Re: [Curdle] Review of draft-ietf-curdle-cms-chacha20-poly1305-04
Russ Housley <housley@vigilsec.com> Fri, 06 January 2017 16:12 UTC
Return-Path: <housley@vigilsec.com>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6C16A129B87 for <curdle@ietfa.amsl.com>; Fri, 6 Jan 2017 08:12:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EPUhnSMm3Gs2 for <curdle@ietfa.amsl.com>; Fri, 6 Jan 2017 08:12:10 -0800 (PST)
Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7EE7D129B7C for <curdle@ietf.org>; Fri, 6 Jan 2017 08:12:10 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id 4E29130042D for <curdle@ietf.org>; Fri, 6 Jan 2017 11:01:54 -0500 (EST)
X-Virus-Scanned: amavisd-new at mail.smeinc.net
Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id qHmCC2x8qkU7 for <curdle@ietf.org>; Fri, 6 Jan 2017 11:01:51 -0500 (EST)
Received: from [192.168.2.100] (pool-108-45-101-150.washdc.fios.verizon.net [108.45.101.150]) by mail.smeinc.net (Postfix) with ESMTPSA id 088D230024F; Fri, 6 Jan 2017 11:01:50 -0500 (EST)
Content-Type: multipart/signed; boundary="Apple-Mail=_10292ECF-25D9-4CC9-B15D-5BD47434407A"; protocol="application/pkcs7-signature"; micalg="sha1"
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
From: Russ Housley <housley@vigilsec.com>
In-Reply-To: <d150c80b-ca11-af48-a6bb-87e4604499d7@cs.tcd.ie>
Date: Fri, 06 Jan 2017 11:12:04 -0500
Message-Id: <D526B8BE-8B01-4AC2-BAE5-08567EA27142@vigilsec.com>
References: <148146205925.29990.2056127161677925002.idtracker@ietfa.amsl.com> <0e1501d254c4$b542c1e0$1fc845a0$@augustcellars.com> <d150c80b-ca11-af48-a6bb-87e4604499d7@cs.tcd.ie>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
X-Mailer: Apple Mail (2.1878.6)
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/hsvLbq9YN07tMVtJySX6tvy13ik>
Cc: Jim Schaad <ietf@augustcellars.com>, draft-ietf-curdle-cms-chacha20-poly1305.all@ietf.org, curdle@ietf.org, Yoav Nir <ynir.ietf@gmail.com>
Subject: Re: [Curdle] Review of draft-ietf-curdle-cms-chacha20-poly1305-04
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Jan 2017 16:12:12 -0000
Stephen: I had already tackled Yoav’s comments in my working copy. I just did one of the comments from the OPS Dir review. The other was moot because the paragraph was rewritten to resolve Yoav’s comments. Russ On Jan 6, 2017, at 10:54 AM, Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote: > > Hiya, > > I think we've one change pending from Yoav's review. There > were also some nits from the opsdir review [1] posted over > the holidays. > > Do we think we can have an update with those fixes in the > next week? If so, I'll put this on the Jan 19th telechat > for approval. (If it's somehow easier for these changes to > be done as an RFC editor note, that's fine too - just > send me the text for that.) > > Thanks, > S. > > [1] > https://datatracker.ietf.org/doc/review-ietf-curdle-cms-chacha20-poly1305-04-opsdir-lc-comstedt-2016-12-24/ > > On 12/12/16 22:11, Jim Schaad wrote: >> >> >>> -----Original Message----- >>> From: Curdle [mailto:curdle-bounces@ietf.org] On Behalf Of Yoav Nir >>> Sent: Sunday, December 11, 2016 5:14 AM >>> To: secdir@ietf.org >>> Cc: curdle@ietf.org; draft-ietf-curdle-cms-chacha20-poly1305.all@ietf.org; >>> ietf@ietf.org >>> Subject: [Curdle] Review of draft-ietf-curdle-cms-chacha20-poly1305-04 >>> >>> Reviewer: Yoav Nir >>> Review result: Has Nits >>> >>> Hi, >>> >>> I have reviewed this document as part of the security directorate's >> ongoing >>> effort to review all IETF documents being processed by the IESG. These >>> comments were written primarily for the benefit of the security area >> directors. >>> Document editors and WG chairs should treat these comments just like any >>> other last call comments. >>> >>> Summary: Ready with nits. >>> >>> Introduction >>> ChaCha20 is the 20-round variant of ChaCha; it requires a 256-bit key >>> and a 96-bit nonce. ChaCha20 is described in [FORIETF]. >>> >>> ChaCha20 is described in DJB's paper. RFC 7539 just repeats the definition >> with >>> more detail, examples and test vectors. Same for >>> Poly1305 in the next paragraph. >> >> ChaCha20 was originally described in DJB's paper. There is still a complete >> description of the algorithm in [FORIETF]. Once could argue that it is a >> more complete description since it includes examples and test vectors. >> >>> >>> Section 3 describes how to use AEAD_CHACHA20_POLY1305 with >>> AuthEnvelopedData. The algorithm, as stated in section 1.1 has four >>> inputs: a 256-bit key, a 96-bit nonce, an arbitrary length plaintext, and >> an >>> arbitrary length additional authenticated data (AAD). The key is generated >> by >>> one of the methods in section 2 (Key Management); the nonce is generated >> by >>> the sender. The text requires that it be unique, but does not mandate of >> suggest >>> a way of doing this. This is fine. The plaintext according to section 3 is >> "the >>> content located in the AuthEnvelopedData EncryptedContentInfo >>> encryptedContent field". and the tag is stored in the AuthEnvelopedData >> mac >>> field. >>> >>> What's missing is the AAD. I could not find what goes into the AAD. >>> This is described in section 2.2 of RFC 5083, but it should be either >> repeated here >>> or referenced. It's jarring that the other inputs are described while this >> one is >>> omitted. >> >> That seems reasonable to add. >> >> Jim >> >>> >>> The Security Considerations section seems fine. >>> >>> Yoav >>> >>> _______________________________________________ >>> Curdle mailing list >>> Curdle@ietf.org >>> https://www.ietf.org/mailman/listinfo/curdle >> >> > > _______________________________________________ > Curdle mailing list > Curdle@ietf.org > https://www.ietf.org/mailman/listinfo/curdle
- [Curdle] Review of draft-ietf-curdle-cms-chacha20… Yoav Nir
- Re: [Curdle] Review of draft-ietf-curdle-cms-chac… Russ Housley
- Re: [Curdle] Review of draft-ietf-curdle-cms-chac… Jim Schaad
- Re: [Curdle] Review of draft-ietf-curdle-cms-chac… Stephen Farrell
- Re: [Curdle] Review of draft-ietf-curdle-cms-chac… Russ Housley
- Re: [Curdle] Review of draft-ietf-curdle-cms-chac… Stephen Farrell