Re: [saag] SSH & Ntruprime
Paul Wouters <paul.wouters@aiven.io> Tue, 16 April 2024 15:31 UTC
Return-Path: <paul.wouters@aiven.io>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7E3F7C14CE3B for <saag@ietfa.amsl.com>; Tue, 16 Apr 2024 08:31:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.095
X-Spam-Level:
X-Spam-Status: No, score=-2.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=aiven.io
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id b3gPzUHBmBLl for <saag@ietfa.amsl.com>; Tue, 16 Apr 2024 08:31:25 -0700 (PDT)
Received: from mail-ed1-x52b.google.com (mail-ed1-x52b.google.com [IPv6:2a00:1450:4864:20::52b]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 35140C14CF18 for <saag@ietf.org>; Tue, 16 Apr 2024 08:31:25 -0700 (PDT)
Received: by mail-ed1-x52b.google.com with SMTP id 4fb4d7f45d1cf-5701dec0c0aso3248085a12.3 for <saag@ietf.org>; Tue, 16 Apr 2024 08:31:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=aiven.io; s=google; t=1713281483; x=1713886283; darn=ietf.org; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :from:to:cc:subject:date:message-id:reply-to; bh=bYCntFlFYFC5M+PVN/chLW1k2Hh/ROEL6q3KoIEoj5E=; b=JSXfoSwf8vdoiJkfvZ/KYPTPUIgOxp+5VXy6tZFUcZjl2r4KuVnTsD3ItalFMkxg1P vdwMqyjOnNzBy/gEfJsDaCYkRxvvHmh6sJEQZqn8MV3MjU0TrQs0L6886AbNnvvWcTuZ w6KEv/Rg4uN5UGxdsg08TmjA1qTd7NoUmovMQ=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713281483; x=1713886283; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=bYCntFlFYFC5M+PVN/chLW1k2Hh/ROEL6q3KoIEoj5E=; b=AzPS3ggDttBC2bUQnkPcCNOqsBTZLdi7Yf+lngFBn5B9+XJzz3Sqvts/AEnBdjjjix Fi9Ye5rOLEMip7k3JjE4xkHqsKjyFWzN9blK1EE3RYowbkw5x/UalTkf9l62ROnsnIVl pGTYfHvCF+X1aSpcrglsI2OsQWXXe5G0/7bkG2pKKzTYPxdMkrc1P8JS0KLcC8zov2IW U980bwNLg4/64JzIsA3N5eBsy9dsH5V7Eb2TWsgsbQLLYhaaUCxN7qzpqjeLc/ulmWnI P8rCG7DD7nZGZUtQxxssE7zK3OuCSqjKF47VjnIl3J9+JyJRZhUSYn9jTRxgK619U8qk tZHQ==
X-Gm-Message-State: AOJu0YzyzyMX/Mi9PI1FjdcCBHfjP9DEL7swXkyKKn+JM1+wugVIkFhG T0Af7fKr1lX49U+YVq9gfMGLt0+n6Ll50E+/9oR9GP0aGCpKBGaF0IpowfReG8kf22b/qg0/ssk YUV3A3qggIr+1bZVv9HtJUl8I3xE00VRnICrqqsxRCbKth9+CRDE=
X-Google-Smtp-Source: AGHT+IFMoSHTIGvQvClCMqX/nfa2E2xhg3e5VaOUg8JUNwsU40YO+ICgz9V6cDaJCLNvwoOIHqULuhzUCJ/qnFlgnUU=
X-Received: by 2002:a17:907:2ce5:b0:a51:cbd5:1fb5 with SMTP id hz5-20020a1709072ce500b00a51cbd51fb5mr11100091ejc.36.1713281483219; Tue, 16 Apr 2024 08:31:23 -0700 (PDT)
MIME-Version: 1.0
References: <CAGL5yWbdAD31-cA15MACTq5OF=iZPU7qAGKfKJoPy3zNio=cnA@mail.gmail.com> <20240415224218.119548.qmail@cr.yp.to>
In-Reply-To: <20240415224218.119548.qmail@cr.yp.to>
From: Paul Wouters <paul.wouters@aiven.io>
Date: Tue, 16 Apr 2024 11:31:11 -0400
Message-ID: <CAGL5yWZRMJAWifEz9qxSRpkhv44B+_6PzoX9c5GGVpjJ2OWuHQ@mail.gmail.com>
To: saag@ietf.org
Content-Type: multipart/alternative; boundary="00000000000035b4a40616386eee"
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/pPAoER3NkUfKnQlSz8BtGMr6xMU>
Subject: Re: [saag] SSH & Ntruprime
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Apr 2024 15:31:29 -0000
On Mon, Apr 15, 2024 at 6:42 PM D. J. Bernstein <djb@cr.yp.to> wrote: > Paul Wouters writes: > > Should the IETF really recommend a dropped candidate at this stage? > > Yes. IETF policy prefers algorithms with no known patent claims. BCP 79 > does not authorize delegating IETF's patent-related decisions to NIST. > A BCP does not authorize or not authorize anything. You keep quoting IPR policy without putting it in the proper context. It deals with protocols developed within the IETF, eg during the working group process. The process for deciding on cryptography is a separate process with separate concerns, specifically because the IETF does not consider itself to be a full blown academic community capable of evaluating all cryptography. * While I agree that the review did make technical comments regarding > an issue beyond sntrup (the choice of combiner), those comments are > not even marginally consistent with how combiners are being handled > elsewhere in IETF and IRTF. (In case readers are interested in the > details, see postscript below.) > The IETF uses the CFRG and the Crypto Panel to inform itself on matters related to cryptography. I believe that consensus process should not be bypassed by the individual AD Sponsoring mechanism. More to the point, my description of the review had nothing whatsoever > to do with the identity of the reviewer, so it wasn't an ad-hominem > attack. Please withdraw your claim to the contrary. > I stand by my view that your statement calling the Crypto Panel Review "political" was unsubstantiated. I believe they handled the IETF process properly and objectively within the constrains of the IETF process. > > Some people prefer to not engage with you due to previous negative > > experiences with your method of discussion. > > Now _that's_ an ad-hominem attack. Please (1) apologize and (2) keep > yourself under control in the future. Thanks in advance. > I understood this was a possible reply to my clarification, but unfortunately I was in a difficult position. I could either withhold the information and be accused non-transparency, or I could disclose the limited information and be told it is an ad-hominem attack. I choose the more transparent option, so that others could use their own judgement based on their own knowledge along with their judgement based on my own personality traits. Thanks in advance for understanding the choice I made. Also, have you considered the possibility that the conclusions in those > conversations come from underlying errors that would be corrected if the > arguments were raised in public? Look at the above "scrutiny" claim: > it's the sort of error that can easily be repeated because it _sounds_ > reasonable, but transparency allows the claim to be rapidly debunked. > No, I have confidence in the claims. Furthermore, this discussion itself has been extremely aggressive and unpleasant and not inductive of cooperation. Indeed, if I were not an AD and felt it was required of my role to discuss, I would have silently disengaged a while ago. As stated before, I am not willing to AD sponsor a document using cryptography that is not recommended by CFRG. I believe it is prudent that getting an RFC number follows the IETF practices and policies. It is what gives RFC numbers its value to the community. It is not up to me individually to override that process. The SSH IANA registry policies were updated recently by RFC 9519 from IETF Review to Expert Review. You do not require an RFC to obtain an NTRUprime entry in the IANA SSH Key Exchange Registry. You can engage with the Designated Experts of the SSH registries: https://www.iana.org/assignments/ssh-parameters/ssh-parameters.xhtml If you believe these is additional value in getting an IETF assigned RFC number, you would obviously agree that is value comes from its proven track record in the past for following its own process and policies. The process related to cryptography in the IETF might be discussed and clarified at the next IETF meeting in Vancouver due to other items that have come up in the last year. You are welcome to attend like any other IETF participant via paid registration for the IETF 120 conference. This email ends my involvement in the discussion regarding AD Sponsorship of this document. Paul
- [saag] SSH & Ntruprime Loganaden Velvindron
- Re: [saag] SSH & Ntruprime D. J. Bernstein
- Re: [saag] SSH & Ntruprime Harry Halpin
- Re: [saag] SSH & Ntruprime Eric Rescorla
- Re: [saag] SSH & Ntruprime Paul Wouters
- Re: [saag] SSH & Ntruprime Simon Josefsson
- Re: [saag] SSH & Ntruprime Loganaden Velvindron
- Re: [saag] SSH & Ntruprime Eric Rescorla
- Re: [saag] SSH & Ntruprime Eric Rescorla
- Re: [saag] SSH & Ntruprime Eliot Lear
- Re: [saag] SSH & Ntruprime Eric Rescorla
- Re: [saag] SSH & Ntruprime Eliot Lear
- Re: [saag] SSH & Ntruprime Orie Steele
- Re: [saag] SSH & Ntruprime Eric Rescorla
- Re: [saag] SSH & Ntruprime Eric Rescorla
- Re: [saag] SSH & Ntruprime Eliot Lear
- Re: [saag] SSH & Ntruprime Eric Rescorla
- Re: [saag] SSH & Ntruprime Eliot Lear
- Re: [saag] SSH & Ntruprime Eric Rescorla
- Re: [saag] SSH & Ntruprime Jan-Frederik Rieckers
- Re: [saag] SSH & Ntruprime Orie Steele
- Re: [saag] SSH & Ntruprime Eric Rescorla
- Re: [saag] SSH & Ntruprime Michael StJohns
- Re: [saag] SSH & Ntruprime Eric Rescorla
- Re: [saag] SSH & Ntruprime Orie Steele
- Re: [saag] SSH & Ntruprime Salz, Rich
- Re: [saag] SSH & Ntruprime Eliot Lear
- Re: [saag] SSH & Ntruprime Melinda Shore
- Re: [saag] SSH & Ntruprime Michael StJohns
- Re: [saag] SSH & Ntruprime Salz, Rich
- Re: [saag] SSH & Ntruprime Eric Rescorla
- Re: [saag] SSH & Ntruprime Salz, Rich
- Re: [saag] SSH & Ntruprime S Moonesamy
- Re: [saag] SSH & Ntruprime Michael StJohns
- Re: [saag] SSH & Ntruprime Salz, Rich
- Re: [saag] SSH & Ntruprime Michael StJohns
- Re: [saag] SSH & Ntruprime Salz, Rich
- Re: [saag] SSH & Ntruprime Salz, Rich
- Re: [saag] SSH & Ntruprime Eliot Lear
- Re: [saag] SSH & Ntruprime Michael StJohns
- Re: [saag] SSH & Ntruprime Ira McDonald
- Re: [saag] SSH & Ntruprime Michael Richardson
- Re: [saag] SSH & Ntruprime Paul Wouters
- Re: [saag] SSH & Ntruprime Simon Josefsson
- Re: [saag] SSH & Ntruprime Christian Huitema
- Re: [saag] SSH & Ntruprime Russ Housley
- Re: [saag] SSH & Ntruprime Orie Steele
- Re: [saag] SSH & Ntruprime Michael Richardson
- Re: [saag] SSH & Ntruprime Loganaden Velvindron
- Re: [saag] SSH & Ntruprime Loganaden Velvindron
- Re: [saag] SSH & Ntruprime Michael Richardson
- Re: [saag] SSH & Ntruprime Paul Wouters
- Re: [saag] SSH & Ntruprime Michael Richardson
- Re: [saag] SSH & Ntruprime Michael Richardson
- Re: [saag] SSH & Ntruprime Paul Wouters
- Re: [saag] SSH & Ntruprime Stephen Farrell
- Re: [saag] SSH & Ntruprime Simon Josefsson
- Re: [saag] SSH & Ntruprime Mark Baushke (ietf)
- Re: [saag] SSH & Ntruprime Stephen Farrell
- Re: [saag] SSH & Ntruprime D. J. Bernstein
- Re: [saag] SSH & Ntruprime Eric Rescorla
- Re: [saag] SSH & Ntruprime Eliot Lear
- Re: [saag] SSH & Ntruprime Salz, Rich
- Re: [saag] SSH & Ntruprime Stephen Farrell
- Re: [saag] SSH & Ntruprime Eric Rescorla
- Re: [saag] SSH & Ntruprime Eric Rescorla
- Re: [saag] SSH & Ntruprime Michael StJohns
- Re: [saag] SSH & Ntruprime Eric Rescorla
- Re: [saag] SSH & Ntruprime Michael StJohns
- Re: [saag] SSH & Ntruprime S Moonesamy
- Re: [saag] SSH & Ntruprime Paul Wouters
- Re: [saag] SSH & Ntruprime Watson Ladd
- Re: [saag] SSH & Ntruprime Stephen Farrell
- Re: [saag] SSH & Ntruprime Simon Josefsson
- Re: [saag] SSH & Ntruprime StJohns, Michael
- Re: [saag] SSH & Ntruprime Watson Ladd
- Re: [saag] SSH & Ntruprime Stephen Farrell
- Re: [saag] SSH & Ntruprime Eric Rescorla
- Re: [saag] SSH & Ntruprime Watson Ladd
- Re: [saag] SSH & Ntruprime Michael StJohns
- Re: [saag] SSH & Ntruprime S Moonesamy
- Re: [saag] SSH & Ntruprime Eric Rescorla
- Re: [saag] SSH & Ntruprime D. J. Bernstein
- Re: [saag] SSH & Ntruprime Salz, Rich
- Re: [saag] SSH & Ntruprime Paul Wouters
- Re: [saag] SSH & Ntruprime D. J. Bernstein
- Re: [saag] SSH & Ntruprime Deb Cooley
- Re: [saag] SSH & Ntruprime Christian Huitema
- Re: [saag] SSH & Ntruprime Simon Josefsson