IETF Logo Mail Archive

Re: [saag] AD sponsoring draft-josefsson-scrypt-kdf

Simon Josefsson <simon@josefsson.org> Wed, 12 August 2015 22:39 UTC

Return-Path: <simon@josefsson.org>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 813B21A8798 for <saag@ietfa.amsl.com>; Wed, 12 Aug 2015 15:39:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.551
X-Spam-Level:
X-Spam-Status: No, score=-1.551 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_SE=0.35, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TkfJibT3qu0F for <saag@ietfa.amsl.com>; Wed, 12 Aug 2015 15:39:37 -0700 (PDT)
Received: from duva.sjd.se (duva.sjd.se [IPv6:2001:9b0:1:1702::100]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7A1DB1ACEDF for <saag@ietf.org>; Wed, 12 Aug 2015 15:39:37 -0700 (PDT)
Received: from latte.josefsson.org ([155.4.17.3]) (authenticated bits=0) by duva.sjd.se (8.14.4/8.14.4/Debian-4) with ESMTP id t7CMdJgh002760 (version=TLSv1/SSLv3 cipher=AES128-GCM-SHA256 bits=128 verify=NOT); Thu, 13 Aug 2015 00:39:20 +0200
From: Simon Josefsson <simon@josefsson.org>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
References: <559153E0.5050102@cs.tcd.ie> <55C932F6.7080203@cs.tcd.ie>
OpenPGP: id=54265E8C; url=http://josefsson.org/54265e8c.txt
X-Hashcash: 1:22:150812:saag@ietf.org::8Aa8Ny4CS+RFwjNu:Bian
X-Hashcash: 1:22:150812:stephen.farrell@cs.tcd.ie::BAWe745aS4Eq2TR8:8HGm
Date: Thu, 13 Aug 2015 00:39:18 +0200
In-Reply-To: <55C932F6.7080203@cs.tcd.ie> (Stephen Farrell's message of "Tue, 11 Aug 2015 00:25:42 +0100")
Message-ID: <87y4hg9lnt.fsf@latte.josefsson.org>
User-Agent: Gnus/5.130014 (Ma Gnus v0.14) Emacs/24.4 (gnu/linux)
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha256"; protocol="application/pgp-signature"
X-Virus-Scanned: clamav-milter 0.98.7 at duva.sjd.se
X-Virus-Status: Clean
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/4rB5bIzP_CoXcbGimSw7QYPFYxM>
Cc: "saag@ietf.org" <saag@ietf.org>
Subject: Re: [saag] AD sponsoring draft-josefsson-scrypt-kdf
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Aug 2015 22:39:42 -0000

Stephen Farrell <stephen.farrell@cs.tcd.ie> writes:

> With apologies to the author/shepherd, I forgot about this one;-(
>
> I'm going to start IETF last call now. My own comments below can
> be handled with any other last call comments.

Thank you!

The changes mentioned below are in this commit:
https://gitlab.com/jas/ietf-scrypt/commit/6f4f3335552528994ae326a4641b179d10a31e83#diff-1

> - intro: Maybe take a look at the intro to RFC7539. I think
> it does a good job of presenting the background (for a
> similar DJB production:-) so it might be worth seeing if
> there's anything you want to copy from that.

I have added some text inspired by this.

> - intro, para 1: some more references (or one ref to a
> survey paper) would be good

I suppose you mean references for the following?

DES-based UNIX Crypt-function,
FreeBSD MD5 crypt,
GNU SHA-256/512 crypt
Windows NT LAN Manager (NTLM) hash
Blowfish-based bcrypt

I can try to find some references.  Help appreciated on what a good
reference for these would be, the FreeBSD/GNU/NTLM are proprietary and
may lack a good specification.  I did not make any change yet.

> - intro, para 2: "as Bernstein pointed out" requires a
> reference

I dropped this.  His NFS circuit integer factorization paper was
folklore 10 years ago but less so today.

> - section 13: whassup with that? why isn't the usual IETF
> boilerplate ok?

You can't copy text from RFCs into FOSS code.  Section 13 gives reader
additional rights.  Similar boiler plate have been used in a couple of
RFCs already, and from what I understand is not in conflict with any
IETF procedures.

> - section 16: saying the reader "must" follow crypto
> research is silly as you cannot ensure readers will do that
> (and you know they won't:-). I think you mean that if you
> don't keep up to date then you might miss out when issues
> are found with this algorithm. If so, saying so would be
> better.

I tried to rephrase it -- improvements welcome.

> - 17: I'm not sure the RFC editor will like references that
> only point to http://cr.yp.to/ or tarsnap.com. If you have
> better citations in addition that'd be good.

As far as I know, Salsa20 was not published at any conference or
journal, so there may not be any better references.

For the scrypt paper, maybe the conference homepage is better?  Instead
of tarsnap.com the scrypt paper would then be linked to this page:

https://www.bsdcan.org/2009/schedule/track/Hacking/147.en.html

I did not make this change yet.

/Simon

v2.23.0 | Report a Bug | By Email