IETF Logo Mail Archive

Re: [Gen-art] Gen-ART Last Call review of draft-iab-crypto-alg-agility-07.txt

Stephen Farrell <stephen.farrell@cs.tcd.ie> Wed, 02 September 2015 20:48 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: gen-art@ietfa.amsl.com
Delivered-To: gen-art@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 055901B4322; Wed, 2 Sep 2015 13:48:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.311
X-Spam-Level:
X-Spam-Status: No, score=-4.311 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wUEbi4yzed81; Wed, 2 Sep 2015 13:48:07 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E6EC21B42E7; Wed, 2 Sep 2015 13:48:06 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id CD3B5BE47; Wed, 2 Sep 2015 21:48:04 +0100 (IST)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EwlFpaNbYWBO; Wed, 2 Sep 2015 21:48:03 +0100 (IST)
Received: from [10.87.48.73] (unknown [86.42.21.56]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 8F1EBBE53; Wed, 2 Sep 2015 21:48:02 +0100 (IST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1441226882; bh=qZytqac0H1hp5HsyFtK8XgUiyK0zURE8jBd+IlFMVuk=; h=Subject:To:References:Cc:From:Date:In-Reply-To:From; b=FePCDqbhBAm9YbuPzr3fJCiZjpIYBlXtYCSBwALACeR8nFCegOylzKc1IMM4aUJRf NkRJHmQUEgJpG6cP+41aC8Xb4o22YrUDs2VVDLzqbnBhP7sc+pmk//YKlr84EY44k7 qqSYLQuevgEmVwTjhfEniEuALB2LmlaphiCqzxZs=
To: Jari Arkko <jari.arkko@piuha.net>, Suresh Krishnan <suresh.krishnan@ericsson.com>
References: <E87B771635882B4BA20096B589152EF63A8C9181@eusaamb107.ericsson.se> <B3AB6849-3274-423D-B508-34B93E0B4A1C@vigilsec.com> <E87B771635882B4BA20096B589152EF63A8EBB57@eusaamb107.ericsson.se> <E5D74485-1ABD-4E6E-A86A-A8C72649EAB3@piuha.net>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Openpgp: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url=
Message-ID: <55E76081.4040007@cs.tcd.ie>
Date: Wed, 02 Sep 2015 21:48:01 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.2.0
MIME-Version: 1.0
In-Reply-To: <E5D74485-1ABD-4E6E-A86A-A8C72649EAB3@piuha.net>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="bvolACD3JXcAquHkr5HTp11cn26oW4065"
Archived-At: <http://mailarchive.ietf.org/arch/msg/gen-art/BxqnyQi7oJ8wJennz5P1_Gli0z8>
Cc: "draft-iab-crypto-alg-agility.all@ietf.org" <draft-iab-crypto-alg-agility.all@ietf.org>, General Area Review Team <gen-art@ietf.org>
Subject: Re: [Gen-art] Gen-ART Last Call review of draft-iab-crypto-alg-agility-07.txt
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/gen-art/>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Sep 2015 20:48:10 -0000

Russ and Suresh have a discussion going on, that I think is almost
resolved. In any case I'll make sure that stuff is handled before
we send to RFC editor. (There are a couple of other threads that'll
result in minor changes too.)

Cheers,
S.

On 02/09/15 20:04, Jari Arkko wrote:
> Suresh, thanks for the review again! Russ, Suresh had some further questions. I’d like to deal with them before the draft gets finally approved, which might happen tomorrow.
> 
> Jari
> 
> On 02 Sep 2015, at 06:40, Suresh Krishnan <suresh.krishnan@ericsson.com> wrote:
> 
>> Hi Russ,
>>   Thanks for addressing the comments. Your suggested changes look good.
>> I have one clarification and one additional text change request inline.
>>
>> On 09/01/2015 07:41 PM, Russ Housley wrote:
>>> Suresh:
>>>
>>> Thanks for the review.
>>>
>>>> Summary: The draft is almost ready for publication as a BCP but I do
>>>> have some comments you may wish to address.
>>>>
>>>> Minor
>>>> =====
>>>>
>>>> * Section 1
>>>>
>>>> Not sure what becomes more feasible in this sentence. I am assuming that
>>>> it is an attack becoming more feasible. If so, suggest rewording to
>>>> something like.
>>>>
>>>> OLD:
>>>>
>>>> As new cryptanalysis techniques are developed and computing capabilities
>>>> improve, the work factor to break a particular cryptographic algorithm
>>>> will reduce, becoming more feasible for more attackers.
>>>>
>>>> NEW:
>>>>
>>>> As new cryptanalysis techniques are developed and computing capabilities
>>>> improve, the work factor to break a particular cryptographic algorithm
>>>> will reduce, thus making it more susceptible to attackers.
>>>
>>> Does this resolve your concern?  I have provided the whole paragraph because it pulls in some discussion from the SAAG list as well.
>>>
>>>    Cryptographic algorithms age; they become weaker with time.  As new
>>>    cryptanalysis techniques are developed and computing capabilities
>>>    improve, the work required to break a particular cryptographic
>>>    algorithm will reduce, making an attack on the algorithm more
>>>    feasible for more attackers.  While it is unknown how cryptoanalytic
>>>    attacks will evolve, it is certain that they will get better.  It is
>>>    unknown how much better they will become, or when the advances will
>>>    happen.  Advances in computing power available to the attacker will
>>>    eventually make any algorithm obsolete.  For this reason, protocols
>>>    need mechanisms to migrate from one algorithm suite to another over
>>>    time.
>>
>> Sounds good.
>>
>>>
>>>> * Section 2.6
>>>>
>>>> Would it be useful to put in a recommendation here to use strongest
>>>> possible algorithms/suites and longest possible keys for such long lived
>>>> trust anchor certificates?
>>>
>>> I thought about that, but I was concerned that we would see silly key sizes.  I am aware of an attack that was mounted against a very well known site where the attacker provided bogus certificates that were signed with public keys that were 50,000+ bits long.  The attacker sent these over and over, until each of the servers in the data center were dong nothing but public key operations.  There were two fixes.  First, put a limit on the key size.  Second, validate the certificate before doing any operations with the embedded public key.  So, your suggestion is in violation to one part of the fix.
>>>
>>> For performance, you want keys that are long enough to be safe and secure, perhaps with some margin, but not overkill.  I hope Section 2.7 already makes this point.
>>
>> Makes sense.
>>
>>>
>>>> * Section 3.4
>>>>
>>>> The default server or
>>>>    responder configuration SHOULD disable such algorithms
>>>
>>> I do not understand this comment.
>>
>> This text seems to be at odds with the earlier statement that
>>
>> "Some nations specify cryptographic algorithms, and then require their
>> use through legislation or regulations"
>>
>> It would be nice to clarify.
>>
>>>
>>>> * Security considerations
>>>>
>>>> The reference to RFC5166 seems to be wrong and talks about evaluation of
>>>> congestion control mechanisms. Just randomly searching through the RFC
>>>> index led to me to RFC5116 that seems to be about authentication
>>>> encryption algorithms. If this is the correct reference, it needs to be
>>>> fixed in both this section and in the references section.
>>>
>>> Oops.  It should reference RFC 5116.
>>
>> Great.
>>
>>>
>>>
>>>> Editorial
>>>> =========
>>>>
>>>> * The document is missing a Table of contents. The ID guidelines
>>>> recommends a Table of Contents for drafts that are longer than 15 pages.
>>>
>>> I added a Table of Contents.
>>>
>>>> * Section 1
>>>>
>>>> s/one or more algorithm identifier/one or more algorithm identifiers/
>>>
>>> Fixed.
>>
>> OK.
>>
>>>
>>>> * Section 2
>>>>
>>>> OLD:
>>>> one or more algorithm or suite identifier
>>>>
>>>> NEW:
>>>> one or more algorithm or suite identifiers
>>>
>>> If you are talking about Section 2.1, this has been rewritten based on another comment:
>>>
>>>    IETF protocols that make use of cryptographic algorithms MUST support
>>>    one or more algorithm or suite.  The protocol MUST include a
>>>    mechanism to identify the algorithm or suite that is being used.
>>
>> s/one or more algorithm or suite/one or more algorithms or suites/
>>
>>>
>>>> * Section 2.2
>>>>
>>>> OLD:
>>>> one or more strong mandatory-to-implement algorithm or suite
>>>>
>>>> NEW:
>>>> one or more strong mandatory-to-implement algorithm or suites
>>>
>>> Fixed.
>>
>> OK.
>>
>>>
>>>> * Section 3.1
>>>>
>>>> s/The IETF has alway/The IETF has always/
>>>
>>> Fixed.
>>
>> OK.
>>
>>>
>>>> s/as well as meeting/and should also meet/
>>>
>>> How about:
>>>
>>>    The selected
>>>    algorithms need to be resistant to side-channel attacks and also meet
>>>    the performance, power, and code size requirements on a wide variety
>>>    of platforms.
>>
>> Great.
>>
>>>
>>>
>>>> s/depending of the population/depending on the population/
>>>
>>> Fixed.
>>
>> Great.
>>
>> Thanks
>> Suresh
>>
>>
>> _______________________________________________
>> Gen-art mailing list
>> Gen-art@ietf.org
>> https://www.ietf.org/mailman/listinfo/gen-art
>

v2.23.0 | Report a Bug | By Email