[saag] Re: The curve mess, and lessons for more crypto

Michael Richardson <mcr+ietf@sandelman.ca> Sun, 08 September 2024 16:04 UTC

Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DD5E0C151534 for <saag@ietfa.amsl.com>; Sun, 8 Sep 2024 09:04:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Level:
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=sandelman.ca
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id m5y9JGnC5h35 for <saag@ietfa.amsl.com>; Sun, 8 Sep 2024 09:04:43 -0700 (PDT)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 63ADDC14CE39 for <saag@ietf.org>; Sun, 8 Sep 2024 09:04:38 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by tuna.sandelman.ca (Postfix) with ESMTP id D74B738D3C; Sun, 8 Sep 2024 12:04:36 -0400 (EDT)
Received: from tuna.sandelman.ca ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavis, port 10024) with LMTP id R2nz1KMjjUPM; Sun, 8 Sep 2024 12:04:35 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sandelman.ca; s=mail; t=1725811475; bh=uOmuSJ30tGdCeW/f8fBzHgAB0sK1WF3CkwCkfbHB1UI=; h=From:To:Subject:In-Reply-To:References:Date:From; b=IsSKbXhnkWe/HDtBrP2Ft/OxDw7YzdmChhPfu9pAMCX53u4qBcVV2ITXwnMEMj7+e 0CKLlxw6YboBEmc71m+KiaJ4z1AcQqG14A5qHjli+GnrBUwC40r/a04YPzngAvUazr cxL+rLmvOOzYAnvAVkHho8ldXFsr2V+26ki52BCmOrqk/mpAlWLDq0onCKuZ7ALPeV eHo8CtGg+KVxVwHmVawVTaAQGytZd6rHuqvqn7LyxWjhDnnRioEqGM2ptNpquoN0vt 7neP6dY6dwMowt7ZdEUFptBVi/BKBSVb1z3dirJRv8WDwBQ5fFpfa4vTFjoJurSyAI 7xWdi29+nkxeA==
Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id 0F86938D3A; Sun, 8 Sep 2024 12:04:35 -0400 (EDT)
Received: from obiwan.sandelman.ca (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 0521731E; Sun, 8 Sep 2024 12:04:35 -0400 (EDT)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: Watson Ladd <watsonbladd@gmail.com>, IETF SAAG <saag@ietf.org>
In-Reply-To: <CACsn0c=GFSsZm01jgtE9Xu5_BKhbpD8ZDxKUhv+ebxT3EJMHuw@mail.gmail.com>
References: <CACsn0c=GFSsZm01jgtE9Xu5_BKhbpD8ZDxKUhv+ebxT3EJMHuw@mail.gmail.com>
X-Mailer: MH-E 8.6+git; nmh 1.8+dev; GNU Emacs 28.2
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0;<'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Date: Sun, 08 Sep 2024 12:04:34 -0400
Message-ID: <24943.1725811474@obiwan.sandelman.ca>
Message-ID-Hash: LNTHM2JKAFTXR3ANC73C2IZIAS6UQY2S
X-Message-ID-Hash: LNTHM2JKAFTXR3ANC73C2IZIAS6UQY2S
X-MailFrom: mcr+ietf@sandelman.ca
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-saag.ietf.org-0; header-match-saag.ietf.org-1; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [saag] Re: The curve mess, and lessons for more crypto
List-Id: Security Area Advisory Group <saag.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/xFiSFVqrzuOXJv9iYroRbG6iF_g>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Owner: <mailto:saag-owner@ietf.org>
List-Post: <mailto:saag@ietf.org>
List-Subscribe: <mailto:saag-join@ietf.org>
List-Unsubscribe: <mailto:saag-leave@ietf.org>

Watson Ladd <watsonbladd@gmail.com> wrote:
    > For the past 9 years we've all tried to forget the fiasco that was the
    > process leading up to the publication of RFC 7745. It ruined several
    > collegial relationships: I understand some people don't talk to each

I didn't know it was that bad.

    > To my mind the fundamental lesson is that the IETF/IRTF consensus
    > model does not do well when one proposal must win. Furthermore, as we
    > aren't the protocol police, winning doesn't actually do much to
    > advance what happens or change the Internet. Therefore we should avoid
    > having contests and choose to let participants in the ecosystem decide
    > what of several equivalent proposals will survive. This suggests being
    > much more lax about WGs introducing crypto proposals and selecting
    > them than some views I've heard expressed, because we really cannot
    > effectively say no, and saying "only one must survive" does a lot of
    > damage.

As a consumer of CFRG and NIST opinions, I am not sure I agree with the many
flowers in the field view of things.  (There is a more precise quote from
Scott Bradner, going back to when he was an AD)

    > Now, I want to treat lightly and not ascribe positions to people they
    > don't actually hold, but I've seen people say no, CFRG should continue
    > to bless winners/we should defer to NIST. Working groups shouldn't
    > adopt drafts calling for cryptography outside of that. Or at least
    > that's my understanding of what's been discussed, not just in regards
    > to SSH but also in regards to the future of CFRG. And I see the issue
    > with snakeoil and wanting to bring some degree of clarity to complex
    > decisions about what to do, but I think that this cure is worse than
    > the disease.

I think that I agree: this cure is worse.

I also think that we shouldn't elevate NIST to a position above other
national standards bodies.  "First among equals" perhaps.
Companies that want to sell to us.gov will need to pay attention to NIST, and
naturally we should have code points.


--
Michael Richardson <mcr+IETF@sandelman.ca>   . o O ( IPv6 IøT consulting )
           Sandelman Software Works Inc, Ottawa and Worldwide