Re: [Sframe] John Scudder's No Objection on draft-ietf-sframe-enc-07: (with COMMENT)
Richard Barnes <rlb@ipv.sx> Wed, 03 April 2024 15:39 UTC
Return-Path: <rlb@ipv.sx>
X-Original-To: sframe@ietfa.amsl.com
Delivered-To: sframe@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2C072C14F5F6 for <sframe@ietfa.amsl.com>; Wed, 3 Apr 2024 08:39:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.893
X-Spam-Level:
X-Spam-Status: No, score=-1.893 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ipv-sx.20230601.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QDeFuSHdtpHK for <sframe@ietfa.amsl.com>; Wed, 3 Apr 2024 08:39:54 -0700 (PDT)
Received: from mail-il1-x136.google.com (mail-il1-x136.google.com [IPv6:2607:f8b0:4864:20::136]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5C761C14F5F8 for <sframe@ietf.org>; Wed, 3 Apr 2024 08:39:48 -0700 (PDT)
Received: by mail-il1-x136.google.com with SMTP id e9e14a558f8ab-368a97b31d1so27893105ab.0 for <sframe@ietf.org>; Wed, 03 Apr 2024 08:39:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipv-sx.20230601.gappssmtp.com; s=20230601; t=1712158787; x=1712763587; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=Nj9NiGmJP7QrDIifAAd6RekDyINKSrGskE3ldZCQlzc=; b=lpKUir4p2TRp+SCAoNJNrQQNf3M34hhx9BBkU32AvHHcUyQAHw2lkBLK2O2sMJR3Oi XICtZTftwVvwuncA9NaVsNkBimY+WQWoLM1VvMiB//tNdAaKn9MJpOAtKI5CUjEOyQKX npTk98xZTiWPS7lP0YexIamufeTTwpq4C8I/apvn9mcDy6RIuEMaZJRyJdXhUBCqyDrw 9Q2aqRQeEOhFcEJAPyhPNC8i4JYKKmGdzw4vIqq+BcoubT61jtmpur/HcL0A9dWJvI4q MQ4pgD1VLANWLh+VGRuLM0T9GeEWN515gUYZRQ5aWGCcuA5mtIDd2WfQwFHZ1vo7sw4V MRSg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712158787; x=1712763587; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=Nj9NiGmJP7QrDIifAAd6RekDyINKSrGskE3ldZCQlzc=; b=LQE1eCgMRaVG45K0Uqsw15F8ZkttjbSJhuNTTBo/0TdynhZVNB70OIZf7UOpgNSwSR ZdAASCXbbVo0SZJcXM33kfZQceoihKZ8gTK4HMU3fH3c7v0RbPISo0ONckCLq05RJaAz ST6w7MJgiKdr60dddYrXAS1SxmRW4d47ai2ld3NqOZgdQ4LlFIK0SxDfOQlP+2LI0WAg HtjPqPS1uAgjC88rsf7MOWEUseExDP18LCh00k4g+SR5gq8xsJSOkcNt/tW5S5DduPKh DAyC1T+bQQfxITjJiA1taVRu+UOlkkdIv5X0cS73ECfCgVN6MnkDXj4R/6b89BkMBQh6 9OPA==
X-Forwarded-Encrypted: i=1; AJvYcCUenvMz1mbyx478Nut0StRAxrCTa54tijSMO/foyFQuB8PT9d5fyp76b1Qgm+0q+BySb8E2XNU5Cg//nkDnfPw=
X-Gm-Message-State: AOJu0YwQxL1j22A+pI4Tv9qap0YnzZIXsgpe7FWe4jY6s3TDzfkPsTR0 pWwn8Byp7WLjPq6g0c5zb/5bCYgF2gm+JgaQaBW2Ilfud7AjUh7Bp1Q80a09cw8ZLNU1RLlo91Z UBqjrLF1bNucc6VvFbFdn5sqhTDQ3CYSN+2TIxp10kTg+XCmYg54=
X-Google-Smtp-Source: AGHT+IGuM0Bi71uHWc23U0mW+iy09IEhavcBBlWpSL0UILa5kuKFe7RtJs20vuY8l+Hr+nALjiGjYBScGQDWMgavUXE=
X-Received: by 2002:a05:6e02:3882:b0:369:bb06:82e8 with SMTP id cn2-20020a056e02388200b00369bb0682e8mr8674074ilb.30.1712158787274; Wed, 03 Apr 2024 08:39:47 -0700 (PDT)
MIME-Version: 1.0
References: <171215449244.43146.5206581136717668242@ietfa.amsl.com>
In-Reply-To: <171215449244.43146.5206581136717668242@ietfa.amsl.com>
From: Richard Barnes <rlb@ipv.sx>
Date: Wed, 03 Apr 2024 11:39:36 -0400
Message-ID: <CAL02cgRGF0un9Cd+xyRTyaNojgE+YqU_W8TdQ1jDStjL_YO-Ew@mail.gmail.com>
To: John Scudder <jgs@juniper.net>
Cc: The IESG <iesg@ietf.org>, draft-ietf-sframe-enc@ietf.org, sframe-chairs@ietf.org, sframe@ietf.org, mt@lowentropy.net
Content-Type: multipart/alternative; boundary="00000000000050af59061533084a"
Archived-At: <https://mailarchive.ietf.org/arch/msg/sframe/ra0s-A7v9hMM2XBQpgSKj6wc4CQ>
Subject: Re: [Sframe] John Scudder's No Objection on draft-ietf-sframe-enc-07: (with COMMENT)
X-BeenThere: sframe@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Secure Media Frames <sframe.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sframe>, <mailto:sframe-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sframe/>
List-Post: <mailto:sframe@ietf.org>
List-Help: <mailto:sframe-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sframe>, <mailto:sframe-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Apr 2024 15:39:59 -0000
Hi John, Thanks for taking a look. Re "external" - Fair point. To elaborate a little, the objective here is to prevent timing attacks by a few potential classes of attacker: Network attackers, the SFU, other endpoints, or other software on the subject endpoint. Network attackers are constrained by the HBH protection we assume exists. Endpoints are unlikely to get high-resolution timing measurements. The SFU has the ability to send the endpoint synthesized ciphertexts within the HBH channel, as well as a more direct connection to the endpoint that would facilitate good timing measurement. Similar story for other software on the host. The high-level message, though, is that `SFrameContext::decrypt()` should be a constant-time operation, irrespective of whether the decryption is successful or not. I think the current text is close enough to capture that, but would be open to clarifying further. Re compressed CTR representation -- You're correct that the 3-bit CTR representation is not that useful, and in fact, it used to not exist (that field was always CLEN). We changed it so that you could use the same logic to process both KID and CTR: https://github.com/sframe-wg/sframe/pull/140 Cheers, --Richard On Wed, Apr 3, 2024 at 10:28 AM John Scudder via Datatracker < noreply@ietf.org> wrote: > John Scudder has entered the following ballot position for > draft-ietf-sframe-enc-07: No Objection > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to > https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ > for more information about how to handle DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-sframe-enc/ > > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > Thanks for this document. To the extent I’m qualified to review it, I > found it > clear, comprehensive, and readable. I have a minor comment and a trivial > question. > > Comment: > > “Invalid ciphertexts SHOULD be discarded in a way that is > indistinguishable (to > an external observer) from having processed a valid ciphertext.” > > This might be clear to someone within your ecosystem, but I wonder what > exactly > is meant by “external” here. I infer it means an observer without any > access to > a system that’s participating in the conference, because otherwise, I > don’t see > how this requirement could be met (consider the case where the discarded > ciphertext is a keyframe, for example). > > Whether this calls for clarification or not is up to you. > > Question: > > I also wonder as to the practical value of the compressed CTR > representation — > I would have imagined that most use cases would emit more than 8 > plaintexts, > and for that matter, if there are 8 or fewer plaintexts to be emitted over > the > lifetime of the KID, the application is so low-volume that maybe the > optimization doesn’t buy you much as compared to, say, adding another bit > to > the compressed KID field. > > But this is just idle curiosity, even if the answer was “yeah, it’s not > that > useful” I wouldn’t advocate changing the encoding at this late date. > > > >
- [Sframe] John Scudder's No Objection on draft-iet… John Scudder via Datatracker
- Re: [Sframe] John Scudder's No Objection on draft… Richard Barnes
- Re: [Sframe] John Scudder's No Objection on draft… John Scudder
- Re: [Sframe] John Scudder's No Objection on draft… Richard Barnes