IETF Logo Mail Archive

Re: [saag] A case against algorithm agility (long)

ianG <iang@iang.org> Mon, 05 May 2014 18:57 UTC

Return-Path: <iang@iang.org>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6C0341A0469 for <saag@ietfa.amsl.com>; Mon, 5 May 2014 11:57:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Pllo9EDT9cZ7 for <saag@ietfa.amsl.com>; Mon, 5 May 2014 11:57:45 -0700 (PDT)
Received: from virulha.pair.com (virulha.pair.com [209.68.5.166]) by ietfa.amsl.com (Postfix) with ESMTP id 372971A045B for <saag@ietf.org>; Mon, 5 May 2014 11:57:45 -0700 (PDT)
Received: from tormenta.local (iang.org [209.197.106.187]) by virulha.pair.com (Postfix) with ESMTPSA id 449146D5A6; Mon, 5 May 2014 14:57:38 -0400 (EDT)
Message-ID: <5367DF22.6010003@iang.org>
Date: Mon, 05 May 2014 19:57:38 +0100
From: ianG <iang@iang.org>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:24.0) Gecko/20100101 Thunderbird/24.4.0
MIME-Version: 1.0
To: Nico Williams <nico@cryptonector.com>
References: <53650F27.6040607@iang.org> <CAK3OfOhGCKPrYzhC46EVAnro6_FEsNVt16Gzx3Ds3zfR2wznOA@mail.gmail.com> <5367C9DC.10009@iang.org> <CAK3OfOgtg8aOJoVRzWpXgrTgM4MMAg=AKw4XQrmw4vqL92Om6Q@mail.gmail.com>
In-Reply-To: <CAK3OfOgtg8aOJoVRzWpXgrTgM4MMAg=AKw4XQrmw4vqL92Om6Q@mail.gmail.com>
X-Enigmail-Version: 1.6
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/saag/8wh7LkmXAGtdPRDXsOCwSn57EK0
Cc: "saag@ietf.org" <saag@ietf.org>
Subject: Re: [saag] A case against algorithm agility (long)
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 05 May 2014 18:57:47 -0000

On 5/05/2014 19:14 pm, Nico Williams wrote:
> On Mon, May 5, 2014 at 12:26 PM, ianG <iang@iang.org> wrote:
>> Meet the draft:
>>
>> https://datatracker.ietf.org/doc/draft-iab-crypto-alg-agility/?include_text=1
>>
>> Especially 2.1:
>>
>>    Some approaches carry one identifier for each algorithm that is used.
>>    Other approaches carry one identifier for a suite of algorithms.
>>    Either approach is acceptable; however, designers are encouraged to
>>    pick one of these approaches and use it consistently throughout the
>>    protocol.
> 
> The I-D is a bit barebones at this time -- that tends to be the case
> with -00s...  It certainly needs to expand on the details of algorithm
> negotiation quite a bit.  In particular it should say that one should
> not design protocols to negotiate ciphers and cipher modes separately.
>  Text on the pros/cons of a-la-carte vs. cartesian product negotiation
> would be handy.


Right.  I suppose it could be read either way, and I read it the other way.


> ISTR presentations to SAAG about algorithm agility that could be
> leveraged here.  IIRC it was EKR who presented.


Hmmm, anyone have the refs?


> Nico
> 
> 
> PS: There was no need to post that long screed.  It would have been
> better to focus on the cipher-and-mode matter first, especially if you
> don't object to a-la-carte negotiation in general.  Long rambling
> rants can be a bit of a DoS on the community.  Try to keep it shorter.
>  Edit, edit, edit until you have a concise post.


I was briskly told to make the case, get to the back of the queue ;)



iang

v2.8.7 | Report a Bug | By Email