Re: [dsfjdssdfsd] evaluating stuff (was: Re: Any plans for drafts or discussions on here?)

<ietf@hosed.org> Thu, 23 January 2014 16:06 UTC

Return-Path: <jon@hosed.org>
X-Original-To: dsfjdssdfsd@ietfa.amsl.com
Delivered-To: dsfjdssdfsd@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5671A1A0022 for <dsfjdssdfsd@ietfa.amsl.com>; Thu, 23 Jan 2014 08:06:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XzjFp2p_r6Xe for <dsfjdssdfsd@ietfa.amsl.com>; Thu, 23 Jan 2014 08:06:17 -0800 (PST)
Received: from firefly.encrypted.net (firefly.encrypted.net [72.13.81.186]) by ietfa.amsl.com (Postfix) with ESMTP id BBFF21A001B for <dsfjdssdfsd@ietf.org>; Thu, 23 Jan 2014 08:06:17 -0800 (PST)
Received: from firefly.encrypted.net (localhost [127.0.0.1]) by firefly.encrypted.net (Postfix) with ESMTP id 0D1F317091; Thu, 23 Jan 2014 08:06:17 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=hosed.org; s=default; t=1390493177; bh=CgBcbZMPLsLbOXZHYTVx+4XdVGHbYIKvXcNNIuMK0e0=; h=From:To:Cc:References:In-Reply-To:Subject:Date; b=k99sdRoGTxsJZfIKiwft4WlooclbHG/swk0/L3uXoMzTxTKEz20DjHJUmB/BZWwl8 lc3XVeOWJ+I+gMDtMpPC2mf3kLamtnAtqmH70/y1nqUVLePn7DxslylvOF1uroETUV w2ybjGCKzMVNrf/nH2npttiJTqtBsGVIUwS0r8yg=
X-Virus-Scanned: amavisd-new at encrypted.net
Received: from firefly.encrypted.net ([127.0.0.1]) by firefly.encrypted.net (firefly.encrypted.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hS6aUV7DQfYD; Thu, 23 Jan 2014 08:06:16 -0800 (PST)
Received: from jgreent410s (76-220-43-250.lightspeed.sntcca.sbcglobal.net [76.220.43.250]) by firefly.encrypted.net (Postfix) with ESMTPA id A0FE21708C; Thu, 23 Jan 2014 08:06:16 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=hosed.org; s=default; t=1390493176; bh=CgBcbZMPLsLbOXZHYTVx+4XdVGHbYIKvXcNNIuMK0e0=; h=From:To:Cc:References:In-Reply-To:Subject:Date; b=IUcONSBKf9Gd6aiI6MNrf9xLpUNPjseyRmUqQhk3C19NMQdNe4neFh3OEF1qCqQXA lZ5Zh5HLPfsTLjrRF7LCP0Hk1GzFN2/Uw14SrEiRNtXSVTGBIYO6AYW7PbMy/fCZma e8dLFxPfXPPJ2/9DyjzXMfPVoAEigbFcpAW7n4aY=
From: <ietf@hosed.org>
Sender: "Jon Green" <jon@hosed.org>
To: "'Stephen Farrell'" <stephen.farrell@cs.tcd.ie>
References: <52DD996F.3040708@cs.tcd.ie> <CAF4+nEHEWaSr3HMuGtQ=vQzuuhkTo2uNpedUTNgmT5NsWRsTfA@mail.gmail.com> <30316745-8091-46AD-95A1-407757489FF9@vpnc.org> <1737731959.20140122185149@gmail.com> <03f201cf17ee$e34ccbf0$a9e663d0$@hosed.org> <52E0E77E.5020800@cs.tcd.ie>
In-Reply-To:
Date: Thu, 23 Jan 2014 08:06:16 -0800
Message-ID: <04e701cf1855$0c2594b0$2470be10$@hosed.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQG3sdi2ZRq1Hpg6dXIL/pF6U42SYgGC9VecARNdWnIB1CvuGgLUDWy9AkHNKyYCxa4095pfFe4Q
Content-Language: en-us
Cc: dsfjdssdfsd@ietf.org
Subject: Re: [dsfjdssdfsd] evaluating stuff (was: Re: Any plans for drafts or discussions on here?)
X-BeenThere: dsfjdssdfsd@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "The dsfjdssdfsd list provides a venue for discussion of randomness in IETF protocols, for example related to updating RFC 4086." <dsfjdssdfsd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dsfjdssdfsd>, <mailto:dsfjdssdfsd-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dsfjdssdfsd/>
List-Post: <mailto:dsfjdssdfsd@ietf.org>
List-Help: <mailto:dsfjdssdfsd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dsfjdssdfsd>, <mailto:dsfjdssdfsd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Jan 2014 16:06:19 -0000

What I thought the topic was originally about was providing guidance to
developers on dealing with randomness, should they choose to do that.  My
point was only that there are valid reasons a developer might be forced to
deal with randomness rather than depend on the OS, and public-sector
certification is one such reason.

I know it sounds like paper pushing, but the people writing Common Criteria
profiles really are trying to get vendors to do the right thing.  They are
also open to feedback from the vendor and developer community, and within
the last year the CC community has started "technical communities" which are
open to participation from anyone - for just that purpose.  So if they are
doing the wrong thing, there is an opportunity to correct them.

In the case of entropy specifically, if you believe what is written here:
https://www.niap-ccevs.org/pp/pp_nd_v1.1-add3.pdf
...it has done some good.  By simply requiring vendors to think about the
problem, it got them to uncover deficiencies and make improvements.  BTW
this is a useful document to read to understand what the government folks
are going after when it comes to entropy.

But back to your question:

>So - how important is it that any new work in the IETF on
>this topic be consistent with a requirement for implementations
>to be evaluated via such schemes?

Not important.  The government certification people mandate that vendors
implement IETF standards, not the other way around.  Sometimes they pick
subsets - for example "Product SHALL implement TLS 1.2, but only with
specific ciphersuites (things based on various combinations of AES, RSA,
ECDSA, ECDHE, etc.)"  But no, I don't think we should let their requirements
drive standards activity.

-Jon


--
Jon Green
jon@hosed.org
http://www.hosed.org


-----Original Message-----
From: Stephen Farrell [mailto:stephen.farrell@cs.tcd.ie] 
Sent: Thursday, January 23, 2014 1:57 AM
To: ietf@hosed.org; 'Krisztián Pintér'
Cc: dsfjdssdfsd@ietf.org
Subject: evaluating stuff (was: Re: [dsfjdssdfsd] Any plans for drafts or
discussions on here?)


(Great to see the discussion re-started, but I guess we can
afford more than one subject line:-)

On 01/23/2014 03:54 AM, ietf@hosed.org wrote:
> Those of us who deal with FIPS 140 and Common Criteria are now being asked
> to document entropy sources,

First, my sympathies for having to deal with that.

But I do wonder to what extent we're finding such evaluations
really useful. I know they are formal form-filling requirements
in various contexts, but I'm not so sure I'm that comfortable
treating them as a first order requirement when it comes to
things we do in the IETF.

I have seen a number of credible arguments that such schemes,
as applied to crypto implementations, are actually counter-
productive.

So - how important is it that any new work in the IETF on
this topic be consistent with a requirement for implementations
to be evaluated via such schemes?

My take would be that that's not hugely important and should
lose out to "doing the right thing," but given that some folks
do need to suffer such evaluations, we should think about 'em
but treat any evaluation-scheme-specific requirements only as
nice-to-have level requirements.

I expect vendors who are forced into doing it might disagree
though.

S.