IETF Logo Mail Archive

[lamps] Re: WG Last Call for draft-ietf-lamps-kyber-certificates-07

"D. J. Bernstein" <djb@cr.yp.to> Fri, 10 January 2025 21:14 UTC

Return-Path: <djb-dsn2-1406711340.7506@cr.yp.to>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0A3B6C151073 for <spasm@ietfa.amsl.com>; Fri, 10 Jan 2025 13:14:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.905
X-Spam-Level:
X-Spam-Status: No, score=-1.905 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4_15fFDFvZha for <spasm@ietfa.amsl.com>; Fri, 10 Jan 2025 13:14:10 -0800 (PST)
Received: from salsa.cs.uic.edu (salsa.cs.uic.edu [131.193.32.108]) by ietfa.amsl.com (Postfix) with SMTP id 4A97DC14CF17 for <spasm@ietf.org>; Fri, 10 Jan 2025 13:14:10 -0800 (PST)
Received: (qmail 22236 invoked by uid 1010); 10 Jan 2025 21:14:09 -0000
Received: from unknown (unknown) by unknown with QMTP; 10 Jan 2025 21:14:09 -0000
Received: (qmail 100778 invoked by uid 1000); 10 Jan 2025 21:13:57 -0000
Date: Fri, 10 Jan 2025 21:13:57 -0000
Message-ID: <20250110211357.100776.qmail@cr.yp.to>
From: "D. J. Bernstein" <djb@cr.yp.to>
To: spasm@ietf.org
Mail-Followup-To: spasm@ietf.org, sob@harvard.edu
In-Reply-To: <F8EBA92E-B9A6-4149-9A0F-EDE82A782317@vigilsec.com>
Message-ID-Hash: JGLIW4J5F4HA3GWRUE27PYVMMJUBO7NX
X-Message-ID-Hash: JGLIW4J5F4HA3GWRUE27PYVMMJUBO7NX
X-MailFrom: djb-dsn2-1406711340.7506@cr.yp.to
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-spasm.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: sob@harvard.edu
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [lamps] Re: WG Last Call for draft-ietf-lamps-kyber-certificates-07
List-Id: This is the mail list for the LAMPS Working Group <spasm.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/U5pf3tPaBsmY4sth36bJg9gpGL4>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Owner: <mailto:spasm-owner@ietf.org>
List-Post: <mailto:spasm@ietf.org>
List-Subscribe: <mailto:spasm-join@ietf.org>
List-Unsubscribe: <mailto:spasm-leave@ietf.org>

Russ Housley writes:
> there are no IPR disclosures, including third-party IPR disclosures,
> against this document

Here's the BCP 79 rule I quoted: "An IETF consensus has developed that
no mandatory-to-implement security technology can be specified in an
IETF specification unless it has no known IPR claims against it or a
royalty-free license is available to implementers of the specification."

This says "no known IPR claims". It isn't limited to claims for which
the disclosure procedures of the document were followed.

> This is not a mandator-to-implement algorithm.  If one chooses to
> implement this specification, then that implementer will obviously
> need to implement ML-KEM.

That makes the algorithm mandatory to implement.

> Implementation of this specification is
> completely voluntary, even if it is published as a standards-track RFC.

The rule is for "mandatory-to-implement security technology ... in an
IETF specification".

Replacing this with "security technology ... in an IETF specification
that something else mandates implementing" would make the rule useless:
a new spec isn't required by anything yet.

More to the point, that isn't what the rule says. The question isn't
whether something external is mandating the spec; the question is
whether the patented technology is mandated by the spec.

> The IETF does have change control over this specification, but it does
> not have change control over ML-KEM.

So anyone who wants to violate the BCP 79 requirement of change control
can simply factor the part that IETF can't change into an external spec,
and still have IETF mandate usage of that spec? No need for agreements
such as RFC 1790 and RFC 2339! This evasion is completely undermining
the purpose and effect of IETF having change control.

> If a problem is ever discovered with ML-KEM, then the IETF will have
> two choices.  The IETF can work with NIST to resolve the problem, or
> the IETF can deprecate the use of ML-KEM.

One could equally well argue, for any X where IETF doesn't have change
control, that IETF can handle a problem with X by trying to resolve the
problem or by deprecating the use of X.

The users who trusted IETF and deployed X have an easier time deploying
a tweak to X than deploying something completely different. This puts
the patent holder in a perfect position to make money, charging everyone
for the privilege of using a tweak for X.

This is contrary to the whole idea of avoiding patented technology.
Sure, the money-making happens only when X turns out to be flawed, but
flaws are found in IETF specs all the time. This is incentivizing patent
holders to allow IETF free usage of specific options, betting (or maybe
even knowing) that users will want tweaks later. IETF should be avoiding
this trap and instead putting effort into patent-free alternatives.

Anyway, these discussions of the merits of IETF change control are not
what matters for this WGLC. What matters is that BCP 79 is IETF policy
and requires change control for anything on the standards track.

---D. J. Bernstein

v2.46.0 | Report a Bug | By Email | System Status