IETF Logo Mail Archive

Re: [secdir] [Cfrg] ISE seeks help with some crypto drafts

Watson Ladd <watsonbladd@gmail.com> Sun, 10 March 2019 02:56 UTC

Return-Path: <watsonbladd@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3777512008A; Sat, 9 Mar 2019 18:56:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SOlRRSn0UFpn; Sat, 9 Mar 2019 18:56:12 -0800 (PST)
Received: from mail-lf1-x130.google.com (mail-lf1-x130.google.com [IPv6:2a00:1450:4864:20::130]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 613BB1275E9; Sat, 9 Mar 2019 18:56:12 -0800 (PST)
Received: by mail-lf1-x130.google.com with SMTP id p1so989311lfk.9; Sat, 09 Mar 2019 18:56:12 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=+70s/FrxjUFD9qkdn4BQ4W3R67SG3FLltUeWgaSsaSY=; b=BnUmXVKFpSTRprFC50+igtE+VEMrGJ8EFxCmlmAaPWHmvgZt+gj+W2w3GjDSYzl0eF 9i+b5BAGFqfrnuMOzZe7NwtlS3OxsRmHWKWFc8CbYpbMP0tGlW0CVQhAYCEYFwjfomea uuLDoe8VRv69gNRbsRmZk8Qgnpmy0ZymqU1CwyHgY79jhkPs8Uh4ZKFgobweiIfJ/858 ixWv7qrnixJYZdoSkjEnwLEcjyHlIh/cQTyJrr5+CeKvcvwCg/lTcej1eIGX2Dl5/ZxO cnKhUXup2RKkH+uPcrDTwujWzUMeYFZrQtkfw5CEqTMN8VEQFgZu48k8S2Y4E4kVtOYG 6LnQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=+70s/FrxjUFD9qkdn4BQ4W3R67SG3FLltUeWgaSsaSY=; b=mpU+6cEH59oPMTNfy9EU/cVa1g9BSCEKSapjOPB5SHQUOHIdYgZxQqLcxwpwKXfVBj x0t3TK0Y5lZp3N9ikEEsvu3Ws6GKXlssymv+vt+eNtIxrXimY1deU96DF11dIqaqnUqb YaE+HUSzWmnBfwMFMSMFILdKx+DpDIKc75Y6bfnL1P3PyoIFHFJPwdv+G+nXxmfO6aZv qsoDDSX9xgtR50u4x0puJIwaM/7DWUNTwE3M8m8XTZB5dPNK7Wl7/SNTJzvb39Aoc5TR gTiuNqvua7OceOWH4Zw2vv7H0oZ8TfSczKT5dESZXdUX68sSFZ6aXh0boxzdAOgmGDPD O86g==
X-Gm-Message-State: APjAAAUZovi26DXGuX5KWRCMyArpLFIuEJj3L6C3Y2i4swR+pEs3QzrQ 5LovjWwZxOqaEietxdls8Kwsc5YgdTp+4IOBGkE=
X-Google-Smtp-Source: APXvYqwOKpz13brzh4jHwHKn68SxoDgymaJvcC8Warv+UBqLVHc0nDNeTxjTHDZHUbhlxZFZG2SceTlJHU5OD83blwg=
X-Received: by 2002:a19:2c52:: with SMTP id s79mr14089399lfs.32.1552186570362; Sat, 09 Mar 2019 18:56:10 -0800 (PST)
MIME-Version: 1.0
References: <1d8de489fc976b63a911573300a431d4.squirrel@www.amsl.com> <EDCE0340-E79A-4464-B4A6-F539C694601C@akamai.com> <B536DE62-B202-4484-91AE-DDF7C3DD9503@gmail.com> <F5A25573-D7B5-4F0A-AE7A-7ACF9D613C9C@ericsson.com> <CAHOTMVJSazerng82T7LGZqQ9H5ODrLOacKKYMXrqGYJ42sDm+A@mail.gmail.com> <38FEBE5B-B60E-49DD-B048-A8A08EBF7FB4@azet.org> <C99F53D2-FC9C-468E-BB02-2BE4B4BDE7A7@azet.org> <F6D6DE1B-DAD9-4F91-9420-B32F7DAC1C56@vpnc.org> <CAHOTMV+v2dtG_eHA41Xi5_HnTVaCb1sygppe0JMHiYzzG3ZYqg@mail.gmail.com> <alpine.LRH.2.21.1903091737380.29170@bofh.nohats.ca>
In-Reply-To: <alpine.LRH.2.21.1903091737380.29170@bofh.nohats.ca>
From: Watson Ladd <watsonbladd@gmail.com>
Date: Sat, 09 Mar 2019 18:55:58 -0800
Message-ID: <CACsn0cma2brnBEboqi94jx6ndAw=T_QGaSZ=FOCK73a9ZNDN+A@mail.gmail.com>
To: Paul Wouters <paul@nohats.ca>
Cc: Tony Arcieri <bascule@gmail.com>, trustees@ietf.org, CFRG <cfrg@irtf.org>, "RFC ISE (Adrian Farrel)" <rfc-ise@rfc-editor.org>, secdir <secdir@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000026d63d0583b499d6"
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/dQi2zbX7kS1djj0vUlwgvr4lrUI>
Subject: Re: [secdir] [Cfrg] ISE seeks help with some crypto drafts
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 10 Mar 2019 02:56:16 -0000

On Sat, Mar 9, 2019, 6:47 PM Paul Wouters <paul@nohats.ca> wrote:

> On Sat, 9 Mar 2019, Tony Arcieri wrote:
>
> > Here is the specific wording he is suggesting:
> >
> >  "Phillip Rogaway offers a royalty-free non-exclusive license to all
> claims of the referenced patents needed to realize a fully compliant
> > implementation of any IETF standards-track protocol supporting AES-OCB
> (RFC 7253)."
> >
> > I think he's looking for guidance around how to properly phrase that if
> anyone has a more concrete suggestion for how to put it in the
> > form of an IPR statement.
>
> While this phrasing would solve the issues for some protocols, such as IKE
> and IPsec, it is still a request that the IETF publish a cryptographic
> standard that cannot be freely used. The IETF normally does not do that
> unless there are exceptional reasons to do so. It would be good to see
> thse reasons written up for evaluation.
>
> It would be problematic too if someone using an RFC wouldn't realise
> their use of this standard would be in violation of Mr. Rogaway's IPR.
>
> I also believe allowing OCB for only TLs in the past was a mistake we
> should not repeat in a slightly different form by covering a few more
> protocols.
>
> Note also RFC 3979:
>
> https://tools.ietf.org/html/rfc3979#section-8
>
>     Over the last few years the IETF has adopted stricter requirements
>     for some security technologies.  It has become common to have a
>     mandatory-to-implement security technology in IETF technology
>     specifications.  This is to ensure that there will be at least one
>     common security technology present in all implementations of such a
>     specification that can be used in all cases.  This does not limit the
>     specification from including other security technologies, the use of
>     which could be negotiated between implementations.  An IETF consensus
>     has developed that no mandatory-to-implement security technology can
>     be specified in an IETF specification unless it has no known IPR
>     claims against it or a royalty-free license is available to
>     implementers of the specification unless there is a very good reason
>     to do so.
>
> As the IETF has been moving towards reducing the number of algorithms,
> it would not make sense to promote a new algorithm that can never become
> mandatory-to-implement.
>

I read the above differently: the specification it refers to is not of OCB
but the IETF protocol which the IP statement clearly permits royalty free
usage and hence OCB is acceptable.

>
> Maybe it would be good to involve the IETF Trust in this matter?


> Paul
>
> _______________________________________________
> Cfrg mailing list
> Cfrg@irtf.org
> https://www.irtf.org/mailman/listinfo/cfrg
>

v2.23.0 | Report a Bug | By Email