Minutes IETF102: cfrg
||Minutes IETF102: cfrg
CFRG Minutes - IETF 102 - Montreal
Chair - Alexey Melnikov, Kenny Paterson
Notes - Joe Salowey
- Prelude - Alexey
Alexey: Kenny not present. CFRG is looking for a third chair.
Alexey: Chairs need to follow-up on PKEX and several other drafts
- Hashing to Elliptic Curves - Chris Wood
Stephen Farrell: Options cause confusion, can we get rid of options?
Chris: Start with survey of design space, then set one set for each case
Stephen: That would be good to limit options
Rob: Reference implementation is good idea
- VRF (Verifiable Random Function) - Leo Reyzin
Seeking feedback for several items listed in slides
Stanislav: Good work. Draft has improved. VRF security more strict than
signatures. Move hash based signature ideas to VRFs? Leo: Heard about lattice
base VRFs, but not hash based signatures
Chris Wood: converge on hash2curve with hash2curve
Leo: Can define a ciphersuite to account for discrepencies
Harkins (Jabber): Is it possible to make this generic?
Leo: For specific curves you have to different things
Robin Wilton: can you specify an offset for the hash
Stanislav: What applications are VRF used for?
Leo: Algorand and NSEC5 amongst others
Stanislav: Happy to provide review
- Randomness - Stanislav
David McGrew: Analysis assumption that signature of Tag 1 is not available to
attacker. May not always be the case. Should be noted in document. Stanislav:
Yes, should be noted in security considerations under what conditions security
New draft before IETF-103
- OPAQUE - Hugo Krawczyk (HK)
Chris Wood (CW): Is OPRF the same?
HK: Exponential vs multiplicative
CW: Which protocols?
HK: KCI type protocols
CW: Some drafts in TLS WG
Stanislav: Should not use the same private key with different servers
Hugo: Private key is transient so no need to use with multiple servers
Stanislav: Should document this, in order to avoid "naive" implementations
Bob MOskowitz: Link to draft didn't work?
HK: Try PDF link, it works
Dave McGrew: Should talk to Richard Barnes. Secure password protocols are a
Sharon: Notation inconsistencies. Should converge notation for CFRG between
- Kangaroo Twelve - Benoit Viguier
Stanislav - Bringing this to ISO? They are working on hash functions.
Benoit - did not know about that.