IETF Logo Mail Archive

Re: [saag] SSH & Ntruprime

Paul Wouters <paul.wouters@aiven.io> Tue, 16 April 2024 15:31 UTC

Return-Path: <paul.wouters@aiven.io>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7E3F7C14CE3B for <saag@ietfa.amsl.com>; Tue, 16 Apr 2024 08:31:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.095
X-Spam-Level:
X-Spam-Status: No, score=-2.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=aiven.io
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id b3gPzUHBmBLl for <saag@ietfa.amsl.com>; Tue, 16 Apr 2024 08:31:25 -0700 (PDT)
Received: from mail-ed1-x52b.google.com (mail-ed1-x52b.google.com [IPv6:2a00:1450:4864:20::52b]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 35140C14CF18 for <saag@ietf.org>; Tue, 16 Apr 2024 08:31:25 -0700 (PDT)
Received: by mail-ed1-x52b.google.com with SMTP id 4fb4d7f45d1cf-5701dec0c0aso3248085a12.3 for <saag@ietf.org>; Tue, 16 Apr 2024 08:31:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=aiven.io; s=google; t=1713281483; x=1713886283; darn=ietf.org; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :from:to:cc:subject:date:message-id:reply-to; bh=bYCntFlFYFC5M+PVN/chLW1k2Hh/ROEL6q3KoIEoj5E=; b=JSXfoSwf8vdoiJkfvZ/KYPTPUIgOxp+5VXy6tZFUcZjl2r4KuVnTsD3ItalFMkxg1P vdwMqyjOnNzBy/gEfJsDaCYkRxvvHmh6sJEQZqn8MV3MjU0TrQs0L6886AbNnvvWcTuZ w6KEv/Rg4uN5UGxdsg08TmjA1qTd7NoUmovMQ=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713281483; x=1713886283; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=bYCntFlFYFC5M+PVN/chLW1k2Hh/ROEL6q3KoIEoj5E=; b=AzPS3ggDttBC2bUQnkPcCNOqsBTZLdi7Yf+lngFBn5B9+XJzz3Sqvts/AEnBdjjjix Fi9Ye5rOLEMip7k3JjE4xkHqsKjyFWzN9blK1EE3RYowbkw5x/UalTkf9l62ROnsnIVl pGTYfHvCF+X1aSpcrglsI2OsQWXXe5G0/7bkG2pKKzTYPxdMkrc1P8JS0KLcC8zov2IW U980bwNLg4/64JzIsA3N5eBsy9dsH5V7Eb2TWsgsbQLLYhaaUCxN7qzpqjeLc/ulmWnI P8rCG7DD7nZGZUtQxxssE7zK3OuCSqjKF47VjnIl3J9+JyJRZhUSYn9jTRxgK619U8qk tZHQ==
X-Gm-Message-State: AOJu0YzyzyMX/Mi9PI1FjdcCBHfjP9DEL7swXkyKKn+JM1+wugVIkFhG T0Af7fKr1lX49U+YVq9gfMGLt0+n6Ll50E+/9oR9GP0aGCpKBGaF0IpowfReG8kf22b/qg0/ssk YUV3A3qggIr+1bZVv9HtJUl8I3xE00VRnICrqqsxRCbKth9+CRDE=
X-Google-Smtp-Source: AGHT+IFMoSHTIGvQvClCMqX/nfa2E2xhg3e5VaOUg8JUNwsU40YO+ICgz9V6cDaJCLNvwoOIHqULuhzUCJ/qnFlgnUU=
X-Received: by 2002:a17:907:2ce5:b0:a51:cbd5:1fb5 with SMTP id hz5-20020a1709072ce500b00a51cbd51fb5mr11100091ejc.36.1713281483219; Tue, 16 Apr 2024 08:31:23 -0700 (PDT)
MIME-Version: 1.0
References: <CAGL5yWbdAD31-cA15MACTq5OF=iZPU7qAGKfKJoPy3zNio=cnA@mail.gmail.com> <20240415224218.119548.qmail@cr.yp.to>
In-Reply-To: <20240415224218.119548.qmail@cr.yp.to>
From: Paul Wouters <paul.wouters@aiven.io>
Date: Tue, 16 Apr 2024 11:31:11 -0400
Message-ID: <CAGL5yWZRMJAWifEz9qxSRpkhv44B+_6PzoX9c5GGVpjJ2OWuHQ@mail.gmail.com>
To: saag@ietf.org
Content-Type: multipart/alternative; boundary="00000000000035b4a40616386eee"
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/pPAoER3NkUfKnQlSz8BtGMr6xMU>
Subject: Re: [saag] SSH & Ntruprime
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Apr 2024 15:31:29 -0000

On Mon, Apr 15, 2024 at 6:42 PM D. J. Bernstein <djb@cr.yp.to> wrote:

> Paul Wouters writes:
> > Should the IETF really recommend a dropped candidate at this stage?
>
> Yes. IETF policy prefers algorithms with no known patent claims. BCP 79
> does not authorize delegating IETF's patent-related decisions to NIST.
>

A BCP does not authorize or not authorize anything. You keep quoting IPR
policy
without putting it in the proper context. It deals with protocols developed
within
the IETF, eg during the working group process. The process for deciding on
cryptography is a separate process with separate concerns, specifically
because
the IETF does not consider itself to be a full blown academic community
capable
of evaluating all cryptography.

   * While I agree that the review did make technical comments regarding
>      an issue beyond sntrup (the choice of combiner), those comments are
>      not even marginally consistent with how combiners are being handled
>      elsewhere in IETF and IRTF. (In case readers are interested in the
>      details, see postscript below.)
>

The IETF uses the CFRG and the Crypto Panel to inform itself on matters
related to cryptography. I believe that consensus process should not be
bypassed by the individual AD Sponsoring mechanism.

More to the point, my description of the review had nothing whatsoever
> to do with the identity of the reviewer, so it wasn't an ad-hominem
> attack. Please withdraw your claim to the contrary.
>

I stand by my view that your statement calling the Crypto Panel Review
"political" was unsubstantiated. I believe they handled the IETF process
properly and objectively within the constrains of the IETF process.


> > Some people prefer to not engage with you due to previous negative
> > experiences with your method of discussion.
>
> Now _that's_ an ad-hominem attack. Please (1) apologize and (2) keep
> yourself under control in the future. Thanks in advance.
>

I understood this was a possible reply to my clarification, but
unfortunately I
was in a difficult position. I could either withhold the information and be
accused non-transparency, or I could disclose the limited information and
be told it is an ad-hominem attack. I choose the more transparent option,
so that others could use their own judgement based on their own knowledge
along with their judgement based on my own personality traits. Thanks in
advance
for understanding the choice I made.

Also, have you considered the possibility that the conclusions in those
> conversations come from underlying errors that would be corrected if the
> arguments were raised in public? Look at the above "scrutiny" claim:
> it's the sort of error that can easily be repeated because it _sounds_
> reasonable, but transparency allows the claim to be rapidly debunked.
>

No, I have confidence in the claims. Furthermore, this discussion itself
has been
extremely aggressive and unpleasant and not inductive of cooperation.
Indeed, if
I were not an AD and felt it was required of my role to discuss, I would
have silently
disengaged a while ago.

As stated before, I am not willing to AD sponsor a document using
cryptography that is
not recommended by CFRG. I believe it is prudent that getting an RFC number
follows
the IETF practices and policies. It is what gives RFC numbers its value to
the community.
It is not up to me individually to override that process.

The SSH IANA registry policies were updated recently by RFC 9519 from IETF
Review to
Expert Review. You do not require an RFC to obtain an NTRUprime entry in
the IANA SSH
Key Exchange Registry. You can engage with the Designated Experts of the
SSH registries:
https://www.iana.org/assignments/ssh-parameters/ssh-parameters.xhtml

If you believe these is additional value in getting an IETF assigned RFC
number, you would
obviously agree that is value comes from its proven track record in the
past for following its
own process and policies. The process related to cryptography in the IETF
might be discussed
and clarified at the next IETF meeting in Vancouver due to other items that
have come up in
the last year. You are welcome to attend like any other IETF participant
via paid registration for
the IETF 120 conference.

This email ends my involvement in the discussion regarding AD Sponsorship
of this document.

Paul

v2.23.0 | Report a Bug | By Email