Re: [openpgp] Proposed Patch to RFC4880bis to reserve two public key numbers

"Derek Atkins" <derek@ihtfp.com> Thu, 07 July 2016 11:21 UTC

Return-Path: <derek@ihtfp.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A1D2D12D74A for <openpgp@ietfa.amsl.com>; Thu, 7 Jul 2016 04:21:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ihtfp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Z4KGAc92nIlt for <openpgp@ietfa.amsl.com>; Thu, 7 Jul 2016 04:21:47 -0700 (PDT)
Received: from mail2.ihtfp.org (MAIL2.IHTFP.ORG [204.107.200.7]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CB44D12D73F for <openpgp@ietf.org>; Thu, 7 Jul 2016 04:21:33 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail2.ihtfp.org (Postfix) with ESMTP id D4437E2043; Thu, 7 Jul 2016 07:21:31 -0400 (EDT)
Received: from mail2.ihtfp.org ([127.0.0.1]) by localhost (mail2.ihtfp.org [127.0.0.1]) (amavisd-maia, port 10024) with ESMTP id 14487-07; Thu, 7 Jul 2016 07:21:28 -0400 (EDT)
Received: by mail2.ihtfp.org (Postfix, from userid 48) id 97F65E2042; Thu, 7 Jul 2016 07:21:28 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ihtfp.com; s=default; t=1467890488; bh=PKXPHxgx3uamK1ygudROFF+veRNnkYoIqC5qaMvVh1Q=; h=In-Reply-To:References:Date:Subject:From:To:Cc; b=NnCjKnh1ixE+WSb5QIxBHLVKU+OnsIMUMQk5JvhX+PCGlZvrrLOWHs2yweaR9iTDA BdUZO4dYk3Oq/P/YLQE56ZWOa38Aey0J7tCO+WuzJt7lJIefJER2Vnuwl2Ryn8D1N7 2Ubmi4GO3pkEq9vScIwLq/cUJwmpS9eswFlrAMBw=
Received: from 192.168.248.159 (SquirrelMail authenticated user warlord) by mail2.ihtfp.org with HTTP; Thu, 7 Jul 2016 07:21:28 -0400
Message-ID: <ebf6638c5749b3d4b6a971f2191f67d5.squirrel@mail2.ihtfp.org>
In-Reply-To: <577E1F99.9050000@cs.tcd.ie>
References: <sjmfuuoymp8.fsf@securerf.ihtfp.org> <sjmr3b6pceb.fsf@securerf.ihtfp.org> <87vb0iotil.fsf@wheatstone.g10code.de> <577E1F99.9050000@cs.tcd.ie>
Date: Thu, 7 Jul 2016 07:21:28 -0400
From: "Derek Atkins" <derek@ihtfp.com>
To: "Stephen Farrell" <stephen.farrell@cs.tcd.ie>
User-Agent: SquirrelMail/1.4.22-14.fc20
MIME-Version: 1.0
Content-Type: text/plain;charset=utf-8
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
X-Virus-Scanned: Maia Mailguard 1.0.2a
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/7NuIjLnKmgpZZTI89PG8BotHlvU>
Cc: openpgp@ietf.org, Derek Atkins <derek@ihtfp.com>
Subject: Re: [openpgp] Proposed Patch to RFC4880bis to reserve two public key numbers
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Jul 2016 11:21:49 -0000

Hi,

On Thu, July 7, 2016 5:23 am, Stephen Farrell wrote:
[snip]
>
> I forget if this cfrg posting [1] on AE was made visible here
> or not. Apologies if this is repetitive but that posting from
> Kenny Paterson on 20151113 seems quite relevant as it says:
>
> "
> My colleague Simon Blackburn and his collaborators have just
> published an attack on the Algebraic Eraser scheme, breaking the
> scheme at the designers' claimed 128-bit security level. Their
> attack recovers the shared key using 8 CPU hours and 64MB of
> memory. Their paper is here:
>
>    http://arxiv.org/abs/1511.03870

And there was a paper published in response to this:

http://arxiv.org/abs/1601.04780

> With no hats, I'd be against adding an algorithm, even as an
> option, if there are current serious questions about it's real
> security level. I do get the arguments for and against, but in
> such cases am against adding codepoints where there is no way
> to flag the codepoint as "likely dangerous" or some other
> similarly negative/scary warning. And while it's good to go to
> the effort to deprecate old codepoints that are now likely
> dangerous, I don't see that it's a good idea to add new ones
> "born" in that state.

Note again that it's just reserving the number; it's completely
underspecified.

[snip]

> Putting my AD hat back on: if the WG do reach consensus to
> add such codepoints, then when it comes time to publish, I'll
> be looking back to the list to ensure that consensus was very
> clear on the list. For the AE ones, that's clearly happening
> via this thread which is fine process-wise, assuming more folks
> opine and the chairs declare consensus. I'm just noting that
> so we ensure the same clarify if there are other similarly
> contentious codepoint requests in order to avoid having to
> revisit stuff at publication time.

Frankly, we are already using code point 23 in production. I grabbed that
point years ago when I wrote the original I-D and posted it here (in
coordination with Werner, who grabbed 22 for EdDSA), well before this WG
reopened.  I doubt there will be a large contingent looking to implement
it, which is fine.  But I'd like to make sure nobody else uses that code
point.

-derek
-- 
       Derek Atkins                 617-623-3745
       derek@ihtfp.com             www.ihtfp.com
       Computer and Internet Security Consultant