com>, "Stanislav V. Smyshlyaev" <smyshsv@gmail.com>
Subject: Re: [Crypto-panel] [Cfrg] Fwd: Rev RFC 7539?
X-BeenThere: crypto-panel@irtf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: <crypto-panel.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/crypto-panel>, <mailto:crypto-panel-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/crypto-panel/>
List-Post: <mailto:crypto-panel@irtf.org>
List-Help: <mailto:crypto-panel-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/crypto-panel>, <mailto:crypto-panel-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 30 Jan 2017 15:46:16 -0000

Hi.

So I’ve just posted version -01.  Changes include:
Reworded the abstract introduction to avoid saying that the document does not introduce any new crypto (the composition of ChaCha20 and Poly1305 was in fact novel)
Replaced “papers by D. J. Bernstein” with actual references.
Removed numbering and bullets from lists of formulas.
Converted all “rotation” to “roll” for consistency.
Changed the variable name in inner_block() from “working_state” to “initial_state”
Explained the pipe (“|”) character and bitwise AND assignment (“&=“) in formulas.
Removed discussion of potential use in ESP and TLS. Both algorithms have RFCs by now.
Removed discussion of using HMAC for PRF.
Clarified that a 64- (or 128- or 256-) bit cipher refers to block size, not to key size.
Addressed Jim Schaad’s comment that the tag MUST NOT be truncated (that was the little extra text in the Security Considerations)
A few more editorial fixes

https://tools.ietf.org/html/draft-nir-cfrg-rfc7539bis-01 <https://tools.ietf.org/html/draft-nir-cfrg-rfc7539bis-01>

Yoav

> On 19 Jan 2017, at 13:13, Yoav Nir <ynir.ietf@gmail.com> wrote:
> 
> I will make a new version by next week.
> 
> Yoav
> 
>> On 19 Jan 2017, at 13:08, Paterson, Kenny <Kenny.Paterson@rhul.ac.uk <mailto:Kenny.Paterson@rhul.ac.uk>> wrote:
>> 
>> Dear Stanislav,
>> 
>> Thanks very much for your quick action here - Yoav now has a total of 3 detailed reviews to work from - 2 from the panel and one from John Mattson on list. 
>> 
>> This is exactly how the review panel should work :-)
>> 
>> Regards,
>> 
>> Kenny
>> 
>> 
>> On 19 Jan 2017, at 11:52, Stanislav V. Smyshlyaev <smyshsv@gmail.com <mailto:smyshsv@gmail.com>> wrote:
>> 
>>> Good afternoon, dear colleagues!
>>> 
>>> I've sent the review to the CFRG mailing list.
>>> 
>>> Best regards,
>>> Stanislav
>>> 
>>> 
>>> 2017-01-19 13:41 GMT+03:00 Paterson, Kenny <Kenny.Paterson@rhul.ac.uk <mailto:Kenny.Paterson@rhul.ac.uk>>:
>>> Russ,
>>> 
>>> Thanks for the speedy feedback.
>>> 
>>> Best wishes,
>>> 
>>> Kenny
>>> 
>>> Sent from my iPhone
>>> 
>>> > On 18 Jan 2017, at 19:41, Russ Housley <housley@vigilsec.com <mailto:housley@vigilsec.com>> wrote:
>>> >
>>> > I just sent the review.
>>> >
>>> >
>>> >> On Jan 18, 2017, at 9:45 AM, Paterson, Kenny <Kenny.Paterson@rhul.ac.uk <mailto:Kenny.Paterson@rhul.ac.uk>> wrote:
>>> >>
>>> >> Hi Russ,
>>> >>
>>> >> Thanks for offering. Stanislav also volunteered, but I think having two
>>> >> independent reviews will do no harm at all here, since the intention is to
>>> >> catch as many things as possible. So please go ahead in your suggested
>>> >> timeframe.
>>> >>
>>> >> We didn't quite settle on a mechanism for handling these reviews yet, but
>>> >> in this case I'd suggest e-mailing your comments to CFRG in the
>>> >> appropriate thread once they are ready.
>>> >>
>>> >> Thanks again,
>>> >>
>>> >> Kenny
>>> >>
>>> >>
>>> >>
>>> >>> On 17/01/2017 15:53, "Russ Housley" <housley@vigilsec.com <mailto:housley@vigilsec.com>> wrote:
>>> >>>
>>> >>> I can do it late this week or early next week.
>>> >>>
>>> >>> Russ
>>> >>>
>>> >>>
>>> >>> On Jan 17, 2017, at 6:16 AM, Paterson, Kenny <Kenny.Paterson@rhul.ac.uk <mailto:Kenny.Paterson@rhul.ac.uk>>
>>> >>> wrote:
>>> >>>
>>> >>>> Dear CFRG Review Panel members,
>>> >>>>
>>> >>>> Please could we have a volunteer to review this document from Yoav Nir?
>>> >>>>
>>> >>>> The document is a proposed revision to RFC 7539 ("ChaCha20 and Poly1305
>>> >>>> for IETF Protocols") to address a number of errata that were found in
>>> >>>> the
>>> >>>> original RFC in a systematic way.
>>> >>>>
>>> >>>> The purpose of the review would be to check that the corrections make
>>> >>>> sense and to try to identify any further glitches that remain.
>>> >>>> Additional
>>> >>>> remarks would be welcome of course.
>>> >>>>
>>> >>>> If you volunteer, it would be helpful to also indicate a time-scale for
>>> >>>> delivering your review.
>>> >>>>
>>> >>>> Regards,
>>> >>>>
>>> >>>> Kenny
>>> >>>>
>>> >>>> On 12/01/2017 06:24, "Cfrg on behalf of Yoav Nir" <cfrg-bounces@irtf.org <mailto:cfrg-bounces@irtf.org>
>>> >>>> on behalf of ynir.ietf@gmail.com <mailto:ynir.ietf@gmail.com>> wrote:
>>> >>>>
>>> >>>>> Reminder.
>>> >>>>>
>>> >>>>>
>>> >>>>> Is there interest in pushing this forward?
>>> >>>>>
>>> >>>>>
>>> >>>>> Yoav
>>> >>>>>
>>> >>>>>
>>> >>>>> Begin forwarded message:
>>> >>>>>
>>> >>>>> From: Yoav Nir <ynir.ietf@gmail.com <mailto:ynir.ietf@gmail.com>>
>>> >>>>>
>>> >>>>> Subject: Re: [Cfrg] Rev RFC 7539?
>>> >>>>>
>>> >>>>> Date: 16 November 2016 at 9:09:11 GMT+2
>>> >>>>>
>>> >>>>> To: Sean Turner <sean@sn3rd.com <mailto:sean@sn3rd.com>>
>>> >>>>>
>>> >>>>> Cc: IRTF CFRG <cfrg@irtf.org <mailto:cfrg@irtf.org>>
>>> >>>>>
>>> >>>>>
>>> >>>>> Cycles found.
>>> >>>>>
>>> >>>>>
>>> >>>>> Attached please find two files:
>>> >>>>> 1. rfc7539_long.txt is RFC 7539 with page breaks and page numbers
>>> >>>>> removed.
>>> >>>>> 2. draft-nir-cfrg-rfc7539bis-00.raw.txt
>>> >>>>> is the unpaginated form of the new draft.
>>> >>>>>
>>> >>>>>
>>> >>>>> Couldn’t do much about the boilerplate, but this makes it easy to
>>> >>>>> compare.
>>> >>>>>
>>> >>>>>
>>> >>>>> Yoav
>>> >>>>>
>>> >>>>>
>>> >>>>>
>>> >>>>>
>>> >>>>>
>>> >>>>>
>>> >>>>>
>>> >>>>>
>>> >>>>>
>>> >>>>>
>>> >>>>>
>>> >>>>>
>>> >>>>>
>>> >>>>>
>>> >>>>>
>>> >>>>>
>>> >>>>>
>>> >>>>>
>>> >>>>>
>>> >>>>> On 16 Nov 2016, at 10:06, Sean Turner <sean@sn3rd.com <mailto:sean@sn3rd.com>> wrote:
>>> >>>>>
>>> >>>>> +1 - if you got the cycles.
>>> >>>>>
>>> >>>>> spt
>>> >>>>>
>>> >>>>>
>>> >>>>> On Nov 14, 2016, at 15:55, Eric Rescorla <ekr@rtfm.com <mailto:ekr@rtfm.com>> wrote:
>>> >>>>>
>>> >>>>> This seems like a good plan.
>>> >>>>>
>>> >>>>> -Ekr
>>> >>>>>
>>> >>>>>
>>> >>>>> On Mon, Nov 14, 2016 at 3:32 PM, Yoav Nir <ynir.ietf@gmail.com <mailto:ynir.ietf@gmail.com>> wrote:
>>> >>>>> Hi
>>> >>>>>
>>> >>>>> RFC 7539 (“ChaCha20 and Poly1305 for IETF Protocols”)[1] is now
>>> >>>>> implemented in many places and referenced by 3 RFCs and 8 Internet
>>> >>>>> Drafts
>>> >>>>> ([2])
>>> >>>>>
>>> >>>>> However, the quality of the document is not where we’d like it to be.
>>> >>>>> There have been 7 errata filed against it. Most of it is editorial or
>>> >>>>> insignificant, but still no errata is better than some errata.
>>> >>>>>
>>> >>>>> So what do the participants and chairs think about spinning up a
>>> >>>>> quick[4]
>>> >>>>> rfc7539bis that has the same text, except that the errata will be
>>> >>>>> merged
>>> >>>>> in?
>>> >>>>>
>>> >>>>> I think such a document should be fairly easy and quick.
>>> >>>>>
>>> >>>>> Yoav
>>> >>>>>
>>> >>>>> P.S: and yes, of course I’m volunteering to write it.
>>> >>>>>
>>> >>>>> [1] https://tools.ietf.org/html/rfc7539 <https://tools.ietf.org/html/rfc7539>
>>> >>>>> [2] https://datatracker.ietf.org/doc/rfc7539/referencedby/ <https://datatracker.ietf.org/doc/rfc7539/referencedby/>
>>> >>>>> [3] https://www.rfc-editor.org/errata_search.php?rfc=7539 <https://www.rfc-editor.org/errata_search.php?rfc=7539>
>>> >>>>> [4] My spell check actually corrected “quick” to “quic”. The contents
>>> >>>>> of
>>> >>>>> my mails are veering far away from regular English.
>>> >>>>>
>>> >>>>>
>>> >>>>> _______________________________________________
>>> >>>>> Cfrg mailing list
>>> >>>>> Cfrg@irtf.org <mailto:Cfrg@irtf.org>
>>> >>>>> https://www.irtf.org/mailman/listinfo/cfrg <https://www.irtf.org/mailman/listinfo/cfrg>
>>> >>>>>
>>> >>>>>
>>> >>>>> _______________________________________________
>>> >>>>> Cfrg mailing list
>>> >>>>> Cfrg@irtf.org <mailto:Cfrg@irtf.org>
>>> >>>>> https://www.irtf.org/mailman/listinfo/cfrg <https://www.irtf.org/mailman/listinfo/cfrg>
>>> >>>>>
>>> >>>>>
>>> >>>>>
>>> >>>>>
>>> >>>>>
>>> >>>>>
>>> >>>>>
>>> >>>>>
>>> >>>>>
>>> >>>>>
>>> >>>>>
>>> >>>>>
>>> >>>>>
>>> >>>>>
>>> >>>>>
>>> >>>>>
>>> >>>>>
>>> >>>>>
>>> >>>>
>>> >>>>
>>> >>>> <draft-nir-cfrg-rfc7539bis-00.raw.txt><rfc7539_long.txt>_________________
>>> >>>> ______________________________
>>> >>>> Crypto-panel mailing list
>>> >>>> Crypto-panel@irtf.org <mailto:Crypto-panel@irtf.org>
>>> >>>> https://www.irtf.org/mailman/listinfo/crypto-panel <https://www.irtf.org/mailman/listinfo/crypto-panel>
>>> >>>
>>> >>
>>> >> _______________________________________________
>>> >> Crypto-panel mailing list
>>> >> Crypto-panel@irtf.org <mailto:Crypto-panel@irtf.org>
>>> >> https://www.irtf.org/mailman/listinfo/crypto-panel <https://www.irtf.org/mailman/listinfo/crypto-panel>
>>> >
>>> 
>>> _______________________________________________
>>> Crypto-panel mailing list
>>> Crypto-panel@irtf.org <mailto:Crypto-panel@irtf.org>
>>> https://www.irtf.org/mailman/listinfo/crypto-panel <https://www.irtf.org/mailman/listinfo/crypto-panel>
>>> 
>

v2.23.0 | Report a Bug | By Email