IETF Logo Mail Archive

Re: [saag] Discuss at SAAG? was Re: nation state crypto profiles - draft-jenkins-cnsa-cmc-profile-00

Yoav Nir <ynir.ietf@gmail.com> Tue, 02 October 2018 22:30 UTC

Return-Path: <ynir.ietf@gmail.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 29AD71311AE for <saag@ietfa.amsl.com>; Tue, 2 Oct 2018 15:30:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YGhh-3t_bctV for <saag@ietfa.amsl.com>; Tue, 2 Oct 2018 15:30:29 -0700 (PDT)
Received: from mail-wm1-x330.google.com (mail-wm1-x330.google.com [IPv6:2a00:1450:4864:20::330]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 80B5E13119F for <saag@ietf.org>; Tue, 2 Oct 2018 15:30:28 -0700 (PDT)
Received: by mail-wm1-x330.google.com with SMTP id z204-v6so2858322wmc.5 for <saag@ietf.org>; Tue, 02 Oct 2018 15:30:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=c/9K5slZ8aqs875e4+ujGGONKjJmMeP5VEtpzz2VnYA=; b=GUy0kOg9PQ2TuLi61vaPqXOBjR71/chKZIBi0vyJ6cPeL4VNK452ANSxDphlWcpUs5 xSOcfq6IhL6TSp5okDe83n82TMMTDTq/ZerN4N7fEbl9BUlV8lGKrayEqS9F3ynRJcuy jYa51d2+IzEV92VkRELdEvP/4Erm9OhL5mEQm69wX7qdVpC2pDPiYfn94UlutpGAcDoY hlqRE5n+rlL3zczR29sHGtHXO5PDULJ4spAnV/Gy/2CNje07f6up2c7nov4vAwbmI581 5lNsa4JN0T5ZRgcWOvjm0wuuDaC3slJnJXvGEHiWUFXLuUYLoTVHYjrXnmcX72fOuj9U GWyw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=c/9K5slZ8aqs875e4+ujGGONKjJmMeP5VEtpzz2VnYA=; b=L7CSTyIHKyBRHRYFgxnzcPDKcdyIQ89UPSSJDuOKj63lq9mwo8VPzKTCaD9VWkPJcc NoNNxNJUVs9VO4GGeYLlhY2QY2CfQOiIZmoNZBEU61mTuBnGoMBhr8bObqvuvwGHVosr stFeE32NUvRQqGBDGvkwte9NTtCV7BmV2vSub+Ejpppo7cHAz6aOAXYurvQOwjR/3wLY bWDcZId0eCVA4PaejYks9Bj1sM/fVa2jB8gLn5+sKDvAt6imR60IUVlpvHDCdK52tHHx GLeyOxq4qxyzExGtqZqejVlmZ8GLTVzOlOzx30sG4OoAVHNO+58Kwx1BeXDZFX8XKgib zq5g==
X-Gm-Message-State: ABuFfojhKQgck7Ia5IABxlP7OAiwd85MfrmBBcAaASSKHtXgA906Jrcf 7VC1eJdl+0C8UN+/zxAZ1Sc=
X-Google-Smtp-Source: ACcGV63hKxk2o5FT4dDEsJm3h39ULKCs+W8bIACK4I3UBpAKMYUShYx0q+kgTMdlF86B86DvYKfYEw==
X-Received: by 2002:a7b:c017:: with SMTP id c23-v6mr3270272wmb.136.1538519426878; Tue, 02 Oct 2018 15:30:26 -0700 (PDT)
Received: from [192.168.1.12] ([46.120.57.147]) by smtp.gmail.com with ESMTPSA id y125-v6sm982268wme.12.2018.10.02.15.30.25 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 02 Oct 2018 15:30:26 -0700 (PDT)
From: Yoav Nir <ynir.ietf@gmail.com>
Message-Id: <A229BF2D-EE82-41DF-AFF0-610BB17A4462@gmail.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_DDCE0649-E974-4B69-B9CC-A3643065245E"
Mime-Version: 1.0 (Mac OS X Mail 12.0 \(3445.100.39\))
Date: Wed, 03 Oct 2018 01:30:23 +0300
In-Reply-To: <20181002220720.GD56675@kduck.kaduk.org>
Cc: Paul Wouters <paul@nohats.ca>, Security Area Advisory Group <saag@ietf.org>
To: Benjamin Kaduk <kaduk@mit.edu>
References: <7CB10AE4-09C1-4AC5-B255-6489EF1FAE78@akamai.com> <alpine.LRH.2.21.1810021734350.12702@bofh.nohats.ca> <BEC2489D-FE1E-4E55-A88C-05E0143F8415@gmail.com> <20181002220720.GD56675@kduck.kaduk.org>
X-Mailer: Apple Mail (2.3445.100.39)
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/zHEd8DsOjWAAYPCQW3IfnCF4vz0>
Subject: Re: [saag] Discuss at SAAG? was Re: nation state crypto profiles - draft-jenkins-cnsa-cmc-profile-00
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Oct 2018 22:30:31 -0000


> On 3 Oct 2018, at 1:07, Benjamin Kaduk <kaduk@mit.edu> wrote:
> 
> On Wed, Oct 03, 2018 at 01:02:55AM +0300, Yoav Nir wrote:
>> 
>> 
>>> On 3 Oct 2018, at 0:36, Paul Wouters <paul@nohats.ca> wrote:
>>> 
>>> On Tue, 2 Oct 2018, Salz, Rich wrote:
>>> 
>>>> *  (e.g. TLS ciphersuites identifiers) to use them for national-wide purposes 
>>>> *  along with "first class" algorithms. 
>>>> TLS has moved to “doc required”  Not “RFC required.”  And added a column that says whether it is “recommended” or “no comment.”  This seems like it will work out well.
>>> 
>>> Similarly, for IKE/IPsec, the IANA registries are Expert Review, not "RFC required”
>> 
>> Right. So if SAAG (or the IESG) can guide the designated experts about national crypto, that would be great.
>> 
>> Suppose (and this is just an example) the Russian government would like to use TLS 1.3 with the Kuznyechik cipher. This is assuming that it has an AEAD mode defined, so it can be used. They have several options:
>> They can publish a document on gostperevod.com <http://gostperevod.com/> <http://gostperevod.com/ <http://gostperevod.com/>> and ask IANA to register the Kuznyechik AEAD in the TLS registries.
>> They can publish a draft (in addition to #1) and then ask IANA to register the Kuznyechik AEAD in the TLS registry while asking the RFC editor to publish.
>> The can publish on gostperevod.com <http://gostperevod.com/> <http://gostperevod.com/ <http://gostperevod.com/>> and tell everyone to squat on (0x13, 0x79)
>> 
>> I think we can all agree that #3 is a bad outcome, but that is what they will do if IANA won’t allocate identifiers.
>> 
>> IMO #1 is good enough, provided we can get guidance from SAAG or the IESG to recommend such registration.
>> 
>> It should be noted that a line should be drawn somewhere. I think a nation state with serious cryptographers such as Russia should get a code point for its national crypto.  I think someone who has come up with a great new algorithm that he totally cannot break should not get a code point. Somewhere between these two extremes the line should be drawn. The question is where?
> 
> That's a question for the corresponding registry's Designated Experts,

Right. Which is why I’m asking.

> presumably.  RFC 8447 gives guidance to the experts (for the ciphersuite
> registry):
> 
>   Note:  The role of the designated expert is described in RFC 8447.
>      The designated expert [RFC8126] ensures that the specification is
>      publicly available.  It is sufficient to have an Internet-Draft
>      (that is posted and never published as an RFC) or a document from
>      another standards body, industry consortium, university site, etc.
>      The expert may provide more in-depth reviews, but their approval
>      should not be taken as an endorsement of the cipher suite.
> 
> which seems to push the Experts towards being pretty generous about
> approving codepoint requests.  I would be surprised if #1 above was
> controversial

As soon as it’s about national (or “vanity”) crypto, it becomes controversial. Even if it isn’t, I’d like people’s opinions as to where to draw the line.

> (but, to be clear, would welcome a conversation with the
> experts if needed; I'm not trying to force anyone's hand).
> 
> -Ben

v2.23.0 | Report a Bug | By Email