Re: [TLS] On the difficulty of technical Mandarin (SM3 related)

David Hook <dgh@bouncycastle.org> Wed, 28 August 2019 14:47 UTC

Return-Path: <dgh@bouncycastle.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 444CA120043 for <tls@ietfa.amsl.com>; Wed, 28 Aug 2019 07:47:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=bouncycastle.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VnqYBPjZ7HYR for <tls@ietfa.amsl.com>; Wed, 28 Aug 2019 07:47:12 -0700 (PDT)
Received: from tauceti.org.au (mail.tauceti.org.au [203.32.61.25]) by ietfa.amsl.com (Postfix) with ESMTP id CAAE012001E for <tls@ietf.org>; Wed, 28 Aug 2019 07:47:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bouncycastle.org; s=default; t=1567003632; bh=XfoLxroqbN4I9Ko9NcivppOt0oCHv1RzAss6o88sLlI=; h=From:Subject:To:References:Date:In-Reply-To; b=OEppKtXGvBcZp8/FoFj5LJVEQyWsXL9af+9br09RMmtXXHKgW+YLiILZnPVAqQfch 3IrW0Xkp+gt+odxA98LLiTDh8g1RMbK4Rk7fL5nnRgNct5GpVgGsegwlqZMzyRPuGo f1pLJfbeqSoAvn/5SXsKjXBrbfEhwQGygd0gzqRY=
X-Default-Received-SPF: pass (skip=loggedin (res=PASS)) x-ip-name=dsl-203-113-194-216-static.VIC.netspace.net.au;
From: David Hook <dgh@bouncycastle.org>
To: tls@ietf.org
References: <CACsn0cnX4O7gTXVxkAmf4OzfL3Mj_Y9cGzzuG_SAipP4dq0R_A@mail.gmail.com> <261169543.NYn7jz4KrQ@pintsize.usersys.redhat.com>
Openpgp: preference=signencrypt
Autocrypt: addr=dgh@bouncycastle.org; prefer-encrypt=mutual; keydata= mQMuBFXzr6IRCAC3yVBmJnQs1bTjo7pc2SCqc4phaGn9CQfELrY/xxD+6Gyr5900cZHhFMJf 9tZO2wMOpi9E+zL9OZftp99NvlJMy50HMLV7/89I0UL2fwjYJCkYhKXusaA0SjxprHvWjQq+ AC6FliFZUWKBnfbm7rAU6pXEk5UBObliZh+Wymz3nkqsEx3bi9g0wS0Hg0SjDPwhDMvO8Ig5 2sqGikFMQ0SKAN6Q+gWMTwuj+JTOdRiGdPfUIEuKOO0chSIe7oo6bxk2E5g33sxvNNiJKF+n g/pNM2r+EEgl+4qsQW4mCofHPn1jgqTwC8UnTGzTgS3bLwVvlTlSuqGUQhvalrbE3CZrAQCT Z0rayqiuofdyruV0amsUwmaRiDRyUb9DpxVvw4P34wf+MOk0GTGmbB0kjlyAqpgeHbMSl6Hn wT+rAzb9Z4Lg/6yFwjKIrmk+tDEzyE3vNIPqZHBR0cCzpFfoqAn2bOSU8pgCX6vqWYEmFn+K pPfN3uGEc7YHjTCnfvF69fNSvW4d29DM1f8EBliwB1p9vSznmN5VwK/WnrRcK6czpLpFkYQO Hw2fMqkiQJ8rBqzukJzjOMxeDOnJJ/2tS3GtUgTV1g421dFADmorhbg6/BwAT2vyl2dNn1b3 FhMOkswZiJbMac6GfiHEkJJOn3nf2ogEfx1qF8DfP0zUlJOHsdeYfEiJIPIBWnNeYFe14mfy PDM0Vqu2fO7tpUmI4mO9Fg3EuAgArE8lfT1X8sS8gi4ugUwcURphl3o/EWTgUtjnA7qhWyCw xbnMcX+equ352N1Ycysh0EU/eAd8777ya6/bAy5BhDVVBU5W23mjtyEWe3ZLyPFTEmLITDNk oXUAg5DC2oJ8KVlGHJLStZNlIZA4zXsBl31ZG5Y5vv6lndVcY0fWFmLju53hE89LnDRPd5p2 xtO4e3EaSL/yXmrXhCSEgPKetN8fDBvcUcOF8+gQ4PO4PR53R76BeELAm0CcPqDToG3+/sGe OS+nYyA/r9iLE/apVoGgWm3Zdl8SdvbMue5OcvaMRuArKHebJQeMzuM36fGRfikLxYJ3wLOI chdq8T9frbRERGF2aWQgSG9vayAoTGVnaW9uIG9mIHRoZSBCb3VuY3kgQ2FzdGxlIEluYy4p IDxkZ2hAYm91bmN5Y2FzdGxlLm9yZz6IegQTEQgAIgUCVfOvogIbAwYLCQgHAwIGFQgCCQoL BBYCAwECHgECF4AACgkQbqHzoYMuRw5t0QEAie5/YuoYbyYmjd60oQrEUcgIZo/SkYRQwa1c UFxqwmoA/3Qc2p2KdMZRWuBtmbbaaIyEtIFKoqJ5/3G6LPr//fLVuQINBFXzr6IQCACrfJ5Y S5UIwx4IvjQH1so9i6dWZnBAM26nq5NJUaVx0R1T9yMPzXX4CDhPf7r7bUBuj8rnEoDNYcbw uLl046lBfawUNWIfli/WnZcbm5npAGpNhp+fwjrzm4N7LLINV1l5SWaIG/ip4jb+OcTyXWjW Fffdg6cVIjzWbh189fKcnqn3CFYH/WNZsJqcsJcYxMn/Cf0zc4jxv2JLP/Wx/3TvQY1BgQDL 2ZJGWRlHtNwVauovX50uEAmEBTyjhoGYS9bv/LPfeerRB+BuMc01wa0IcMmgciHc2KZ5hNUu Ww9Oti/jtL++WT7sLZBL/uWlp2ENJStKFHycbay4S0+abo9TAAMFB/9qoKm9wsVcxy7DfEeq vA+w8kkF1ZH51SqQNIT3nDXfrXnxBds5N5eUxl3+1jeyA/bHoi46E0Iw07+3ahU6sI/HWgz/ D2V17KsqJ9YkDprwj8iFFJChL+u5nfhJdrNjo0JTqrZfCdHBqF728pTqxQEV2wIqqwMdxHJz PVo82WnlSsxGyKUIhH5JTx0wpMFkAN2ADuz0JNwOv6dFCm+GOEFmOth1Ka3tWTmBgIfTnYat SsZrpZQ8Ze9/c3VD3ehAOjwZDiMlvBXclybUeZsvxHwNkUKdWr0QWdufd67nof243SosPFU1 KhUvRkeJkkKIZQ8fZah6g72qOqa4Nm07sU6EiGEEGBEIAAkFAlXzr6ICGwwACgkQbqHzoYMu Rw5WzQD/f0N/uQW62hvRXMuTJokzNCzt+5tnexlhqd/kqt71704A/36lBpZVxKh8J60zWoXz yKg+swupstMKq+8Jhmwxsirb
Organization: The Legion of the Bouncy Castle Inc.
Message-ID: <437517de-1253-dfa6-6817-c5ec0f80ef94@bouncycastle.org>
Date: Thu, 29 Aug 2019 00:47:09 +1000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.8.0
MIME-Version: 1.0
In-Reply-To: <261169543.NYn7jz4KrQ@pintsize.usersys.redhat.com>
Content-Type: multipart/alternative; boundary="------------EC63329AB985979A131FA770"
Content-Language: en-US
X-Authenticated-User: david@planethook.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/5ADsjyLrCz1uqzqdDieYWct4MmA>
Subject: Re: [TLS] On the difficulty of technical Mandarin (SM3 related)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Aug 2019 14:47:15 -0000

For what it's worth we on the Bouncy Castle project have managed to
implement most of the SM* standards already. I'll admit there were some
minor language issues (ignorance on our part), but for most of us I
think we'd agree that maths and tests vectors (while still based around
ASCII Hex/base64) are really quite familiar in any language (now at
least) and in most cases all that are required to produce a working
implementation. So we believe our C#, Java APIs, and Kotlin APIs can
already produce signatures, and certificates, in line with the current
draft for SM TLS 1.3 Cipher Suite already. We'd certainly welcome
feedback on whether we've been successful as well. The code is available
under https://github.com/bcgit

I would stress that this is not to say that there are not subtletys
around parameter choices that can be missed in trying to manage a
standard in another language (parameter choices that can affect security
for example), but if the first stage is interop and there is a mechanism
for validation, interop can easily dealt with. After that it's about
validation. Validation is going to be about something that rulesĀ  out
invalid parameter choices and chooses representative test vectors. It's
rarely about a standards document though.

I can understand the pain about the cost of ISO standards as well, but
having gone down the FIPS path also one realizes it's more about what
you test against than where you got the description of what you
implemented from, to that end a "not so definitive standard" can fill in
the gap. Even if you have the definitive reference it's still easy to
get it wrong, sometimes standard authors don't write the things we need
to hear, ultimately it's really about testing and analysis.

Regards,

David

On 28/8/19 10:24 pm, Hubert Kario wrote:
> On Monday, 19 August 2019 17:05:06 CEST Watson Ladd wrote:
>> Dear all,
>>
>> I see no reason why English alone should be accepted for standards
>> documents we reference. French and German pose few difficulties, and one
>> can always learn Russian.
>>
>> What I don't know is how difficult Mandarin is at a level to read a
>> standards document. I expect the mechanics of using the dictionary to
>> dominate.
> I am familiar with few languages, the issue is even finding dictionary able to 
> translate the technical terms correctly. Specialist texts are full of jargon 
> and jargon is very hard to translate correctly. It's not as simple as chucking 
> the text sentence by sentence at google translate[1] and fixing few grammar 
> mistakes.
>
>> I'm concerned about the traceability of unofficial Englidh PDFs on some
>> website: could the Chinese body responsible host them instead?
>>
>> I fully expect this to be a more general IETF problem.
> one of the primary objectives of IETF is interoperability
>
> given that, and the fact the the TLS specification is written in English, 
> there should be a specification of any algorithm that is supposed to be 
> integrated with it and published under the auspice of IETF to also be 
> available in English
>
> it's a matter of practicality, not politics
>
>  1 - other automated internet translation services are available
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls