Re: [saag] Section 2.9: was Re: AD review of draft-iab-crypto-alg-agility-06

[Russ Housley <housley@vigilsec.com>]

Barry:

I think the only point is that someone might want to use an algorithm for OS that would otherwise be deprecated.

Maybe the IESG can discuss this point on the call tomorrow and offer some advice.

Russ


On Sep 2, 2015, at 6:06 PM, Barry Leiba wrote:

> (Responding to the thread in general, not to VIktor's note in particular.)
> 
> I honestly don't see why this issue is relevant to agility at all, and
> I would just strike the mention altogether, as I don't think it
> affects the point that we need to have the ability to change
> algorithms baked into the protocol and designed into the software.
> 
> The point of OS is to negotiate the best security we can, and be
> willing to accept a certain minimal security level, where the
> definition of what's minimally acceptable will change from one
> situation to another.
> 
> Algorithm agility can help us achieve that, and that might be worth
> saying.  But whether in a particular OS situation we care willing to
> negotiate something that we'd otherwise consider deprecated is a
> question unto itself, not one that guidance on algorithm agility needs
> to discuss.
> 
> Barry
> 
> On Wed, Sep 2, 2015 at 12:01 AM, Viktor Dukhovni <ietf-dane@dukhovni.org> wrote:
>> On Tue, Sep 01, 2015 at 11:09:23PM -0400, Kathleen Moriarty wrote:
>> 
>>> I think the proposed text is a lot better than what was there and I think
>>> there is consensus around it.  Once you get more specific, then you are
>>> moving away from what was agreed upon in the OS draft.  Doing that would
>>> require quite a bit more discussion.
>>> 
>>> The proposed text reads well to me and keeps us more consistent - use of
>>> weaker crypto for OS is limited to legacy deployments and is not okay for
>>> authenticated and encrypted sessions for OS, just unauthenticated.  If
>>> you have a proposal for text that keeps within the space where I think we
>>> have consensus, then I'm okay with change otherwise I'm not.  It might
>>> take reading through this draft and the OS RFC, once that has been done,
>>> this text makes sense... Reading big through the discussion on this over
>>> the past week or so may help as well.
>> 
>> I am not saying the proposed text is wrong on its substance, rather
>> I am a somewhat concerned about what seems to be misplaced emphasis.
>> I think Sam agrees along essentially the same lines.
>> 
>> I've not suggested a specific remedy, just throwing ideas out there
>> and hoping they might be useful.
>> 
>> In part I don't think I should be the only one doing all the
>> explaining of OS, it is best if others can make additional
>> contributions to the formulation of a refined consensus in this
>> area.
>> 
>> It would I think be better to note that OS (when unauthenticated
>> and provies only passive protection) is not fundamentally about
>> use of weaker crypto.  Rather it is about doing as much better than
>> cleartext as one can, and agility is helpful, but more quickly on
>> the uptake of new algos than deprecation of legacy algos, because
>> interop considerations and avoiding cleartext trump the urgency of
>> deprecating weak crypto.
>> 
>> That said, that's just how I see it, and I don't want force my
>> formulation on everyone else, so if there are other ways to improve
>> the text (change of emphasis) that's fine.
>> 
>> --
>>        Viktor.
>> 
>> _______________________________________________
>> saag mailing list
>> saag@ietf.org
>> https://www.ietf.org/mailman/listinfo/saag
> 
> _______________________________________________
> saag mailing list
> saag@ietf.org
> https://www.ietf.org/mailman/listinfo/saag