IETF Logo Mail Archive

Re: [saag] Discuss at SAAG? was Re: nation state crypto profiles - draft-jenkins-cnsa-cmc-profile-00

Benjamin Kaduk <kaduk@mit.edu> Tue, 02 October 2018 22:07 UTC

Return-Path: <kaduk@mit.edu>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0D27D1311AB for <saag@ietfa.amsl.com>; Tue, 2 Oct 2018 15:07:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.199
X-Spam-Level:
X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id f8vSmQVOHhRx for <saag@ietfa.amsl.com>; Tue, 2 Oct 2018 15:07:31 -0700 (PDT)
Received: from dmz-mailsec-scanner-3.mit.edu (dmz-mailsec-scanner-3.mit.edu [18.9.25.14]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B0B611311C0 for <saag@ietf.org>; Tue, 2 Oct 2018 15:07:30 -0700 (PDT)
X-AuditID: 1209190e-abfff70000001490-90-5bb3ec2013fb
Received: from mailhub-auth-2.mit.edu ( [18.7.62.36]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-3.mit.edu (Symantec Messaging Gateway) with SMTP id 52.43.05264.12CE3BB5; Tue, 2 Oct 2018 18:07:29 -0400 (EDT)
Received: from outgoing.mit.edu (OUTGOING-AUTH-1.MIT.EDU [18.9.28.11]) by mailhub-auth-2.mit.edu (8.13.8/8.9.2) with ESMTP id w92M7O6B009612; Tue, 2 Oct 2018 18:07:26 -0400
Received: from kduck.kaduk.org (24-107-191-124.dhcp.stls.mo.charter.com [24.107.191.124]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id w92M7Koj030341 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Tue, 2 Oct 2018 18:07:23 -0400
Date: Tue, 02 Oct 2018 17:07:20 -0500
From: Benjamin Kaduk <kaduk@mit.edu>
To: Yoav Nir <ynir.ietf@gmail.com>
Cc: Paul Wouters <paul@nohats.ca>, Security Area Advisory Group <saag@ietf.org>
Message-ID: <20181002220720.GD56675@kduck.kaduk.org>
References: <7CB10AE4-09C1-4AC5-B255-6489EF1FAE78@akamai.com> <alpine.LRH.2.21.1810021734350.12702@bofh.nohats.ca> <BEC2489D-FE1E-4E55-A88C-05E0143F8415@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <BEC2489D-FE1E-4E55-A88C-05E0143F8415@gmail.com>
User-Agent: Mutt/1.9.1 (2017-09-22)
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrCKsWRmVeSWpSXmKPExsUixG6noqv4ZnO0wfm3khbvb11ispjS38lk sfTYByYHZo+ds+6yeyxZ8pPJ4/s8pgDmKC6blNSczLLUIn27BK6MY68Wsxc8EatY9/4GYwNj r1AXIyeHhICJxKbryxlBbCGBxUwSe+9HdjFyAdkbGCXa97axQjhXmCQuzu9lAaliEVCR+LPn KFgHG5Dd0H2ZGcQWEVCSOHzlK5jNLBAhsezRNDYQW1ggX+LJoansIDYv0LY3v1rYIIYuZ5TY /6+bGSIhKHFy5hMWiGZ1iT/zLgHFOYBsaYnl/zggwvISzVtng5VzCthKHH14H2y+qICyxN6+ Q+wTGAVnIZk0C8mkWQiTZiGZtICRZRWjbEpulW5uYmZOcWqybnFyYl5eapGusV5uZoleakrp JkZQoHNK8u1gnNTgfYhRgINRiYc3Yf7maCHWxLLiytxDjJIcTEqivDy5QCG+pPyUyozE4oz4 otKc1OJDjBIczEoivH2JQDnelMTKqtSifJiUNAeLkjjvhJbF0UIC6YklqdmpqQWpRTBZGQ4O JQneN6+AGgWLUtNTK9Iyc0oQ0kwcnCDDeYCGPwKp4S0uSMwtzkyHyJ9itORYNaNjBjPHtjOd QLLt6fUZzEIsefl5qVLivPWvgRoEQBoySvPgZoISl0T2/ppXjOJALwrzpoJU8QCTHtzUV0AL mYAWNpZuAFlYkoiQkmpgnBxreDvZ1ftN8NGej5r+lrWPbRP/XggP9Vi+K2BX+S+va1+2xPj3 7z16MT6P9QLPcx6GD2rzeO5FrY6ouD03OHviEZOM5SoSGzZ6stq6XDzkHB1t/GJX0fbvbRPO d0af36n4RDY0Tf/i0q29K5uSrPqy8koW7JPfbRjnxcopJlqktLxiwhNLJZbijERDLeai4kQA WFw2MzcDAAA=
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/GrFSgkaOYA9fZ8fk6XmXhwwS9Fw>
Subject: Re: [saag] Discuss at SAAG? was Re: nation state crypto profiles - draft-jenkins-cnsa-cmc-profile-00
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Oct 2018 22:07:33 -0000

On Wed, Oct 03, 2018 at 01:02:55AM +0300, Yoav Nir wrote:
> 
> 
> > On 3 Oct 2018, at 0:36, Paul Wouters <paul@nohats.ca> wrote:
> > 
> > On Tue, 2 Oct 2018, Salz, Rich wrote:
> > 
> >> *  (e.g. TLS ciphersuites identifiers) to use them for national-wide purposes 
> >> *  along with "first class" algorithms. 
> >> TLS has moved to “doc required”  Not “RFC required.”  And added a column that says whether it is “recommended” or “no comment.”  This seems like it will work out well.
> > 
> > Similarly, for IKE/IPsec, the IANA registries are Expert Review, not "RFC required”
> 
> Right. So if SAAG (or the IESG) can guide the designated experts about national crypto, that would be great.
> 
> Suppose (and this is just an example) the Russian government would like to use TLS 1.3 with the Kuznyechik cipher. This is assuming that it has an AEAD mode defined, so it can be used. They have several options:
> They can publish a document on gostperevod.com <http://gostperevod.com/> and ask IANA to register the Kuznyechik AEAD in the TLS registries.
> They can publish a draft (in addition to #1) and then ask IANA to register the Kuznyechik AEAD in the TLS registry while asking the RFC editor to publish.
> The can publish on gostperevod.com <http://gostperevod.com/> and tell everyone to squat on (0x13, 0x79)
> 
> I think we can all agree that #3 is a bad outcome, but that is what they will do if IANA won’t allocate identifiers.
> 
> IMO #1 is good enough, provided we can get guidance from SAAG or the IESG to recommend such registration.
> 
> It should be noted that a line should be drawn somewhere. I think a nation state with serious cryptographers such as Russia should get a code point for its national crypto.  I think someone who has come up with a great new algorithm that he totally cannot break should not get a code point. Somewhere between these two extremes the line should be drawn. The question is where?

That's a question for the corresponding registry's Designated Experts,
presumably.  RFC 8447 gives guidance to the experts (for the ciphersuite
registry):

   Note:  The role of the designated expert is described in RFC 8447.
      The designated expert [RFC8126] ensures that the specification is
      publicly available.  It is sufficient to have an Internet-Draft
      (that is posted and never published as an RFC) or a document from
      another standards body, industry consortium, university site, etc.
      The expert may provide more in-depth reviews, but their approval
      should not be taken as an endorsement of the cipher suite.

which seems to push the Experts towards being pretty generous about
approving codepoint requests.  I would be surprised if #1 above was
controversial (but, to be clear, would welcome a conversation with the
experts if needed; I'm not trying to force anyone's hand).

-Ben

v2.23.0 | Report a Bug | By Email