IETF Logo Mail Archive

Re: [saag] Discuss at SAAG? was Re: nation state crypto profiles - draft-jenkins-cnsa-cmc-profile-00

Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> Thu, 04 October 2018 12:38 UTC

Return-Path: <kathleen.moriarty.ietf@gmail.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 79345130E29 for <saag@ietfa.amsl.com>; Thu, 4 Oct 2018 05:38:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yQQ3EzcLvsVi for <saag@ietfa.amsl.com>; Thu, 4 Oct 2018 05:38:20 -0700 (PDT)
Received: from mail-qt1-x82b.google.com (mail-qt1-x82b.google.com [IPv6:2607:f8b0:4864:20::82b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2AC37130E16 for <saag@ietf.org>; Thu, 4 Oct 2018 05:38:20 -0700 (PDT)
Received: by mail-qt1-x82b.google.com with SMTP id d14-v6so1014122qto.4 for <saag@ietf.org>; Thu, 04 Oct 2018 05:38:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=mvinAukhAbiHPIkFAwGTgUgLmXc78RRMNZvnHlY1XmM=; b=rSao37vlCq39NKBANupyJZ9boE/nI5A0zVYnJebYvUwcNO9UFUMFSbTObdBzCTkDNl Gfg2TVKGf/WYcPtsyjy8sqaFlDvlWdGtzwdG/07axMGqj/QL4B0Q/ciPO3vUzgpK/3lr zHehEqUukM7K7aIGHHu5cWcQj8OEr7MWBjT+wJlgxokyrYR+QvbNhkzDGn12ZenQcyhn sSknUqq9W1lKg1KfZYEsBRAc1W/2Q+N7Y22dqFxzer7GfqST5bQ1X58ol9JtXlUvFUII OxH6CINW9ei6T86tsndonad5xFct1gkyb4/LV9eOOh70ZxvwlyMlxFgB6hZBwEFr26Wx 0oxQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=mvinAukhAbiHPIkFAwGTgUgLmXc78RRMNZvnHlY1XmM=; b=E7MSUWd75RlKoMd3igsdSDv/XxspD7n9xCN6ULcgEzeZjgoVawZWa1Q+Duu6+kEUMs FVvUZzNPhhHRuc/YLJ5hF2kcvuMzwahSSDvXw3f4npJpxyafUhQog9bX6kRiFk5QFStw 9m0mminQHOwKvBlBHBsrv8svZjkZ3BCV163Qyv5/dySmRwb3zBhmoIqEhebxYHW+D2zK 2V+5ybmhlRjn2xSkYrbIe8zm8peyNqyLf1wIIlKj0c70Y3vHU39hkrT+v47f9Vnc2q8J WWWknYRWiB7g9ERmVS3XF0H13+kXSGihbQhV6uM2h9TTdz6d19b3XQ2OO1xmYgcZJq8F z/+A==
X-Gm-Message-State: ABuFfoguiGHqR1KPkl38t5iFI5BId1pvstc+HPo/d01y/BnH7ez2U+kl xuhzRCW7bZS1rAM+U9jVMDQ=
X-Google-Smtp-Source: ACcGV62mWfJrXPzi76kp0lP56rDGzmdpogl8inVxs08My8YV0yFDJcEjJ7euXVGYRiIV191eSFDkzg==
X-Received: by 2002:aed:3384:: with SMTP id v4-v6mr5089483qtd.267.1538656699347; Thu, 04 Oct 2018 05:38:19 -0700 (PDT)
Received: from ?IPv6:2600:380:8e74:d1b2:eca8:cfcf:dcfe:25a9? ([2600:380:8e74:d1b2:eca8:cfcf:dcfe:25a9]) by smtp.gmail.com with ESMTPSA id t16-v6sm2558029qth.68.2018.10.04.05.38.18 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 04 Oct 2018 05:38:18 -0700 (PDT)
Content-Type: multipart/alternative; boundary="Apple-Mail-2057E48E-D2A1-4076-8687-E1B3A339D085"
Mime-Version: 1.0 (1.0)
From: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
X-Mailer: iPhone Mail (15E216)
In-Reply-To: <CABcZeBPJjfjdxbHCWFQFLJcnMKZSCpVb0oEZPhpymVgu-=bspQ@mail.gmail.com>
Date: Thu, 04 Oct 2018 08:38:17 -0400
Cc: Benjamin Kaduk <kaduk@mit.edu>, Paul Wouters <paul@nohats.ca>, saag@ietf.org
Content-Transfer-Encoding: 7bit
Message-Id: <AA52667D-A058-4EE1-A982-5C3529F96671@gmail.com>
References: <7CB10AE4-09C1-4AC5-B255-6489EF1FAE78@akamai.com> <alpine.LRH.2.21.1810021734350.12702@bofh.nohats.ca> <BEC2489D-FE1E-4E55-A88C-05E0143F8415@gmail.com> <20181002220720.GD56675@kduck.kaduk.org> <CABcZeBPJjfjdxbHCWFQFLJcnMKZSCpVb0oEZPhpymVgu-=bspQ@mail.gmail.com>
To: Eric Rescorla <ekr@rtfm.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/DPZ3DEK6uTJWzu3wLjl0h_3yQMU>
Subject: Re: [saag] Discuss at SAAG? was Re: nation state crypto profiles - draft-jenkins-cnsa-cmc-profile-00
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Oct 2018 12:38:24 -0000


Sent from my mobile device

> On Oct 4, 2018, at 12:44 AM, Eric Rescorla <ekr@rtfm.com> wrote:
> 
> 
> 
>> On Tue, Oct 2, 2018 at 3:07 PM Benjamin Kaduk <kaduk@mit.edu> wrote:
>> On Wed, Oct 03, 2018 at 01:02:55AM +0300, Yoav Nir wrote:
>> > 
>> > 
>> > > On 3 Oct 2018, at 0:36, Paul Wouters <paul@nohats.ca> wrote:
>> > > 
>> > > On Tue, 2 Oct 2018, Salz, Rich wrote:
>> > > 
>> > >> *  (e.g. TLS ciphersuites identifiers) to use them for national-wide purposes 
>> > >> *  along with "first class" algorithms. 
>> > >> TLS has moved to “doc required”  Not “RFC required.”  And added a column that says whether it is “recommended” or “no comment.”  This seems like it will work out well.
>> > > 
>> > > Similarly, for IKE/IPsec, the IANA registries are Expert Review, not "RFC required”
>> > 
>> > Right. So if SAAG (or the IESG) can guide the designated experts about national crypto, that would be great.
>> > 
>> > Suppose (and this is just an example) the Russian government would like to use TLS 1.3 with the Kuznyechik cipher. This is assuming that it has an AEAD mode defined, so it can be used. They have several options:
>> > They can publish a document on gostperevod.com <http://gostperevod.com/> and ask IANA to register the Kuznyechik AEAD in the TLS registries.
>> > They can publish a draft (in addition to #1) and then ask IANA to register the Kuznyechik AEAD in the TLS registry while asking the RFC editor to publish.
>> > The can publish on gostperevod.com <http://gostperevod.com/> and tell everyone to squat on (0x13, 0x79)
>> > 
>> > I think we can all agree that #3 is a bad outcome, but that is what they will do if IANA won’t allocate identifiers.
>> > 
>> > IMO #1 is good enough, provided we can get guidance from SAAG or the IESG to recommend such registration.
>> > 
>> > It should be noted that a line should be drawn somewhere. I think a nation state with serious cryptographers such as Russia should get a code point for its national crypto.  I think someone who has come up with a great new algorithm that he totally cannot break should not get a code point. Somewhere between these two extremes the line should be drawn. The question is where?
>> 
>> That's a question for the corresponding registry's Designated Experts,
>> presumably.  RFC 8447 gives guidance to the experts (for the ciphersuite
>> registry):
>> 
>>    Note:  The role of the designated expert is described in RFC 8447.
>>       The designated expert [RFC8126] ensures that the specification is
>>       publicly available.  It is sufficient to have an Internet-Draft
>>       (that is posted and never published as an RFC) or a document from
>>       another standards body, industry consortium, university site, etc.
>>       The expert may provide more in-depth reviews, but their approval
>>       should not be taken as an endorsement of the cipher suite.
>> 
>> which seems to push the Experts towards being pretty generous about
>> approving codepoint requests.  I would be surprised if #1 above was
>> controversial (but, to be clear, would welcome a conversation with the
>> experts if needed; I'm not trying to force anyone's hand).
> 
> Speaking as an individual, not AD.
> 
> My understanding of the intent of the current rules for TLS was to grant code points as long as there was a document describing the cipher suite, even if the DEs thought the algorithms were silly or potentially insecure.
> 
> The reasoning here was that having code points marked Not Recommended was better than having people squatting.

Agreed.  There was consensus on this choice as well in the TLS WG.

Kathleen 

> 
> -Ekr
> 
>> 
>> -Ben
>> 
>> _______________________________________________
>> saag mailing list
>> saag@ietf.org
>> https://www.ietf.org/mailman/listinfo/saag
> _______________________________________________
> saag mailing list
> saag@ietf.org
> https://www.ietf.org/mailman/listinfo/saag

v2.23.0 | Report a Bug | By Email