IETF Logo Mail Archive

Re: [saag] Discuss at SAAG? was Re: nation state crypto profiles - draft-jenkins-cnsa-cmc-profile-00

Yoav Nir <ynir.ietf@gmail.com> Tue, 02 October 2018 22:03 UTC

Return-Path: <ynir.ietf@gmail.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A82AF131242 for <saag@ietfa.amsl.com>; Tue, 2 Oct 2018 15:03:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0SCHQqwWaKQ7 for <saag@ietfa.amsl.com>; Tue, 2 Oct 2018 15:03:00 -0700 (PDT)
Received: from mail-wm1-x335.google.com (mail-wm1-x335.google.com [IPv6:2a00:1450:4864:20::335]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 00F0B131259 for <saag@ietf.org>; Tue, 2 Oct 2018 15:02:59 -0700 (PDT)
Received: by mail-wm1-x335.google.com with SMTP id s12-v6so3753677wmc.0 for <saag@ietf.org>; Tue, 02 Oct 2018 15:02:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=tCncVmhaPvT0sGcjwszuiLAUpRLJwuJwhD9/DvamoIo=; b=mPiY1eAGMNBBm68BInB4BAJIrjlQQkymwh74b9iGt8CeXmzPB4potrRw6cyuAjfnfq GMpppcJZy9n/xqh5dZI54jiB1/7gZWH2hVlJKz5kEuB9bIwgzdZu0/+7jlkLJqw7xvCI hyjgoYMyrqPahSsUSCHbemhDYGS2AUmwmct4MtQ0K7nGQyd+XNThOgPNU/FbxrQbZVwD bCYRvELpnBRUx8gJEgc5b1Wu6nIU6fIRi1Q/cef3/X8AJ1KjAmHlH9Pez52SEvptge2f u7aC9pjL2XncPEMHWyrZioQ8hZKDFluTHnSXeaArYaf/vkxwWziRW85AKwLnAlNo7ZgR oOiQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=tCncVmhaPvT0sGcjwszuiLAUpRLJwuJwhD9/DvamoIo=; b=mv0UAG2r28RqR5cz1J20VyjiBmEDZ9OcP6Gvv7kLcRhgA4NPDb4sA28+6aDhB8kJ6k QRg2kHfnJNKf0QpehiAV8BOpiM3s73WoTz+bURvQbIuK19JPUhWCnqzcAI45+fgi82FA 2WeIU2vAeDo58665jCWcNjTKrFPEnNUI5qN8HI5FLs0rfnRWXIcwj5uPwn1usCVP+AXT 6zrLzBXe+JUJgExk8lZssBWJQQc9bbRfxHnTPgVN3ohXORux1xh31quTew0s7zfI9XyL OS1x6ecV4OoxWs0NKRbNJxl+zG8da4ShfJJpXwUPIK/vdl08E+Nm6SxR5O6qYjTFa88n JF+Q==
X-Gm-Message-State: ABuFfogZE/M8d6GgWarRrRwYo+cB8IdTwr1Bij9oeM70quekXx0XNX7h wCthv4ohOa6tvlxk9r9JNvFunXYU
X-Google-Smtp-Source: ACcGV61uv1qdVU32E8Bd/9o8Be3ac3kVaDTOiGHqLhMdapxa5V0Mync1QjWzECX7Y0XQR0xNaFFKmg==
X-Received: by 2002:a1c:1b91:: with SMTP id b139-v6mr3105599wmb.147.1538517778414; Tue, 02 Oct 2018 15:02:58 -0700 (PDT)
Received: from [192.168.1.12] ([46.120.57.147]) by smtp.gmail.com with ESMTPSA id z13sm15995766wrw.19.2018.10.02.15.02.56 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 02 Oct 2018 15:02:57 -0700 (PDT)
From: Yoav Nir <ynir.ietf@gmail.com>
Message-Id: <BEC2489D-FE1E-4E55-A88C-05E0143F8415@gmail.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_C2603439-8D85-433A-957E-4E7F0283970D"
Mime-Version: 1.0 (Mac OS X Mail 12.0 \(3445.100.39\))
Date: Wed, 03 Oct 2018 01:02:55 +0300
In-Reply-To: <alpine.LRH.2.21.1810021734350.12702@bofh.nohats.ca>
Cc: Rich Salz <rsalz@akamai.com>, Security Area Advisory Group <saag@ietf.org>
To: Paul Wouters <paul@nohats.ca>
References: <7CB10AE4-09C1-4AC5-B255-6489EF1FAE78@akamai.com> <alpine.LRH.2.21.1810021734350.12702@bofh.nohats.ca>
X-Mailer: Apple Mail (2.3445.100.39)
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/pcTZmPwk_YHvvmgLdWYJc4JtTz0>
Subject: Re: [saag] Discuss at SAAG? was Re: nation state crypto profiles - draft-jenkins-cnsa-cmc-profile-00
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Oct 2018 22:03:10 -0000


> On 3 Oct 2018, at 0:36, Paul Wouters <paul@nohats.ca> wrote:
> 
> On Tue, 2 Oct 2018, Salz, Rich wrote:
> 
>> *  (e.g. TLS ciphersuites identifiers) to use them for national-wide purposes 
>> *  along with "first class" algorithms. 
>> TLS has moved to “doc required”  Not “RFC required.”  And added a column that says whether it is “recommended” or “no comment.”  This seems like it will work out well.
> 
> Similarly, for IKE/IPsec, the IANA registries are Expert Review, not "RFC required”

Right. So if SAAG (or the IESG) can guide the designated experts about national crypto, that would be great.

Suppose (and this is just an example) the Russian government would like to use TLS 1.3 with the Kuznyechik cipher. This is assuming that it has an AEAD mode defined, so it can be used. They have several options:
They can publish a document on gostperevod.com <http://gostperevod.com/> and ask IANA to register the Kuznyechik AEAD in the TLS registries.
They can publish a draft (in addition to #1) and then ask IANA to register the Kuznyechik AEAD in the TLS registry while asking the RFC editor to publish.
The can publish on gostperevod.com <http://gostperevod.com/> and tell everyone to squat on (0x13, 0x79)

I think we can all agree that #3 is a bad outcome, but that is what they will do if IANA won’t allocate identifiers.

IMO #1 is good enough, provided we can get guidance from SAAG or the IESG to recommend such registration.

It should be noted that a line should be drawn somewhere. I think a nation state with serious cryptographers such as Russia should get a code point for its national crypto.  I think someone who has come up with a great new algorithm that he totally cannot break should not get a code point. Somewhere between these two extremes the line should be drawn. The question is where?

Yoav

v2.23.0 | Report a Bug | By Email