Re: [saag] AD review of draft-iab-crypto-alg-agility-06

Peter Gutmann <pgut001@cs.auckland.ac.nz> Tue, 25 August 2015 15:26 UTC

Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 80C351B3507 for <saag@ietfa.amsl.com>; Tue, 25 Aug 2015 08:26:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id z7PDzbAfwN1U for <saag@ietfa.amsl.com>; Tue, 25 Aug 2015 08:26:38 -0700 (PDT)
Received: from mx4.auckland.ac.nz (mx4.auckland.ac.nz [130.216.125.248]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 41E661B34F4 for <saag@ietf.org>; Tue, 25 Aug 2015 08:26:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=auckland.ac.nz; i=@auckland.ac.nz; q=dns/txt; s=mail; t=1440516398; x=1472052398; h=from:to:subject:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version; bh=CXViOqMvxj+29zj/PXxnkgjdBA7PQum2SX4EKcAUh4E=; b=PYP0ezEgrZ8EDhzeFp3wiMA2bQ6nHP8u/Qj48W2PcngzyjMhk+aWqzCo mupNAN3xdoTsqjZpvOV96oN5p4I9DnGvMLrc0ihLVcS2PYUUho8WU+ZvS FzQaNHp45QTRnUtVwEJvLV7DNPj/rT0Njqln0P7WZlk+momUUdvsi0eY+ isenOw0wg9WCHuIyMiQqiswQ69N/T5HAM3lJdyTJ5sGayzmspvqHN6dmR qbsd7f6V78gAu4nF0gq4+FrLtpX2ZEr78IeuNad9id/t4GaqsWypg+bjc Hjh7knqGyeTAin+W+v/iYP7R+6y4kDDpgh7yfKK4A6dly0RpIqWZwlESi g==;
X-IronPort-AV: E=Sophos;i="5.15,746,1432555200"; d="scan'208";a="37612108"
X-Ironport-HAT: MAIL-SERVERS - $RELAYED
X-Ironport-Source: 130.216.4.125 - Outgoing - Outgoing
Received: from uxchange10-fe3.uoa.auckland.ac.nz ([130.216.4.125]) by mx4-int.auckland.ac.nz with ESMTP/TLS/AES128-SHA; 26 Aug 2015 03:26:36 +1200
Received: from UXCN10-5.UoA.auckland.ac.nz ([169.254.5.48]) by uxchange10-fe3.UoA.auckland.ac.nz ([169.254.143.234]) with mapi id 14.03.0174.001; Wed, 26 Aug 2015 03:26:36 +1200
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: "saag@ietf.org" <saag@ietf.org>
Thread-Topic: [saag] AD review of draft-iab-crypto-alg-agility-06
Thread-Index: AQHQ3qvbT9ZhMqG4SESDb9hHYel1Rp4a4U6AgAAA+wCAAAUHgIABabjA//+gh4CAAN1rEP//PI8AgADLuuI=
Date: Tue, 25 Aug 2015 15:26:35 +0000
Message-ID: <9A043F3CF02CD34C8E74AC1594475C73F4AE66D2@uxcn10-5.UoA.auckland.ac.nz>
References: <20150728013020.GO4347@mournblade.imrryr.org> <DM2PR0301MB0655CF099FA7C56E9B9D24A9A88D0@DM2PR0301MB0655.namprd03.prod.outlook.com> <20150728053035.GR4347@mournblade.imrryr.org> <CAHbuEH7B3_G9vAhw=U2tuz-Uh8mKMUfL6s=H+BOG96FDZaACig@mail.gmail.com> <20150824212907.GN9021@mournblade.imrryr.org> <619ffebb05ba4e2a9af03a6dcc768d6e@ustx2ex-dag1mb2.msg.corp.akamai.com> <20150824215037.GO9021@mournblade.imrryr.org> <9A043F3CF02CD34C8E74AC1594475C73F4AE62A1@uxcn10-5.UoA.auckland.ac.nz> <20150825134333.GX9021@mournblade.imrryr.org> <9A043F3CF02CD34C8E74AC1594475C73F4AE6693@uxcn10-5.UoA.auckland.ac.nz>, <20150825151632.GF9021@mournblade.imrryr.org>
In-Reply-To: <20150825151632.GF9021@mournblade.imrryr.org>
Accept-Language: en-NZ, en-GB, en-US
Content-Language: en-NZ
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [130.216.158.4]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/5LTzbHGc3BR_arOBhPDJLEsTueA>
Subject: Re: [saag] AD review of draft-iab-crypto-alg-agility-06
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 25 Aug 2015 15:26:40 -0000

Viktor Dukhovni <ietf-dane@dukhovni.org>; writes:

>I concur, but am a bit worried about low entropy at system build time.

Better to have at least low-entropy keys than no-entropy keys, which is the
alternative when users don't (or can't) generate keys themselves post-
install...

(The low-entropy issue is also largely a hypothetical one, in that people
worry about it without doing much measuring.  When I evaluated it, admittedly
many years ago, I found there was actually more entropy available after
something like a system restart because of all the nondeterminism introduced
by the boot process.  Same with provisioning embedded devices, if you generate
the keys externally on a high-entropy system when you're loading the firmware
onto a limited device you're getting better entropy than if you generated them
on-device.  In any case though, anything is better than fixed private keys,
which far too many systems use).

Peter.