Re: [tcpinc] Making ECDHE-Curve25519 the only MTI for tcpcrypt

"Black, David" <David.Black@dell.com> Tue, 17 October 2017 22:59 UTC

Return-Path: <David.Black@dell.com>
X-Original-To: tcpinc@ietfa.amsl.com
Delivered-To: tcpinc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7E01713319E for <tcpinc@ietfa.amsl.com>; Tue, 17 Oct 2017 15:59:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.501
X-Spam-Level:
X-Spam-Status: No, score=-5.501 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-2.8, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=dell.com header.b=KJSfzzpr; dkim=fail (1024-bit key) reason="fail (message has been altered)" header.d=emc.com header.b=nB4cz6P5
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1Z6Pw3Gci4lJ for <tcpinc@ietfa.amsl.com>; Tue, 17 Oct 2017 15:58:58 -0700 (PDT)
Received: from esa6.dell-outbound.iphmx.com (esa6.dell-outbound.iphmx.com [68.232.149.229]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9E7F613318C for <tcpinc@ietf.org>; Tue, 17 Oct 2017 15:58:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=dell.com; i=@dell.com; q=dns/txt; s=smtpout; t=1508281138; x=1539817138; h=from:cc:to:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=10T5geQdw5kFdwUYGTYP16Z07y8nTQw82AxVFnypD8I=; b=KJSfzzpr8Uxmj/nlbAGtnNADgkkeyaynRZt+UmWBw+zO0Hqi8zQe6dKm HfPBshrZygV0yvHnJhFbe+kI2poG1Rf9cH4caxvQZMX9IgDi20PAOW5tk Ga/p1wEHXcbsEIvSStoI8wCLhOtqCEO6yKxE4nO6saqc2cFXvEyy3bmEr 0=;
Received: from esa6.dell-outbound2.iphmx.com ([68.232.154.99]) by esa6.dell-outbound.iphmx.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 17 Oct 2017 17:58:58 -0500
From: "Black, David" <David.Black@dell.com>
Cc: tcpinc <tcpinc@ietf.org>, Gregorio Guidi <greg_g@posteo.net>, ianG <iang@iang.org>, "Black, David" <David.Black@dell.com>
Received: from mailuogwdur.emc.com ([128.221.224.79]) by esa6.dell-outbound2.iphmx.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 18 Oct 2017 04:58:57 +0600
Received: from maildlpprd52.lss.emc.com (maildlpprd52.lss.emc.com [10.106.48.156]) by mailuogwprd52.lss.emc.com (Sentrion-MTA-4.3.1/Sentrion-MTA-4.3.0) with ESMTP id v9HMwreR029470 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Tue, 17 Oct 2017 18:58:54 -0400
X-DKIM: OpenDKIM Filter v2.4.3 mailuogwprd52.lss.emc.com v9HMwreR029470
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=emc.com; s=jan2013; t=1508281137; bh=/qKoxnGxh9QD144ke2/cXKsT71M=; h=From:To:CC:Subject:Date:Message-ID:References:In-Reply-To: Content-Type:Content-Transfer-Encoding:MIME-Version; b=nB4cz6P5B7m+yWXa62/iL4Uu8SCloyZkcC6GWN09ENwVbDBsHEnDihbqH8OOCLw79 2pm6Ahaml0ACPhzdqosv8G117wuIFXuFbDdaDS6Kj0xj1uP6nQH/kbFNAvMe1tBDFM 3wgdCyDF45zOnjML3/FgOkwIJnj38Af5kXk3UFQI=
X-DKIM: OpenDKIM Filter v2.4.3 mailuogwprd52.lss.emc.com v9HMwreR029470
Received: from mailusrhubprd02.lss.emc.com (mailusrhubprd02.lss.emc.com [10.253.24.20]) by maildlpprd52.lss.emc.com (RSA Interceptor); Tue, 17 Oct 2017 18:58:36 -0400
Received: from MXHUB313.corp.emc.com (MXHUB313.corp.emc.com [10.146.3.91]) by mailusrhubprd02.lss.emc.com (Sentrion-MTA-4.3.1/Sentrion-MTA-4.3.0) with ESMTP id v9HMwdbS022112 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=FAIL); Tue, 17 Oct 2017 18:58:39 -0400
Received: from MX307CL04.corp.emc.com ([fe80::849f:5da2:11b:4385]) by MXHUB313.corp.emc.com ([10.146.3.91]) with mapi id 14.03.0352.000; Tue, 17 Oct 2017 18:58:38 -0400
To: =?iso-8859-1?Q?Mirja_K=FChlewind?= <ietf@kuehlewind.net>, Kyle Rose <krose@krose.org>, David Mazieres expires 2018-01-14 PST <mazieres-ddragqirgwht7ezx2d39a3jw72@temporary-address.scs.stanford.edu>
Thread-Topic: [tcpinc] Making ECDHE-Curve25519 the only MTI for tcpcrypt
Thread-Index: AQHTRujrUtxw4oAg1k2sIw2zf+4myKLoWX0AgAAIVICAAEHkoA==
Date: Tue, 17 Oct 2017 22:58:38 +0000
Message-ID: <CE03DB3D7B45C245BCA0D243277949362FCE3BED@MX307CL04.corp.emc.com>
References: <D38E22E9-FBB6-40D1-BF85-D5A77F5C2365@kuehlewind.net> <20170830223758.GA73969@scs.stanford.edu> <3a8ac0e0-cd41-57c8-85a4-79c5f179385f@kuehlewind.net> <20170929203434.GA73214@scs.stanford.edu> <D78092B0-4C01-47D6-9B5D-9DB1DA5EFA83@kuehlewind.net> <877ewgrtp8.fsf@ta.scs.stanford.edu> <20171004233140.GB84701@scs.stanford.edu> <BDB8460A-E193-4C9C-BCBA-99B805F93D0A@kuehlewind.net> <e2ae6028-6ed2-c547-2a1f-f3c170b0fb89@posteo.net> <3879588f-d5ef-43c9-9d2c-7fe9c2657709@iang.org> <87h8uylfgk.fsf@ta.scs.stanford.edu> <CAJU8_nVAw3CJjaV9saKMit3rhvdWaUTZ090vMX3v0jLbAE0CQA@mail.gmail.com> <489870a3-58d1-eb2c-5a57-f9cf9b7f8daa@kuehlewind.net>
In-Reply-To: <489870a3-58d1-eb2c-5a57-f9cf9b7f8daa@kuehlewind.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.238.44.138]
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Sentrion-Hostname: mailusrhubprd02.lss.emc.com
X-RSA-Classifications: public
Archived-At: <https://mailarchive.ietf.org/arch/msg/tcpinc/bDKCUWzFcPnBfs3pWsD0p0dV6sg>
Subject: Re: [tcpinc] Making ECDHE-Curve25519 the only MTI for tcpcrypt
X-BeenThere: tcpinc@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Working group mailing list for TCP Increased Security \(tcpinc\)" <tcpinc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpinc>, <mailto:tcpinc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tcpinc/>
List-Post: <mailto:tcpinc@ietf.org>
List-Help: <mailto:tcpinc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpinc>, <mailto:tcpinc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Oct 2017 22:59:00 -0000

>  > Mirja and David Black: can you provide guidance here?
> 
> Yes, if the change is the right thing to do, you should do it. If there is
> agreement in the working group to make this change, I don't think we need
> another working group last call (but that's actually in the judgment of the
> chairs). So the only question would be, do we need another IETF last call for
> this? However, the IETF last call is still running. Therefore I would like to
> ask you to bring attention about this change to the ietf@ietf.org mail list,

I concur, and I will go do that by forwarding Gregorio's message to the IETF
list, providing a pointer to ianG's message of support and indicating that the
draft authors concur, also with a message pointer.  My rationale for forwarding
Gregorio's message is that it provides solid answers to the inevitable "why is
this change being made?" question both directly and in the form of a pointer
to the extensive DJB & T. Lange implementation-oriented critique of the
NIST curves.

Thanks, --David

> -----Original Message-----
> From: Tcpinc [mailto:tcpinc-bounces@ietf.org] On Behalf Of Mirja Kühlewind
> Sent: Tuesday, October 17, 2017 10:43 AM
> To: Kyle Rose <krose@krose.org>rg>; David Mazieres expires 2018-01-14 PST
> <mazieres-ddragqirgwht7ezx2d39a3jw72@temporary-
> address.scs.stanford.edu>; Black, David <david.black@emc.com>
> Cc: tcpinc <tcpinc@ietf.org>rg>; Gregorio Guidi <greg_g@posteo.net>et>; ianG
> <iang@iang.org>
> Subject: Re: [tcpinc] Making ECDHE-Curve25519 the only MTI for tcpcrypt
> 
> Hi David, hi Kyle, hi all,
> 
> On 17.10.2017 16:13, Kyle Rose wrote:
>  >     Question two, if no one object to this change and some people want to
>  >     see it, is whether it is now too late to make this change without
>  >     jeopardizing the RFC.  Can we still make such a change in last call?
>  >     It's obviously not a lot of text to change, but a fairly big semantic
>  >     change.  We'd appreciate guidance on this question from people with more
>  >     IETF experience.
>  >
>  >
>  > Mirja and David Black: can you provide guidance here?
> 
> Yes, if the change is the right thing to do, you should do it. If there is
> agreement in the working group to make this change, I don't think we need
> another working group last call (but that's actually in the judgment of the
> chairs). So the only question would be, do we need another IETF last call for
> this? However, the IETF last call is still running. Therefore I would like to
> ask you to bring attention about this change to the ietf@ietf.org mail list,
> meaning one of the authors could reply to the IETF last call email and
> explain that and why this change is planned. And then we can probably handle
> this basically like a last call comment and just update the draft
> respectively. In this case it would also be good if the authors could submit
> the updated version right at the end of the IETF last call, so this Friday,
> such that the ADs could review the updated version for the telechat next
> week. Would that be possible?
> 
> Mirja
> 
> _______________________________________________
> Tcpinc mailing list
> Tcpinc@ietf.org
> https://www.ietf.org/mailman/listinfo/tcpinc