IETF Logo Mail Archive

Re: [Curdle] Review of draft-ietf-curdle-cms-chacha20-poly1305-04

Stephen Farrell <stephen.farrell@cs.tcd.ie> Fri, 06 January 2017 16:12 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 27B0A129B7C; Fri, 6 Jan 2017 08:12:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.401
X-Spam-Level:
X-Spam-Status: No, score=-7.401 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-3.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9dGck7OGpbj6; Fri, 6 Jan 2017 08:12:51 -0800 (PST)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A72FC129B4F; Fri, 6 Jan 2017 08:12:51 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id BA5DEBE77; Fri, 6 Jan 2017 16:12:49 +0000 (GMT)
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jI4kpVpU9OgG; Fri, 6 Jan 2017 16:12:49 +0000 (GMT)
Received: from [134.226.36.93] (bilbo.dsg.cs.tcd.ie [134.226.36.93]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id CFE63BE80; Fri, 6 Jan 2017 16:12:48 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1483719169; bh=dy7VA9m5q/UpcmshCopVcp/W/CcOrPkBKnKg0Yr3mE8=; h=Subject:To:References:Cc:From:Date:In-Reply-To:From; b=V1f28R7+3OO46/uX7dvH8YbB8gxq2TV7iI2+Y+f1VpUJ2W8rYUWp2aUHoWJzAs+0t G+4yhtGhV7r29L/pYkm12sKSvjTzQ812dJFS+m6LDQZJ1aX5GTdjffgIjRCWjF4kZR aTV+MtecnQ20VbNVf4ZodCwcc/yuf4KMXvx1br0w=
To: Russ Housley <housley@vigilsec.com>
References: <148146205925.29990.2056127161677925002.idtracker@ietfa.amsl.com> <0e1501d254c4$b542c1e0$1fc845a0$@augustcellars.com> <d150c80b-ca11-af48-a6bb-87e4604499d7@cs.tcd.ie> <D526B8BE-8B01-4AC2-BAE5-08567EA27142@vigilsec.com>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Openpgp: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url=
Message-ID: <fbd47956-cb8b-1f60-29af-c6cef565a972@cs.tcd.ie>
Date: Fri, 06 Jan 2017 16:12:48 +0000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.5.1
MIME-Version: 1.0
In-Reply-To: <D526B8BE-8B01-4AC2-BAE5-08567EA27142@vigilsec.com>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="------------ms010102040902050601080601"
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/6AeFo7p3pg3H8O28GO--ipcQes8>
Cc: Jim Schaad <ietf@augustcellars.com>, draft-ietf-curdle-cms-chacha20-poly1305.all@ietf.org, curdle@ietf.org, Yoav Nir <ynir.ietf@gmail.com>
Subject: Re: [Curdle] Review of draft-ietf-curdle-cms-chacha20-poly1305-04
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Jan 2017 16:12:54 -0000

Excellent, I'll put it on the Jan 19th agenda. Thanks
for the quick turnaround,
S

On 06/01/17 16:12, Russ Housley wrote:
> Stephen:
> 
> I had already tackled Yoav’s comments in my working copy.  I just did one of the comments from the OPS Dir review.  The other was moot because the paragraph was rewritten to resolve Yoav’s comments.
> 
> Russ
> 
> 
> On Jan 6, 2017, at 10:54 AM, Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote:
> 
>>
>> Hiya,
>>
>> I think we've one change pending from Yoav's review. There
>> were also some nits from the opsdir review [1] posted over
>> the holidays.
>>
>> Do we think we can have an update with those fixes in the
>> next week? If so, I'll put this on the Jan 19th telechat
>> for approval. (If it's somehow easier for these changes to
>> be done as an RFC editor note, that's fine too - just
>> send me the text for that.)
>>
>> Thanks,
>> S.
>>
>> [1]
>> https://datatracker.ietf.org/doc/review-ietf-curdle-cms-chacha20-poly1305-04-opsdir-lc-comstedt-2016-12-24/
>>
>> On 12/12/16 22:11, Jim Schaad wrote:
>>>
>>>
>>>> -----Original Message-----
>>>> From: Curdle [mailto:curdle-bounces@ietf.org] On Behalf Of Yoav Nir
>>>> Sent: Sunday, December 11, 2016 5:14 AM
>>>> To: secdir@ietf.org
>>>> Cc: curdle@ietf.org; draft-ietf-curdle-cms-chacha20-poly1305.all@ietf.org;
>>>> ietf@ietf.org
>>>> Subject: [Curdle] Review of draft-ietf-curdle-cms-chacha20-poly1305-04
>>>>
>>>> Reviewer: Yoav Nir
>>>> Review result: Has Nits
>>>>
>>>> Hi,
>>>>
>>>> I have reviewed this document as part of the security directorate's
>>> ongoing
>>>> effort to review all IETF documents being processed by the IESG.  These
>>>> comments were written primarily for the benefit of the security area
>>> directors.
>>>> Document editors and WG chairs should treat these comments just like any
>>>> other last call comments.
>>>>
>>>> Summary: Ready with nits.
>>>>
>>>> Introduction
>>>>   ChaCha20 is the 20-round variant of ChaCha; it requires a 256-bit key
>>>>   and a 96-bit nonce.  ChaCha20 is described in [FORIETF].
>>>>
>>>> ChaCha20 is described in DJB's paper. RFC 7539 just repeats the definition
>>> with
>>>> more detail, examples and test vectors. Same for
>>>> Poly1305 in the next paragraph.
>>>
>>> ChaCha20 was originally described in DJB's paper.  There is still a complete
>>> description of the algorithm in [FORIETF].  Once could argue that it is a
>>> more complete description since it includes examples and test vectors.
>>>
>>>>
>>>> Section 3 describes how to use AEAD_CHACHA20_POLY1305 with
>>>> AuthEnvelopedData. The algorithm, as stated in section 1.1 has four
>>>> inputs: a 256-bit key, a 96-bit nonce, an arbitrary length plaintext, and
>>> an
>>>> arbitrary length additional authenticated data (AAD). The key is generated
>>> by
>>>> one of the methods in section 2 (Key Management); the nonce is generated
>>> by
>>>> the sender. The text requires that it be unique, but does not mandate of
>>> suggest
>>>> a way of doing this. This is fine. The plaintext according to section 3 is
>>> "the
>>>> content located in the AuthEnvelopedData EncryptedContentInfo
>>>> encryptedContent field". and the tag is stored in the AuthEnvelopedData
>>> mac
>>>> field.
>>>>
>>>> What's missing is the AAD. I could not find what goes into the AAD.
>>>> This is described in section 2.2 of RFC 5083, but it should be either
>>> repeated here
>>>> or referenced. It's jarring that the other inputs are described while this
>>> one is
>>>> omitted.
>>>
>>> That seems reasonable to add.
>>>
>>> Jim
>>>
>>>>
>>>> The Security Considerations section seems fine.
>>>>
>>>> Yoav
>>>>
>>>> _______________________________________________
>>>> Curdle mailing list
>>>> Curdle@ietf.org
>>>> https://www.ietf.org/mailman/listinfo/curdle
>>>
>>>
>>
>> _______________________________________________
>> Curdle mailing list
>> Curdle@ietf.org
>> https://www.ietf.org/mailman/listinfo/curdle
> 
> 
> 
> _______________________________________________
> Curdle mailing list
> Curdle@ietf.org
> https://www.ietf.org/mailman/listinfo/curdle
>

v2.23.0 | Report a Bug | By Email