Re: [tcpinc] Eric Rescorla's Discuss on draft-ietf-tcpinc-tcpcrypt-09: (with DISCUSS and COMMENT)

Eric Rescorla <ekr@rtfm.com> Fri, 30 November 2018 00:57 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: tcpinc@ietfa.amsl.com
Delivered-To: tcpinc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 68B1F12DDA3 for <tcpinc@ietfa.amsl.com>; Thu, 29 Nov 2018 16:57:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.357
X-Spam-Level:
X-Spam-Status: No, score=-3.357 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-1.459, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YPDY4ohdBKph for <tcpinc@ietfa.amsl.com>; Thu, 29 Nov 2018 16:57:06 -0800 (PST)
Received: from mail-lf1-x12d.google.com (mail-lf1-x12d.google.com [IPv6:2a00:1450:4864:20::12d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 754E512D4EA for <tcpinc@ietf.org>; Thu, 29 Nov 2018 16:57:04 -0800 (PST)
Received: by mail-lf1-x12d.google.com with SMTP id z13so2865694lfe.11 for <tcpinc@ietf.org>; Thu, 29 Nov 2018 16:57:04 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=tF+WNfpTGhHhQ+YsNmDR/lBzmDb1CmcslJWt6oj8H6M=; b=KL35jCodP1FMqWiLv1rptHbukNRA5MKgMQEya5FoWEqW3cW7Ogt8CjbysGBh2W9z9s Xriau/JTq3jQcvbeFwQjnplI+perl72FdZQzgi3DzfvLvbXiE+cr8M+dxr4b5pJ+Y47a IiXTWNFMqsaQFbZa1gZIN311jcsf6P+zYj4fs1rUddr7tHxT8dzaLI2PfcwkJ0E/BXMl TCqXou0HM02LIB+EnzM2j2u1jhSl2VPNIgowaf6llApyTvBfO1xEbYNcNsINO5+il7ir rsE3U2jmhw2IxCkzhcP7FbP2D8Ziu93XLWL6C/drNLv3DaIBGSdbYRzm9COwbGrJ7lOe P+5w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=tF+WNfpTGhHhQ+YsNmDR/lBzmDb1CmcslJWt6oj8H6M=; b=I37x0DYZT5d3eDUazHf6egM4crQVVoBLWGGvLEbf6bDjyhHaxRjCTlZPq1Xb/VWwZQ gPPnaObmPM7QzQS8bX3Hb7OeY07m21pJHdadgo/JmhYwyxpsqhvtNp/l1VfYmjdTBKr1 kLyiw3IiwVGXNku3/NYFB81acPn6K5W4poxEIiJDT2AQOlG8ec0tOfUmqT7osKWuvlQM 7SDx/p1Ar8hakxEm5PtYJ0ZdUTQCMTrbMVClaoGa2KorTE63PhaIA6fr7xUIirweoIZw 9rJyGMhwdtSryF1xJP4CFNZzcyof0iTzH+IiWEkUV016vu6hQyWFnMmEc0aPUZJbKwyx xqLA==
X-Gm-Message-State: AA+aEWbz4gZyAMQsQ0+vn35Gdnwi/GRKhSifXbnm9LpIPiDiqE1JzvBO FeCpMyccZNKZtg+lK1AiqYiJPGyYdc6w4DgleRgSUQ==
X-Google-Smtp-Source: AFSGD/WAdBy4nrenHWwqIS5WLXuj51y+sqQq61QCf/B2oPkaLsiNslPN7OjJEWqdP8A/RuJLF5wG1nbOFTh7asNlq04=
X-Received: by 2002:a19:54d7:: with SMTP id b84mr2251940lfl.131.1543539422567; Thu, 29 Nov 2018 16:57:02 -0800 (PST)
MIME-Version: 1.0
References: <CAJU8_nUx=k-nKLcrY0iVeSL7THCVARanZymWbTHaNbR+FKavPw@mail.gmail.com> <20171128223855.GE42654@scs.stanford.edu> <CAJU8_nUeTj2fwr4PAJ1T34uACHK=OnX1_OC3+UB9DomcvvcPMw@mail.gmail.com> <CABcZeBPe5_UhhmhiSBMGqYTfT7pyVhaeWXBOkw7CHRumghN57Q@mail.gmail.com> <8736skgjot.fsf@ta.scs.stanford.edu> <CABcZeBO6HRTCfkcNivnagjpxOhEvEvC5WeKFXOhdcHAnCc1tFw@mail.gmail.com> <87a7mp9din.fsf@ta.scs.stanford.edu> <CABcZeBNHxqU0k+jK61zTKoUmuY2V9tcgEZM9Y=R5RkciZjnXtQ@mail.gmail.com> <20181108211936.GA38291@scs.stanford.edu> <CABcZeBP_x91zXJv-F07ptxSduwWq-7va=_hpwW8J1sgDKMh5pA@mail.gmail.com> <20181129184122.GA26520@scs.stanford.edu>
In-Reply-To: <20181129184122.GA26520@scs.stanford.edu>
From: Eric Rescorla <ekr@rtfm.com>
Date: Thu, 29 Nov 2018 16:56:24 -0800
Message-ID: <CABcZeBP2Q+i2N4_+T-KRLR-XtDJiUREpU8V9kUAVTsCwm-D=kQ@mail.gmail.com>
To: Daniel B Giffin <dbg@scs.stanford.edu>
Cc: tcpinc <tcpinc@ietf.org>, Kyle Rose <krose@krose.org>, tcpinc-chairs@ietf.org, mazieres-nj788xtv7k4q4yq2nedg4eupms@temporary-address.scs.stanford.edu, "Black, David" <David.Black@dell.com>, IESG <iesg@ietf.org>, draft-ietf-tcpinc-tcpcrypt@ietf.org
Content-Type: multipart/alternative; boundary="000000000000fab4de057bd74666"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tcpinc/ruUpH85aV2TonEgyyrPRLR__s0M>
Subject: Re: [tcpinc] Eric Rescorla's Discuss on draft-ietf-tcpinc-tcpcrypt-09: (with DISCUSS and COMMENT)
X-BeenThere: tcpinc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Working group mailing list for TCP Increased Security \(tcpinc\)" <tcpinc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpinc>, <mailto:tcpinc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tcpinc/>
List-Post: <mailto:tcpinc@ietf.org>
List-Help: <mailto:tcpinc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpinc>, <mailto:tcpinc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Nov 2018 00:57:07 -0000

SGTM.

-Ekr


On Thu, Nov 29, 2018 at 10:41 AM Daniel B Giffin <dbg@scs.stanford.edu>;
wrote:

> Okay, how about this language that harmonizes with the SSL
> approach:
>
>   Key-agreement schemes ECDHE-Curve25519 and ECDHE-Curve448
>   perform the Diffie-Helman protocol using the functions
>   X25519 and X448, respectively.  Implementations SHOULD
>   compute these functions using the algorithms described in
>   RFC7748.  When they do so, implementations MUST check
>   whether the computed Diffie-Hellman shared secret is the
>   all-zero value and abort if so, as described in Section 6
>   of RFC7748.  Alternative implementations of these
>   functions SHOULD abort when either input would force the
>   output to one of a small set of values, as discussed in
>   Section 7 of RFC7748.
>
> That last sentence is explicit (or as explicit as practical
> in the scope of this document) because I really can't find
> any *instruction* in Section 7 about input checking.
>
> d
>
>