Re: [tcpinc] tcpcrypt MTI key exchange (speak now or forever hold your peace...)

Rene Struik <rstruik.ext@gmail.com> Tue, 24 October 2017 01:22 UTC

Return-Path: <rstruik.ext@gmail.com>
X-Original-To: tcpinc@ietfa.amsl.com
Delivered-To: tcpinc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ADE1F138BE2 for <tcpinc@ietfa.amsl.com>; Mon, 23 Oct 2017 18:22:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BLN0auCzrt9J for <tcpinc@ietfa.amsl.com>; Mon, 23 Oct 2017 18:22:53 -0700 (PDT)
Received: from mail-io0-x230.google.com (mail-io0-x230.google.com [IPv6:2607:f8b0:4001:c06::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C4C2913AAFF for <tcpinc@ietf.org>; Mon, 23 Oct 2017 18:22:52 -0700 (PDT)
Received: by mail-io0-x230.google.com with SMTP id j17so22138498iod.5 for <tcpinc@ietf.org>; Mon, 23 Oct 2017 18:22:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-transfer-encoding:content-language; bh=dRacQoZxryYk850XJlvUDVZ5rIxyRoqOAaC74BVnJZM=; b=YxpUZfuoF3G3hAyZN+/TTS6LQIiPvhCv4O2qhAW9L2twEklo2ZvZ1uDLyof1pW0etG OZa0lX4OTyF2z69OOwWdwqF27IjQZSVdZYouPlRAhXliOizdcRLj+cvntmaMQUMfypDp OrDa3vob6yP8qqLpoiNHbFN9tkL0BhG9MSiQ9BpFnmI1nmVEIGGiC9Ujnf4J1VOnF/Gq seZ7qoxpkt34VPP+Tqk7sewphVvJ5J8j4tZpjiajMhMYhoO/MlHYBTYso4ugXcZeUhQ1 m0dfuAlRRIRODGTc8R/C0hX0X/Shaq5QjGD2/v/LdlD2EPWvYRddUlaIY8biBbyf9r8b JbuA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding :content-language; bh=dRacQoZxryYk850XJlvUDVZ5rIxyRoqOAaC74BVnJZM=; b=L8VlwMUs2m8hcO3ADV6YpwnZZScCdnqHX+zWWalOV1ckmYHwVrcQQSYI7bKP4QJvT1 d57HakXofE6byewOGkvwRms6668QxkI/zoJRIduIN51mdg9G/Ik6QAj/fTP04Ze2g5wR bOSIFVjsM0Zdl4j4zpo/2RoevSiglROTdcnAgJxgUGxaHtwmj4bAzf6njC3iLMrKWUK/ nTMcAiKDRVJxDk1mJ/oJBRscrcPMDB3z/xPrY06eCiFnxEYv5++yiKXs1oxlPQVcLRk3 5UJIWzhe61Som3KpvnPK885mbPpmOSe31FjsQG4o9Hqc4+rrm65aTwgLzlMDn+8O5e0c tVSA==
X-Gm-Message-State: AMCzsaUeqLV7siZpNBbrGlqSCjymHuARJEyxpCSzesj8HfeINap9nCav DBhprNyNaQCfycQcERj6Gu9Rhw==
X-Google-Smtp-Source: ABhQp+TxdiHyVJdmqIwWTWpnRn4SRfZyyLRzGynV7Ndy9wnecNBvVIVX3fzNaLF+JOo470S93rdpaQ==
X-Received: by 10.107.31.201 with SMTP id f192mr18916726iof.12.1508808171903; Mon, 23 Oct 2017 18:22:51 -0700 (PDT)
Received: from [192.168.0.14] (CPE7cb21b2cb904-CM7cb21b2cb901.cpe.net.cable.rogers.com. [99.230.209.238]) by smtp.gmail.com with ESMTPSA id x137sm146839itb.37.2017.10.23.18.22.50 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 23 Oct 2017 18:22:51 -0700 (PDT)
To: David Mazieres expires 2018-01-21 PST <mazieres-m3w8362yb4cc5hherzqjdkknf6@temporary-address.scs.stanford.edu>, iang <iang@iang.org>, Gregorio Guidi <greg_g@posteo.net>, tcpinc@ietf.org
References: <D38E22E9-FBB6-40D1-BF85-D5A77F5C2365@kuehlewind.net> <20170830223758.GA73969@scs.stanford.edu> <3a8ac0e0-cd41-57c8-85a4-79c5f179385f@kuehlewind.net> <20170929203434.GA73214@scs.stanford.edu> <D78092B0-4C01-47D6-9B5D-9DB1DA5EFA83@kuehlewind.net> <877ewgrtp8.fsf@ta.scs.stanford.edu> <20171004233140.GB84701@scs.stanford.edu> <BDB8460A-E193-4C9C-BCBA-99B805F93D0A@kuehlewind.net> <e2ae6028-6ed2-c547-2a1f-f3c170b0fb89@posteo.net> <3879588f-d5ef-43c9-9d2c-7fe9c2657709@iang.org> <87h8uylfgk.fsf@ta.scs.stanford.edu> <87h8upk3we.fsf@ta.scs.stanford.edu>
From: Rene Struik <rstruik.ext@gmail.com>
Message-ID: <8eb673b4-f7ff-456d-8623-30914d01503c@gmail.com>
Date: Mon, 23 Oct 2017 21:22:47 -0400
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0
MIME-Version: 1.0
In-Reply-To: <87h8upk3we.fsf@ta.scs.stanford.edu>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/tcpinc/jDPkGXan0n89iMm1xaBE51V2Jow>
Subject: Re: [tcpinc] tcpcrypt MTI key exchange (speak now or forever hold your peace...)
X-BeenThere: tcpinc@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Working group mailing list for TCP Increased Security \(tcpinc\)" <tcpinc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpinc>, <mailto:tcpinc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tcpinc/>
List-Post: <mailto:tcpinc@ietf.org>
List-Help: <mailto:tcpinc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpinc>, <mailto:tcpinc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Oct 2017 01:22:55 -0000

Hi David:

This should be okay as long as people are painfully aware that 
implementations should take algorithm agility into account [1]. In 
particular, no complaining about vested interests down the road, in case 
a suite change should be required. The protocol should also support 
*now* algorithm agility, via indicator functions of the suite in question.

Rene

[1] RFC 7696 - Guidelines for Cryptographic Algorithm Agility and 
Selecting Mandatory-to-Implement Algorithms (November 2015)

On 10/23/2017 4:25 PM, David Mazieres wrote:
> We are considering the following proposal for MTI key exchange protocols
> in tcpcrypt:
>
>    1. Implementations MUST support Curve25519.
>
>    2. Implementations SHOULD support Curve448 to the extent that suitable
>       implementations are available.
>
>    3. Implementations MAY support P256 and P521 (particularly since
>       hardware implementations are widely available for the former).
>
> (Obviously whatever algorithms are supported can always be disabled by
> configuration--this is just about what the software MUST support, not
> what everyone must use.)
>
> The security ADs have not 100% signed off on this approach yet, but seem
> receptive to it.  However, given the timeline, we would like to
> parallelize things and find out *now* if there are any objections to the
> proposal.  Based on the working group discussion, I think everyone will
> be happy, so please speak up now if you object.
>
> Thanks,
> David
>
> _______________________________________________
> Tcpinc mailing list
> Tcpinc@ietf.org
> https://www.ietf.org/mailman/listinfo/tcpinc


-- 
email: rstruik.ext@gmail.com | Skype: rstruik
cell: +1 (647) 867-5658 | US: +1 (415) 690-7363