Re: [Curdle] Review of draft-ietf-curdle-cms-chacha20-poly1305-04
Stephen Farrell <stephen.farrell@cs.tcd.ie> Fri, 06 January 2017 16:12 UTC
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 27B0A129B7C; Fri, 6 Jan 2017 08:12:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.401
X-Spam-Level:
X-Spam-Status: No, score=-7.401 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-3.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9dGck7OGpbj6; Fri, 6 Jan 2017 08:12:51 -0800 (PST)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A72FC129B4F; Fri, 6 Jan 2017 08:12:51 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id BA5DEBE77; Fri, 6 Jan 2017 16:12:49 +0000 (GMT)
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jI4kpVpU9OgG; Fri, 6 Jan 2017 16:12:49 +0000 (GMT)
Received: from [134.226.36.93] (bilbo.dsg.cs.tcd.ie [134.226.36.93]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id CFE63BE80; Fri, 6 Jan 2017 16:12:48 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1483719169; bh=dy7VA9m5q/UpcmshCopVcp/W/CcOrPkBKnKg0Yr3mE8=; h=Subject:To:References:Cc:From:Date:In-Reply-To:From; b=V1f28R7+3OO46/uX7dvH8YbB8gxq2TV7iI2+Y+f1VpUJ2W8rYUWp2aUHoWJzAs+0t G+4yhtGhV7r29L/pYkm12sKSvjTzQ812dJFS+m6LDQZJ1aX5GTdjffgIjRCWjF4kZR aTV+MtecnQ20VbNVf4ZodCwcc/yuf4KMXvx1br0w=
To: Russ Housley <housley@vigilsec.com>
References: <148146205925.29990.2056127161677925002.idtracker@ietfa.amsl.com> <0e1501d254c4$b542c1e0$1fc845a0$@augustcellars.com> <d150c80b-ca11-af48-a6bb-87e4604499d7@cs.tcd.ie> <D526B8BE-8B01-4AC2-BAE5-08567EA27142@vigilsec.com>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Openpgp: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url=
Message-ID: <fbd47956-cb8b-1f60-29af-c6cef565a972@cs.tcd.ie>
Date: Fri, 06 Jan 2017 16:12:48 +0000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.5.1
MIME-Version: 1.0
In-Reply-To: <D526B8BE-8B01-4AC2-BAE5-08567EA27142@vigilsec.com>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="------------ms010102040902050601080601"
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/6AeFo7p3pg3H8O28GO--ipcQes8>
Cc: Jim Schaad <ietf@augustcellars.com>, draft-ietf-curdle-cms-chacha20-poly1305.all@ietf.org, curdle@ietf.org, Yoav Nir <ynir.ietf@gmail.com>
Subject: Re: [Curdle] Review of draft-ietf-curdle-cms-chacha20-poly1305-04
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Jan 2017 16:12:54 -0000
Excellent, I'll put it on the Jan 19th agenda. Thanks for the quick turnaround, S On 06/01/17 16:12, Russ Housley wrote: > Stephen: > > I had already tackled Yoav’s comments in my working copy. I just did one of the comments from the OPS Dir review. The other was moot because the paragraph was rewritten to resolve Yoav’s comments. > > Russ > > > On Jan 6, 2017, at 10:54 AM, Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote: > >> >> Hiya, >> >> I think we've one change pending from Yoav's review. There >> were also some nits from the opsdir review [1] posted over >> the holidays. >> >> Do we think we can have an update with those fixes in the >> next week? If so, I'll put this on the Jan 19th telechat >> for approval. (If it's somehow easier for these changes to >> be done as an RFC editor note, that's fine too - just >> send me the text for that.) >> >> Thanks, >> S. >> >> [1] >> https://datatracker.ietf.org/doc/review-ietf-curdle-cms-chacha20-poly1305-04-opsdir-lc-comstedt-2016-12-24/ >> >> On 12/12/16 22:11, Jim Schaad wrote: >>> >>> >>>> -----Original Message----- >>>> From: Curdle [mailto:curdle-bounces@ietf.org] On Behalf Of Yoav Nir >>>> Sent: Sunday, December 11, 2016 5:14 AM >>>> To: secdir@ietf.org >>>> Cc: curdle@ietf.org; draft-ietf-curdle-cms-chacha20-poly1305.all@ietf.org; >>>> ietf@ietf.org >>>> Subject: [Curdle] Review of draft-ietf-curdle-cms-chacha20-poly1305-04 >>>> >>>> Reviewer: Yoav Nir >>>> Review result: Has Nits >>>> >>>> Hi, >>>> >>>> I have reviewed this document as part of the security directorate's >>> ongoing >>>> effort to review all IETF documents being processed by the IESG. These >>>> comments were written primarily for the benefit of the security area >>> directors. >>>> Document editors and WG chairs should treat these comments just like any >>>> other last call comments. >>>> >>>> Summary: Ready with nits. >>>> >>>> Introduction >>>> ChaCha20 is the 20-round variant of ChaCha; it requires a 256-bit key >>>> and a 96-bit nonce. ChaCha20 is described in [FORIETF]. >>>> >>>> ChaCha20 is described in DJB's paper. RFC 7539 just repeats the definition >>> with >>>> more detail, examples and test vectors. Same for >>>> Poly1305 in the next paragraph. >>> >>> ChaCha20 was originally described in DJB's paper. There is still a complete >>> description of the algorithm in [FORIETF]. Once could argue that it is a >>> more complete description since it includes examples and test vectors. >>> >>>> >>>> Section 3 describes how to use AEAD_CHACHA20_POLY1305 with >>>> AuthEnvelopedData. The algorithm, as stated in section 1.1 has four >>>> inputs: a 256-bit key, a 96-bit nonce, an arbitrary length plaintext, and >>> an >>>> arbitrary length additional authenticated data (AAD). The key is generated >>> by >>>> one of the methods in section 2 (Key Management); the nonce is generated >>> by >>>> the sender. The text requires that it be unique, but does not mandate of >>> suggest >>>> a way of doing this. This is fine. The plaintext according to section 3 is >>> "the >>>> content located in the AuthEnvelopedData EncryptedContentInfo >>>> encryptedContent field". and the tag is stored in the AuthEnvelopedData >>> mac >>>> field. >>>> >>>> What's missing is the AAD. I could not find what goes into the AAD. >>>> This is described in section 2.2 of RFC 5083, but it should be either >>> repeated here >>>> or referenced. It's jarring that the other inputs are described while this >>> one is >>>> omitted. >>> >>> That seems reasonable to add. >>> >>> Jim >>> >>>> >>>> The Security Considerations section seems fine. >>>> >>>> Yoav >>>> >>>> _______________________________________________ >>>> Curdle mailing list >>>> Curdle@ietf.org >>>> https://www.ietf.org/mailman/listinfo/curdle >>> >>> >> >> _______________________________________________ >> Curdle mailing list >> Curdle@ietf.org >> https://www.ietf.org/mailman/listinfo/curdle > > > > _______________________________________________ > Curdle mailing list > Curdle@ietf.org > https://www.ietf.org/mailman/listinfo/curdle >
- [Curdle] Review of draft-ietf-curdle-cms-chacha20… Yoav Nir
- Re: [Curdle] Review of draft-ietf-curdle-cms-chac… Russ Housley
- Re: [Curdle] Review of draft-ietf-curdle-cms-chac… Jim Schaad
- Re: [Curdle] Review of draft-ietf-curdle-cms-chac… Stephen Farrell
- Re: [Curdle] Review of draft-ietf-curdle-cms-chac… Russ Housley
- Re: [Curdle] Review of draft-ietf-curdle-cms-chac… Stephen Farrell