Re: [secdir] Secdir review of draft-ietf-karp-crypto-key-table-08.txt

Uri Blumenthal <uri@MIT.EDU> Fri, 09 August 2013 12:28 UTC

Return-Path: <uri@mit.edu>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B5A1F21F9EFF; Fri, 9 Aug 2013 05:28:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.203
X-Spam-Level:
X-Spam-Status: No, score=-2.203 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, MIME_QP_LONG_LINE=1.396, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JYyvwBgjv9i7; Fri, 9 Aug 2013 05:28:51 -0700 (PDT)
Received: from dmz-mailsec-scanner-1.mit.edu (dmz-mailsec-scanner-1.mit.edu [18.9.25.12]) by ietfa.amsl.com (Postfix) with ESMTP id C67BB21F9E9A; Fri, 9 Aug 2013 05:28:44 -0700 (PDT)
X-AuditID: 1209190c-b7fac8e000006335-14-5204e07b093e
Received: from mailhub-auth-1.mit.edu ( [18.9.21.35]) by dmz-mailsec-scanner-1.mit.edu (Symantec Messaging Gateway) with SMTP id 53.92.25397.B70E4025; Fri, 9 Aug 2013 08:28:43 -0400 (EDT)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by mailhub-auth-1.mit.edu (8.13.8/8.9.2) with ESMTP id r79CSf19006603; Fri, 9 Aug 2013 08:28:42 -0400
Received: from [192.168.1.108] (chostler.hsd1.ma.comcast.net [24.62.227.134]) (authenticated bits=0) (User authenticated as uri@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id r79CSb39012732 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT); Fri, 9 Aug 2013 08:28:39 -0400
References: <7E1636E02F313F4BA69A428B314B77C708CA7638@xmb-aln-x12.cisco.com> <9D8F4DC5-30E2-4E21-B28C-C44DA6105A5F@vigilsec.com> <tsl61vhwl0b.fsf@mit.edu> <7E1636E02F313F4BA69A428B314B77C708CAF367@xmb-aln-x12.cisco.com>
Mime-Version: 1.0 (1.0)
In-Reply-To: <7E1636E02F313F4BA69A428B314B77C708CAF367@xmb-aln-x12.cisco.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
Message-Id: <70181507-3E70-4DED-9E74-2F61CBF63F50@mit.edu>
X-Mailer: iPad Mail (10B329)
From: Uri Blumenthal <uri@MIT.EDU>
Date: Fri, 9 Aug 2013 08:28:39 -0400
To: "Klaas Wierenga (kwiereng)" <kwiereng@cisco.com>
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprOKsWRmVeSWpSXmKPExsUixCmqrFv9gCXIYP03Noudf6ewWMz0tJjx ZyKzxdlfTBYfFj5kcWD1mPJ7I6vHkiU/mTxmf2tl9Phy+TNbAEsUl01Kak5mWWqRvl0CV0b3 j1fsBXcFK1Zs2cvUwDiVr4uRk0NCwESi6V4HE4QtJnHh3nq2LkYuDiGBfYwSl6etZwdJCAls YJQ4/ykCwt7LJPHmPxdE0W1GiU8nrrB2MXJw8AqIS1w96ANSwyngK3HrWx87SJhZQEdi8kJG kDCzgLbEsoWvmUFsXgEriZYVH9hBxjALvGOU2LrzOiPEETISm7c/BtvLJqAk0dy8hRXEFhbw k/g3bT+YzSKgItG89i3Y0SJAD+xe9oltAqPgLIQrZiFsnoVk8wJG5lWMsim5Vbq5iZk5xanJ usXJiXl5qUW6hnq5mSV6qSmlmxjBYS7Js4PxzUGlQ4wCHIxKPLwntjAHCbEmlhVX5h5ilORg UhLllb/DEiTEl5SfUpmRWJwRX1Sak1p8iFGCg1lJhHf7BKAcb0piZVVqUT5MSpqDRUmc9+nT s4FCAumJJanZqakFqUUwWRkODiUJ3tL7QI2CRanpqRVpmTklCGkmDk6Q4TxAw+1AaniLCxJz izPTIfKnGHU5Js2d/4lRiCUvPy9VSpy3HaRIAKQoozQPbg4sPb1iFAd6S5hXDKSKB5ja4Ca9 AlrCBLRk+mGwJSWJCCmpBkYNM/myKZy5njPjbz9V2qj2Zxfv9p2itx7N2Pyp6vnS2WyyeyZ7 ewTyTzNTYbVXKNmXLL/jQ8/jPQERBi9m/L0kZmg7gW9PktahRwtnC0/K+FvaneFVmvnHbIOk SUPl8tbTFtJzZq966tRv9PycyZ3z6h3Zpf7OoSefKn5fqDbbJ+Ot7eQ7pWFKLMUZiYZazEXF iQDXUiUwKgMAAA==
Cc: Sam Hartman <hartmans@PAINLESS-SECURITY.COM>, "draft-ietf-karp-crypto-key-table.all@tools.ietf.org" <draft-ietf-karp-crypto-key-table.all@tools.ietf.org>, The IESG <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
Subject: Re: [secdir] Secdir review of draft-ietf-karp-crypto-key-table-08.txt
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Aug 2013 12:28:56 -0000

IMHO, yes - a KDF must be one-way. Including "key-stretcher" functions.

TNX!

Sent from my iPad

On Aug 9, 2013, at 4:48, "Klaas Wierenga (kwiereng)" <kwiereng@cisco.com>; wrote:

> Russ, Sam,
> 
> On Aug 7, 2013, at 5:58 PM, Sam Hartman <hartmans@PAINLESS-SECURITY.COM>; wrote:
> 
>>>>>>> "Russ" == Russ Housley <housley@vigilsec.com>; writes:
>> 
>>   Russ> Klaas: The property you describe depends on the inputs to the
>>   Russ> KDF, not just the definition of the function.
>> 
>>   Russ> Notice that an IANA registry is defined, and each entry should
>>   Russ> point to a definition of the function.
>> 
>> So, there are a couple of things.
>> There are functions that take a random bit string and convert them into
>> a key.  For example if you have 56 random bits and want a 64-bit
>> correct-parity DES key.
>> 
>> I don't have  a good name for such a function but it's not a KDF.
>> 
>> There are functions that take the output of key agreement (DH, ECDH,
>> etc) and convernt into a good symmetric key.  I've heard those described
>> as key expansion functions or KDFs.
>> 
>> There are functions that take one symmetric key and turn it into another
>> symmetric key so that you can construct a key hierarchy.  I've also seen
>> these described as KDFs.  It's probable that any function that's really
>> good at taking key agreement output as input and producing a strong key
>> will also be good enough  for establishing a key hierarchy.
>> 
>> I'm not aware of definitive definitions in this space, and I'm fairly
>> sure the text we added in 08 is what we mean for this document.
> 
> OK, I don't argue that this is what you need at all, so no argument there. The only question I raised is whether one-way is a necessary condition for each and every KDF. I would argue that key stretching not necessarily means one-way .
> 
> If you add "in this document" somewhere in the definition I'd be happy, if you don't, no big deal either.
> 
> Klaas
> 
> 
> 
> _______________________________________________
> secdir mailing list
> secdir@ietf.org
> https://www.ietf.org/mailman/listinfo/secdir
> wiki: http://tools.ietf.org/area/sec/trac/wiki/SecDirReview