Re: [Curdle] Review of draft-ietf-curdle-cms-chacha20-poly1305-04
Stephen Farrell <stephen.farrell@cs.tcd.ie> Fri, 06 January 2017 15:54 UTC
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C93BE129459; Fri, 6 Jan 2017 07:54:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.401
X-Spam-Level:
X-Spam-Status: No, score=-7.401 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-3.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qPpsaoXsxCQO; Fri, 6 Jan 2017 07:54:07 -0800 (PST)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B2EFD12956C; Fri, 6 Jan 2017 07:54:07 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 1ABAEBE73; Fri, 6 Jan 2017 15:54:05 +0000 (GMT)
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hFAQtOwPAWcn; Fri, 6 Jan 2017 15:54:04 +0000 (GMT)
Received: from [134.226.36.93] (bilbo.dsg.cs.tcd.ie [134.226.36.93]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 71DBBBE5D; Fri, 6 Jan 2017 15:54:04 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1483718044; bh=F4RhEzymLATOSHZOsSjHt41y9jADaiEx3CErEughI3k=; h=Subject:To:References:Cc:From:Date:In-Reply-To:From; b=IW/0NSsHHZYN4LIg8hhstj4KInZ6Cz3pZiPdDOypXSN7inJ55hR2cmsEIcvb8FtHh 86lDjhWbFNhdkWW5wrL+GNox6AJoIqLkmbOcoLxubZhqgkEnf5/gwmHOh3jQ+8ZoUk aQUgYVf0k+sVy7J2vUCAMtnXIKsrTatjwlsH2KBI=
To: 'Yoav Nir' <ynir.ietf@gmail.com>, draft-ietf-curdle-cms-chacha20-poly1305.all@ietf.org
References: <148146205925.29990.2056127161677925002.idtracker@ietfa.amsl.com> <0e1501d254c4$b542c1e0$1fc845a0$@augustcellars.com>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Openpgp: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url=
Message-ID: <d150c80b-ca11-af48-a6bb-87e4604499d7@cs.tcd.ie>
Date: Fri, 06 Jan 2017 15:54:04 +0000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.5.1
MIME-Version: 1.0
In-Reply-To: <0e1501d254c4$b542c1e0$1fc845a0$@augustcellars.com>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="------------ms030800090004090405050901"
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/MyiMSDcz727ufeOOxz6CYY33Dv4>
Cc: Jim Schaad <ietf@augustcellars.com>, curdle@ietf.org
Subject: Re: [Curdle] Review of draft-ietf-curdle-cms-chacha20-poly1305-04
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Jan 2017 15:54:10 -0000
Hiya, I think we've one change pending from Yoav's review. There were also some nits from the opsdir review [1] posted over the holidays. Do we think we can have an update with those fixes in the next week? If so, I'll put this on the Jan 19th telechat for approval. (If it's somehow easier for these changes to be done as an RFC editor note, that's fine too - just send me the text for that.) Thanks, S. [1] https://datatracker.ietf.org/doc/review-ietf-curdle-cms-chacha20-poly1305-04-opsdir-lc-comstedt-2016-12-24/ On 12/12/16 22:11, Jim Schaad wrote: > > >> -----Original Message----- >> From: Curdle [mailto:curdle-bounces@ietf.org] On Behalf Of Yoav Nir >> Sent: Sunday, December 11, 2016 5:14 AM >> To: secdir@ietf.org >> Cc: curdle@ietf.org; draft-ietf-curdle-cms-chacha20-poly1305.all@ietf.org; >> ietf@ietf.org >> Subject: [Curdle] Review of draft-ietf-curdle-cms-chacha20-poly1305-04 >> >> Reviewer: Yoav Nir >> Review result: Has Nits >> >> Hi, >> >> I have reviewed this document as part of the security directorate's > ongoing >> effort to review all IETF documents being processed by the IESG. These >> comments were written primarily for the benefit of the security area > directors. >> Document editors and WG chairs should treat these comments just like any >> other last call comments. >> >> Summary: Ready with nits. >> >> Introduction >> ChaCha20 is the 20-round variant of ChaCha; it requires a 256-bit key >> and a 96-bit nonce. ChaCha20 is described in [FORIETF]. >> >> ChaCha20 is described in DJB's paper. RFC 7539 just repeats the definition > with >> more detail, examples and test vectors. Same for >> Poly1305 in the next paragraph. > > ChaCha20 was originally described in DJB's paper. There is still a complete > description of the algorithm in [FORIETF]. Once could argue that it is a > more complete description since it includes examples and test vectors. > >> >> Section 3 describes how to use AEAD_CHACHA20_POLY1305 with >> AuthEnvelopedData. The algorithm, as stated in section 1.1 has four >> inputs: a 256-bit key, a 96-bit nonce, an arbitrary length plaintext, and > an >> arbitrary length additional authenticated data (AAD). The key is generated > by >> one of the methods in section 2 (Key Management); the nonce is generated > by >> the sender. The text requires that it be unique, but does not mandate of > suggest >> a way of doing this. This is fine. The plaintext according to section 3 is > "the >> content located in the AuthEnvelopedData EncryptedContentInfo >> encryptedContent field". and the tag is stored in the AuthEnvelopedData > mac >> field. >> >> What's missing is the AAD. I could not find what goes into the AAD. >> This is described in section 2.2 of RFC 5083, but it should be either > repeated here >> or referenced. It's jarring that the other inputs are described while this > one is >> omitted. > > That seems reasonable to add. > > Jim > >> >> The Security Considerations section seems fine. >> >> Yoav >> >> _______________________________________________ >> Curdle mailing list >> Curdle@ietf.org >> https://www.ietf.org/mailman/listinfo/curdle > >
- [Curdle] Review of draft-ietf-curdle-cms-chacha20… Yoav Nir
- Re: [Curdle] Review of draft-ietf-curdle-cms-chac… Russ Housley
- Re: [Curdle] Review of draft-ietf-curdle-cms-chac… Jim Schaad
- Re: [Curdle] Review of draft-ietf-curdle-cms-chac… Stephen Farrell
- Re: [Curdle] Review of draft-ietf-curdle-cms-chac… Russ Housley
- Re: [Curdle] Review of draft-ietf-curdle-cms-chac… Stephen Farrell