From nobody Mon Jan 3 10:23:51 2022 Return-Path: X-Original-To: crypto-panel@ietfa.amsl.com Delivered-To: crypto-panel@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8D8173A07B7 for ; Mon, 3 Jan 2022 10:23:48 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lvLSJGBcSxxJ for ; Mon, 3 Jan 2022 10:23:44 -0800 (PST) Received: from rfc-editor.org (rfc-editor.org [IPv6:2001:1900:3001:11::31]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 96D5E3A07B9 for ; Mon, 3 Jan 2022 10:23:44 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by rfc-editor.org (Postfix) with ESMTP id C29D135220; Mon, 3 Jan 2022 10:23:42 -0800 (PST) X-Virus-Scanned: amavisd-new at rfc-editor.org Received: from rfc-editor.org ([127.0.0.1]) by localhost (rfcpa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0Aj0Hs7SD34k; Mon, 3 Jan 2022 10:23:38 -0800 (PST) Received: from www.rfc-editor.org (localhost [127.0.0.1]) by rfc-editor.org (Postfix) with ESMTP id 67BC0358B0; Mon, 3 Jan 2022 10:23:38 -0800 (PST) Received: from 148.252.133.182 (SquirrelMail authenticated user rfcpise) by www.rfc-editor.org with HTTP; Mon, 3 Jan 2022 18:23:38 -0000 Message-ID: <16b2ca1e3dcffb5248d3553c66e86210.squirrel@www.rfc-editor.org> In-Reply-To: References: Date: Mon, 3 Jan 2022 18:23:38 -0000 From: "RFC ISE (Adrian Farrel)" To: "Stanislav V. Smyshlyaev" Cc: crypto-panel@irtf.org, cfrg-chairs@ietf.org, rfc-ise@rfc-editor.org Reply-To: rfc-ise@rfc-editor.org User-Agent: SquirrelMail/1.4.21 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal Archived-At: Subject: Re: [Crypto-panel] Request for review: "SPAKE2+, an Augmented PAKE" (ISE) X-BeenThere: crypto-panel@irtf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Jan 2022 18:23:49 -0000 Hi all, Were there any people willing/interested to comment on this draft? Thanks, Adrian -- Adrian Farrel (ISE), rfc-ise@rfc-editor.org Stanislav V. Smyshlyaev wrote: > Dear Crypto Panel Experts, > > The chairs would like to ask the Crypto Panel to provide a review for > version -03 of the "SPAKE2+, an Augmented PAKE" draft, > draft-bar-cfrg-spake2plus-03 ( > https://datatracker.ietf.org/doc/html/draft-bar-cfrg-spake2plus-03), which > is an ISE draft now. > > > Any volunteers? > > Stanislav (on behalf of the CFRG Chairs) > From nobody Mon Jan 3 10:36:17 2022 Return-Path: X-Original-To: crypto-panel@ietfa.amsl.com Delivered-To: crypto-panel@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B34D33A089A for ; Mon, 3 Jan 2022 10:36:16 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -9.596 X-Spam-Level: X-Spam-Status: No, score=-9.596 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=faWSFbVJ; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=oNQ+/I3o Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JKf9S7jrh20r for ; Mon, 3 Jan 2022 10:36:12 -0800 (PST) Received: from rcdn-iport-7.cisco.com (rcdn-iport-7.cisco.com [173.37.86.78]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 171943A085A for ; Mon, 3 Jan 2022 10:36:12 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=1114; q=dns/txt; s=iport; t=1641234970; x=1642444570; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=yTmIiEtGVWQTMbKfg/MHxgtCyZQV/mv/lAxGjfJUiGQ=; b=faWSFbVJqBIO2iyXDa7ek2eV91sxM1/OTvAdn51X8UyGwVRt4YGO4qaL A0Z3R0DaQ7O7LZ1jp66DtKWMbZwC5Jfi7RcHWeCzLUX7RQQYw+D43w5xL HwscmUUdWMC/i8wZu35NsiP7g37Ayk7+6sHhIn1vEfCguvDsJjNzhPODi U=; IronPort-PHdr: =?us-ascii?q?A9a23=3Atj+bNRKEdENSH9OjntmcuWEyDhhOgF28FgIW6?= =?us-ascii?q?59yjbVIf+zj+pn5J0XQ6L1ri0OBRoTU7f9Iyo+0+6DtUGAN+9CN5XYFdpEfW?= =?us-ascii?q?xoMk85DmQsmDYaMAlH6K/i/aSs8EYxCWVZp8mv9P1JSHZP1ZkbZpTu56jtBc?= =?us-ascii?q?ig=3D?= IronPort-Data: =?us-ascii?q?A9a23=3ASi0Ugq7vz5CGIRq7snfHmgxRtOLFchMFZxGqf?= =?us-ascii?q?qrLsTDasY5as4F+vmYbXTvUPfjeMWT0c41yao+xoRxVucPQmINlSwBs/ilgZ?= =?us-ascii?q?n8b8sCt6fZ1gavT04J+FiBIJa5ex512huLocYZkHhcwmj/3auK79SAkjvnSL?= =?us-ascii?q?lbBILes1h5ZFFcMpBgJ0XqPq8Zh6mJZqYDR7zGl4LsekOWHULOR4AOYB0pPg?= =?us-ascii?q?061RLyDi9yp0N8QlgRWifmmJzYynVFNZH4UDfnZw3cV3uBp8uCGq+brlNlV/?= =?us-ascii?q?0vD9BsrT9iiiLu+IwsBQ6XZOk6FjX8+t6qK20cZ4HdtlPdgcqNANC+7iB3R9?= =?us-ascii?q?zx14M5DsYGwUwozFqbNg+8aFRJfFkmSOIUXpuOcfibu7Jz7I0ruNiGEL+9VJ?= =?us-ascii?q?Eo4J4Jd8eZ+AHtV3f0VND5LaQqM78q92qOjVu4pns0lIc3DPZkDtDdn1z6xJ?= =?us-ascii?q?e0jUIvDWLvi6tpR3TN2jcdLdd7EacFcaCFiRA7OaFhCNlYLD4h4m/2n7kQT2?= =?us-ascii?q?RUwREm9v6E75S3YyxZ8lemrO9vOcdvMTsJQ9nt0b1nupwzRaiz2/vTGodZdz?= =?us-ascii?q?k+Ruw=3D=3D?= IronPort-HdrOrdr: =?us-ascii?q?A9a23=3AYTsY66+x9XocyPKDkOxuk+F6db1zdoMgy1?= =?us-ascii?q?knxilNoENuE/BwxvrBoB1E73DJYW4qKQ4dcdDpAtjmfZquz+8K3WB3B8biYO?= =?us-ascii?q?CGghrnEGgG1+vfKlLbalbDH4JmpMJdmu1FeaHN5DtB/IbHCWuDYqwdKbC8mc?= =?us-ascii?q?jC74qzvhQdLz2CKZsQkjuRYTzrdHGeMTM2fabRY6Dsn/avyQDQHUg/X4CePD?= =?us-ascii?q?0oTuLDr9rEmNbNehgdHSMq7wGIkHeB9KP6OwLw5GZcbxp/hZMZtUTVmQ3w4a?= =?us-ascii?q?uu99uhzAXH6mPV55NK3PP819p4AtCWgMR9EESvtu/oXvUlZ1SxhkFznAid0i?= =?us-ascii?q?dtrDAKmWZ4Ay1H0QKUQohym2q05+Cv6kd015ao8y7ovZKqm72IeNt9MbsauW?= =?us-ascii?q?qcGSGpt3bJe7pHof92NiuixulqJAKFkyLn69fSURZ20kKyvHo5iOYWy2dSSI?= =?us-ascii?q?0EddZq3MEiFW5uYdw99RjBmcoa+ShVfbbhzecTdUnfY2HSv2FpztDpVnMvHg?= =?us-ascii?q?2eSkxHvsCOyTBZkH1w0kNdnaUk7zg93YN4T4MB6/XPM6xumr0LRsgKbbhlDO?= =?us-ascii?q?NERcesEGTCTR/FLWrXK1X6E6MMPW7LtvfMkfkIzfDvfIZNwIo5mZzHXl8dvW?= =?us-ascii?q?kue1j2AcnLx5FP+gClehT0Yd0s8LAW23FUgMyIeFPbC1z0dLl1qbrTnxw2OL?= =?us-ascii?q?yuZ8qO?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0B5AAANQdNh/5FdJa1aHAEBAQEBAQc?= =?us-ascii?q?BARIBAQQEAQFAgUYGAQELAYFRVQd4WjcxiA4DhTmFDoMCA4sLkBOBLhSBEQN?= =?us-ascii?q?UCwEBAQ0BASoLDAQBAYFNgnRFAoM8AiU1CA4BAgQBAQESAQEFAQEBAgEGBIE?= =?us-ascii?q?JE4VoDYZCAQEBAQMBARAoBgEBKQMLAQsEAgEIEQQBAQEeECEGCx0IAgQBDQU?= =?us-ascii?q?IGoJdgmUDLwEOn2MBgToCih94gTOBAYIIAQEGBASBOgIOQYMADQuCNgMGgTo?= =?us-ascii?q?Bgw2FPIRJgR8nHIFJRIEVQ4JnPmsaAYEbQgEBAgGBIzyDTYIukHVRAls9Qjm?= =?us-ascii?q?/NWsKg0KKco5bhhUVp2dDlXMgjGCDS5BxhGsCBAIEBQIOAQEGgWMCN4FZcBU?= =?us-ascii?q?7gmlRGQ+OIINyhRSFSnQ4AgYLAQEDCY8eAQE?= X-IronPort-AV: E=Sophos;i="5.88,258,1635206400"; d="scan'208";a="964376958" Received: from rcdn-core-9.cisco.com ([173.37.93.145]) by rcdn-iport-7.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 03 Jan 2022 18:36:09 +0000 Received: from mail.cisco.com (xbe-rcd-004.cisco.com [173.37.102.19]) by rcdn-core-9.cisco.com (8.15.2/8.15.2) with ESMTPS id 203IaALW008496 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=OK); Mon, 3 Jan 2022 18:36:10 GMT Received: from xfe-rcd-005.cisco.com (173.37.227.253) by xbe-rcd-004.cisco.com (173.37.102.19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.14; Mon, 3 Jan 2022 12:36:10 -0600 Received: from xfe-rcd-004.cisco.com (173.37.227.252) by xfe-rcd-005.cisco.com (173.37.227.253) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.14; Mon, 3 Jan 2022 12:36:09 -0600 Received: from NAM11-CO1-obe.outbound.protection.outlook.com (72.163.14.9) by xfe-rcd-004.cisco.com (173.37.227.252) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.14 via Frontend Transport; Mon, 3 Jan 2022 12:36:09 -0600 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ZBrsGSyWNbruWWZO59BMH8WdtgK+GCGTPaRmjiiSa3MVct7t7o/ZydJq85h/RrU4iYa2s71DbRyHOyBiAXibLZ1Ww7kWVLt8GIlFgHODc9fMZhiseTO/pk5yPoTIYmyXusYJ7u6Ma+q6hqP4RuxLB4PfgUSULiKnaCYf2HrMYZAoD99qeJLtXY52Xe+4CCLBt3Z1ZmIGYDRqrUpoSVENyoy3SWJtsSOip3pDdbDswxcqda9j48mwLdFG5j0D/E3Anv5QZA/324dAxTAvLefqw4RdXTNNtctmFmiFGPY4Iuto2Ae+Kizm8ImxivKhYq0spNAbjb078/YQWd1OCuWj2w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=yTmIiEtGVWQTMbKfg/MHxgtCyZQV/mv/lAxGjfJUiGQ=; b=ikCEIyk1n3xr1yw22jDiprrlhnNHMbjuwfvv9LtTAy/W9umWEZSCloGusOZ2hai4FbiJhhjKKJLD61Z6IUAFF/fCohEuz4JaAcyb65TiCtSXS7fuqpkLvSzodoPoKPk16kc3RtAZwvnx6R8Oak+Ezrd5CpENDbwJmlu4V3OIvmUW+onqF3GxZHl9BK9z6qQsyO6/1z42o8jsH8MTedrkbFSppgP1DBI7Ad7kU8FtQa8lC/uYiAhgaw4ks/2zhGwQoE/uUJ3qPjhC/GRDIStYfhVzNVdf5Pqi4uxJe/+T0nU+CNE0K9xaq1QIRJGXei6kUkKNf+JnCqfj4qx6VXGYOg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=yTmIiEtGVWQTMbKfg/MHxgtCyZQV/mv/lAxGjfJUiGQ=; b=oNQ+/I3onZNAHbz2BlTDyDS9YXV6m4q2RLU1t34mSYHxSOh69NAWCcnxMetVO08Dx4OjVSiyz8navezb4wnhUql6glwCAUcO3jlAoLJtDqNt1A2GcoYPLzS0dAuD7uoGdYcU+QYkjohKET6zdVFUJAe8nF1x8F+8jh9PdHpmcMY= Received: from DM4PR11MB5455.namprd11.prod.outlook.com (2603:10b6:5:39b::14) by DM6PR11MB2620.namprd11.prod.outlook.com (2603:10b6:5:c8::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4844.15; Mon, 3 Jan 2022 18:36:08 +0000 Received: from DM4PR11MB5455.namprd11.prod.outlook.com ([fe80::7188:f942:24b1:bca8]) by DM4PR11MB5455.namprd11.prod.outlook.com ([fe80::7188:f942:24b1:bca8%4]) with mapi id 15.20.4844.016; Mon, 3 Jan 2022 18:36:08 +0000 From: "Scott Fluhrer (sfluhrer)" To: "rfc-ise@rfc-editor.org" , "Stanislav V. Smyshlyaev" CC: "crypto-panel@irtf.org" , "cfrg-chairs@ietf.org" Thread-Topic: [Crypto-panel] Request for review: "SPAKE2+, an Augmented PAKE" (ISE) Thread-Index: AQHX6AXGMWGPqkqyhkqTyhQVvkteaKxRzgIAgAADbXA= Date: Mon, 3 Jan 2022 18:36:07 +0000 Message-ID: References: <16b2ca1e3dcffb5248d3553c66e86210.squirrel@www.rfc-editor.org> In-Reply-To: <16b2ca1e3dcffb5248d3553c66e86210.squirrel@www.rfc-editor.org> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=cisco.com; x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: a8176498-aaef-49f0-7bbc-08d9cee7e878 x-ms-traffictypediagnostic: DM6PR11MB2620:EE_ x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:9508; x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: I7rYDgHMNY7xpkeX9HKnCKpmrbnFmmnFDxo0fhnC4Yxq19+eweTHhFEGp4o8ztklYFBfA5RcxABe1G1qeo5pT3eH4vTq4NDlrk1t1zTJq67ziqZkAt0AMmWV4mhQ6FXQIDWp83tRlLNFZ/eLWDrmLqXEL77dFcMpDaySHZokmqWIyxkOHzzF7jlkKzrUcYwBYak5ZuJa03iE1MxQ+9yk4aCiXROcMt7mO/x7avjNQuA01+7s25QuV8Rs3y4wW6Fu1ksENDNM+6REmkfFk7Gb/O3YKeIHTEDsb2lHPv4QRar30xQ2Tk3Oz+JaHbv8VJtamIxjydWt4LCb2xj9yXLfCUVsJFhzrP6PkybHWmmKx5MDeSQK9Xt8m7xgY17Pqb5FvVNUT8gPMClPG65V9sOym/6Bj+jHAFWC7nDqfHN2+jCPgbNSXDE+i4Ml7sJa2QrEWw+X1eaXy25alv/mjfj9eb21y5IfE7eCEikCvxmZaldYsqvEKfbLTJx62aIVgKNnHfm3VGVw/MF2dAndZPNl91Sc+pc4j5jPB5DKgjKouFsFVCIo964j/AbY4rrz/w2+4tjWl4Lw5MmJ0YEyI7VLu67/v5ZiSLVz3L3MCgBBOxAV/2AtdyS7O2moRWsCygPfE4Kf2awFxmWNTpGwVat3y0QbmTaPiQ5WBU60m1aM6ojv9khCXsW7MsMxh8e7ecBLdmD+K1KNmau1UOQUW7VX4k7BwWCwoIGlqNGohpHgrjOikE9cwXEJ1wcc1iuYwUYyl+LiL94WdQj2G/naW4hDCw== x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM4PR11MB5455.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(366004)(316002)(8936002)(4326008)(54906003)(76116006)(38100700002)(8676002)(186003)(26005)(64756008)(9686003)(6506007)(33656002)(66946007)(2906002)(55016003)(966005)(110136005)(122000001)(38070700005)(66476007)(4744005)(52536014)(5660300002)(86362001)(508600001)(71200400001)(7696005)(83380400001)(53546011)(66446008)(66556008); DIR:OUT; SFP:1101; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?JXlC4xj8sk2cl3iTSEhbrX4qXyHyhHrotStd2XEiJeCkdPdu5Ote11ts2aeD?= =?us-ascii?Q?3tIVHvuwzRS0Ggqplo5b2dfYFbEqOcbKMtqtMSspERX73lwwvbkc1jAw62k0?= =?us-ascii?Q?yqqXQum4oD/0/nQ3DKJrhvC17NUCBaCej75wWBO+i1OGXTiEzU/oh0X0imab?= =?us-ascii?Q?yRQ1UGTxRqJ0nvOj1RooD1cWGnxPj9JuMNjsY6/p2cghkHbkFwzNKQP+Wcka?= =?us-ascii?Q?mxyLh0NaL4ZPdIIoGKV7Ab/VdBSdExf2mMpwnfokgMo9KbXhdQ4onIbZdj4L?= =?us-ascii?Q?CwmsOYh2sAyQiZYG6v4n/cQUQIJFVgyD10c5iV3ssLJt04b80KDo4pMhZB3g?= =?us-ascii?Q?me4/FBJdUSgr3fyNtaqqJNwheGHwBNkRmYQemo0YiAh96fvA5ci+ySrU4sJ+?= =?us-ascii?Q?jADw0DgE0xcJwcnHrE9kcmvbaMFuIkk0oVrZ6VOBvfl3fCgGwbjZqqVf1cnp?= =?us-ascii?Q?NA6Yprt05dPgPuXLbNwgshg2raausRJRIpALMpVC1NVBV0F8QHTHJlrK/uli?= =?us-ascii?Q?bZrkOiREPjFNfuql2Z1ghQDXV1V529T/kbYHtTw69/0VqBK63QKOjmtuEFhu?= =?us-ascii?Q?wn5HleWamM2XquCmtK1dAiyR1oflvIWo/l6QBf9gVNC+XurOHQiFYGGqxCPO?= =?us-ascii?Q?9wiVW1Pt7G3UkPtWMsln3OeKPKAA1l1hp78dMATtqseIxOYrF9xA6oDhPiMU?= =?us-ascii?Q?UaEywl+7wlh+leTdhSZrkfm+gyICqL0nf7vfx5MuU0w6LXw5SSSLS3RO6co4?= =?us-ascii?Q?C96S2FlI8eRVTpJGavwjpoKBq20AsRtPQKLzKTb9KZkuhBEyGSZ2FRr05kCR?= =?us-ascii?Q?6O31BfXwWc3FyUxRDgGzkeBhKOL3NtlDEy4HJMjmQT1CXlMfDY3rgFKZ8NtB?= =?us-ascii?Q?UoOfXVArF4mt3z5UbRVi9THBw8MhZheRYJJu4voeHNR7YKcHUDkAXrPTTXen?= =?us-ascii?Q?I2zg1ZkoMYAbI5lkHBkb40vdr/ZTCP7blCRPHML/VUEqjnMWUJjQl3rrD4wo?= =?us-ascii?Q?cDtbyY1qwxZwL5+AXKEqGRmQPdX34Q56pLP1Qb1rUQgVJks98665LGl9xbuo?= =?us-ascii?Q?TJQWdfKxULmeJXzcFkXJKDKMg7G1lchS5Cp21k70uxTfhc7oxRL8Hak1H4OD?= =?us-ascii?Q?tmgGNlYRCk8F/Dw3uBQiTEVvgXxPVpg5tzSy/DK3pPoTq/bJMmMwEYTTkZtl?= =?us-ascii?Q?BSC0CHnqtEOJoQlQiMdclRhzIQdCfAojP1Q5njfQurqHCl/8jfgBRbDGbavT?= =?us-ascii?Q?DOG/rZYKygtT2W7fO8oGbjdvhVKSPicLjhVa/qN/NPM+mjqXOEnw4JWiAE7l?= =?us-ascii?Q?T9apAsraG+7vgrzde88AKQ51VKMu7G2p19t6LH9i3COSd6Ajhs+zda/EajUK?= =?us-ascii?Q?Q9XSz7TY1nvadm6MiHMbEw5GYut8gKFUZncZG4v9+JSoPNoC+zCwfFxvBgbn?= =?us-ascii?Q?qzFAS95fsdmJ/XDSBqFaQToe56QVoZr5TxpKBRqII9C47AaPdVAYaYs/MJXR?= =?us-ascii?Q?tU3vl7VqHE3fDZq8/eDZJ0DK4FsoDcAUuaeUd6Sb/eRhVKfbQlFgy1Pmhfjw?= =?us-ascii?Q?v/K5USJhn8vAT1WCKx3m5nFYJIjRLLoZ9T/aiKI0RQNjjnHx6cwGrZmPmgMS?= =?us-ascii?Q?3Q=3D=3D?= Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: DM4PR11MB5455.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: a8176498-aaef-49f0-7bbc-08d9cee7e878 X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Jan 2022 18:36:08.1050 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: BsQaJOS7C2pHu1zVcay/w9MRBOfUpK4dJI6Zi+xbCJpk7bFxUXNkxotWgleRs2SyGF1SxVWsik5bda/mojiWpw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR11MB2620 X-OriginatorOrg: cisco.com X-Outbound-SMTP-Client: 173.37.102.19, xbe-rcd-004.cisco.com X-Outbound-Node: rcdn-core-9.cisco.com Archived-At: Subject: Re: [Crypto-panel] Request for review: "SPAKE2+, an Augmented PAKE" (ISE) X-BeenThere: crypto-panel@irtf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Jan 2022 18:36:17 -0000 I'll look at it... -----Original Message----- From: Crypto-panel On Behalf Of RFC ISE (Ad= rian Farrel) Sent: Monday, January 3, 2022 1:24 PM To: Stanislav V. Smyshlyaev Cc: crypto-panel@irtf.org; rfc-ise@rfc-editor.org; cfrg-chairs@ietf.org Subject: Re: [Crypto-panel] Request for review: "SPAKE2+, an Augmented PAKE= " (ISE) Hi all, Were there any people willing/interested to comment on this draft? Thanks, Adrian -- Adrian Farrel (ISE), rfc-ise@rfc-editor.org Stanislav V. Smyshlyaev wrote: > Dear Crypto Panel Experts, > > The chairs would like to ask the Crypto Panel to provide a review for=20 > version -03 of the "SPAKE2+, an Augmented PAKE" draft, > draft-bar-cfrg-spake2plus-03 ( > https://datatracker.ietf.org/doc/html/draft-bar-cfrg-spake2plus-03),=20 > which is an ISE draft now. > > > Any volunteers? > > Stanislav (on behalf of the CFRG Chairs) > _______________________________________________ Crypto-panel mailing list Crypto-panel@irtf.org https://www.irtf.org/mailman/listinfo/crypto-panel From nobody Mon Jan 3 10:43:00 2022 Return-Path: X-Original-To: crypto-panel@ietfa.amsl.com Delivered-To: crypto-panel@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 355D33A08A5 for ; Mon, 3 Jan 2022 10:42:58 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id q6WKCHqFiMGZ for ; Mon, 3 Jan 2022 10:42:54 -0800 (PST) Received: from rfc-editor.org (rfc-editor.org [4.31.198.49]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3D4C43A08A0 for ; Mon, 3 Jan 2022 10:42:54 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by rfc-editor.org (Postfix) with ESMTP id 22CB735220; Mon, 3 Jan 2022 10:42:54 -0800 (PST) X-Virus-Scanned: amavisd-new at rfc-editor.org Received: from rfc-editor.org ([127.0.0.1]) by localhost (rfcpa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EsU49sDjCb7o; Mon, 3 Jan 2022 10:42:49 -0800 (PST) Received: from www.rfc-editor.org (localhost [127.0.0.1]) by rfc-editor.org (Postfix) with ESMTP id 3CB1C358B0; Mon, 3 Jan 2022 10:42:49 -0800 (PST) Received: from 148.252.133.182 (SquirrelMail authenticated user rfcpise) by www.rfc-editor.org with HTTP; Mon, 3 Jan 2022 18:42:49 -0000 Message-ID: <4f2bc8f2b72dc3496885f81531bcf287.squirrel@www.rfc-editor.org> In-Reply-To: References: <16b2ca1e3dcffb5248d3553c66e86210.squirrel@www.rfc-editor.org> Date: Mon, 3 Jan 2022 18:42:49 -0000 From: "RFC ISE (Adrian Farrel)" To: "Scott Fluhrer (sfluhrer)" Cc: "rfc-ise@rfc-editor.org" , "Stanislav V. Smyshlyaev" , "crypto-panel@irtf.org" , "cfrg-chairs@ietf.org" Reply-To: rfc-ise@rfc-editor.org User-Agent: SquirrelMail/1.4.21 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal Archived-At: Subject: Re: [Crypto-panel] Request for review: "SPAKE2+, an Augmented PAKE" (ISE) X-BeenThere: crypto-panel@irtf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Jan 2022 18:42:58 -0000 Thanks Scott. Much appreciated. Adrian Scott Fluhrer (sfluhrer) wrote: > I'll look at it... > > -----Original Message----- > From: Crypto-panel On Behalf Of RFC ISE > (Adrian Farrel) > Sent: Monday, January 3, 2022 1:24 PM > To: Stanislav V. Smyshlyaev > Cc: crypto-panel@irtf.org; rfc-ise@rfc-editor.org; cfrg-chairs@ietf.org > Subject: Re: [Crypto-panel] Request for review: "SPAKE2+, an Augmented > PAKE" (ISE) > > Hi all, > > Were there any people willing/interested to comment on this draft? > > Thanks, > Adrian > > -- > Adrian Farrel (ISE), > rfc-ise@rfc-editor.org > > Stanislav V. Smyshlyaev wrote: >> Dear Crypto Panel Experts, >> >> The chairs would like to ask the Crypto Panel to provide a review for >> version -03 of the "SPAKE2+, an Augmented PAKE" draft, >> draft-bar-cfrg-spake2plus-03 ( >> https://datatracker.ietf.org/doc/html/draft-bar-cfrg-spake2plus-03), >> which is an ISE draft now. >> >> >> Any volunteers? >> >> Stanislav (on behalf of the CFRG Chairs) >> > > > > _______________________________________________ > Crypto-panel mailing list > Crypto-panel@irtf.org > https://www.irtf.org/mailman/listinfo/crypto-panel > -- Adrian Farrel (ISE), rfc-ise@rfc-editor.org From nobody Fri Jan 14 13:39:17 2022 Return-Path: X-Original-To: crypto-panel@ietfa.amsl.com Delivered-To: crypto-panel@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8D1413A0F09 for ; Fri, 14 Jan 2022 13:39:15 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -9.595 X-Spam-Level: X-Spam-Status: No, score=-9.595 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=UNFYdyd4; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=qY2b9r2o Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aMV-fWsVXVby for ; Fri, 14 Jan 2022 13:39:10 -0800 (PST) Received: from alln-iport-8.cisco.com (alln-iport-8.cisco.com [173.37.142.95]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6427A3A0F04 for ; Fri, 14 Jan 2022 13:39:10 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=18405; q=dns/txt; s=iport; t=1642196350; x=1643405950; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=Ur1MP4gq1PGSgN71aYWrEWTxdR+3DYuTOAatLqvBbec=; b=UNFYdyd4mRB3p8Z8ojS0RCoU5JtC/u0x14IkU0L62Oi+ycYA5NPJsMB2 EgbyCtlCTvGz+CfUK+uMqRAjin6rNFPFEYwQi87F5+XRxrx0YkHNpTjTO 0ZpCA8fwgeGN6R8JUhsVreR8I4DkW8Dj8htpUyBfIDLOOhkz2J8A9Xkab 8=; X-IPAS-Result: =?us-ascii?q?A0AAAQDm7OFhl4QNJK1aHgEBCxIMQIFOC4EhMVZ+Wjcxi?= =?us-ascii?q?A4DhTmFDoMCA5segS6BJQNUCwEBAQ0BAUEEAQGFBQKDSgIlNAkOAQIEAQEBA?= =?us-ascii?q?QMCAwEBAQEFAQEFAQEBAgEGBBQBAQEBAQEBASQGDAUQNYVoAQyGQgEBAQEDE?= =?us-ascii?q?hsTAQE3AQ8CAQgRBAEBIQ4yGwEBBQMBAQQOBQgagmIBgg5XAy4Bn28BgToCi?= =?us-ascii?q?h94gTOBAYIIAQEGBASFCxiCNgmBOoMOhByCf4QKJxyBSUSBFUOCZz6ER4NNg?= =?us-ascii?q?i6RJmoEFC8KJmVATgEYn1efGoEuCoNEn2sVp26WQSCmEwIEAgQFAg4BAQaBY?= =?us-ascii?q?TmBW3AVgyRRGQ+OIBmDWIpedDgCBgsBAQMJkC0BAQ?= IronPort-PHdr: A9a23:lRB3lRMxSI4jl8rBkXcl6ncDWUAX0o4cdiYZ6Zsi3rRJdKnrv5HvJ 1fW6vgliljVFZ7a5PRJh6uz0ejgVGUM7IzHvCUEd5pBBBMAgN8dygonBsPNAEbnLfnsOio9G skKVFJs83yhd0ZPH8OrbFzJqXr05jkXSX3C IronPort-Data: A9a23:6DP+JqlL+cvxXq3IK1EcdwDo5gyVJkRdPkR7XQ2eYbSJt1+Wr1Gzt xIWD2yCMv+MZmGhf48gaoW2px5XsJ7cnYNkTVQ6pXsxQltH+JHPbTi7wugcHM8zwunrFh8PA xA2M4GYRCwMo/y1Si6FatANl1EkvU2zbue6WL6s1hxZH1c+En940E47wIbVv6Yx6TSHK1LV0 T/Ni5W31G+Ng1aY5UpNtspvADs21BjDkGtwUm4WPJinj3eC/5UhN6/zEInqR5fOria4KcbhL wrL5OnREmo0ZH7BAPv9+lrwWhVirrI/oWFih1IOM5VOjCSuqQQq1rQwadQ8bHxbmnaPlNMpw ddAloK/HFJB0q3kwIzxUjFRFyV4eKZB4rKCeCD5us2IxEqAeHzpqxlsJBhpZstDpKAuWicXr qZwxDMlNnhvg8qtzramSvNhnOwoLdLgO8UUvXQIITTxXa92HMCSGvmbjTNe9DE22+MWEdvEX sQUOHlrfA/fcSx3NkhCXfrSm8/x1iWgLFW0smm9v6Q8pmnIwSRr3rOoPdbUZtuQA8JPkS6wr XjX53j+RwkTMtGb4Tuf7nzqgfXA9R4XQ6obELm+s/VtmlDWnzRVAxwNXlz9qv684qKjZz5BA 1QQ6CFzg4g3z0C6Dd/2XEWxonOnoBFJDrK8DNYGwA2Kz6PV5SOQCW4FUiNNZbQaWCkeGGBCO rihwoiBONB/jFGGYSnGr+7L81teLQBQfDFcOn5dJecQy4C7+OkOYgTzosGP+UJfpvTxHTz2q 9xhhHdj3+xI5SLnOlnSwLwqqzuoop6MRQkv60COBiSu7xhyY8iuYInABbnnARRocdrxorqp5 SVsdy2iAAYmVsrleMulG7xlIV1Rz6zZWAAweHY2d3Xbyxyj+mS4Yadb6yxkKUFiP64sIGG1O heC6V0JvsUIYBNGiJObharsW6zGKoC9S7zYugz8NbKin7AoLlbcpXEyDaJu9zmyyRFEfV4D1 WezKJbwUily5VVPxzutTOBVyq4w2i073gvuqWPTkXyaPU6lTCfNE98taQLWBshgtfPsiFiEq L53aprVoyizpcWjO0E7B6ZIdQBURZX6bLirw/FqmhmreVs5SDp/Wq6IkdvMueVNxsxoqwsBx VnlMmcw9bY1rSevxdmiApy7VI7SYA== IronPort-HdrOrdr: A9a23:YhjtbKOI/Azm8MBcT23155DYdb4zR+YMi2TDiHoRdfUFSKKlfp 6V88jzjSWE9wr4WBkb6Le90dq7MA3hHP9OkMcs1NKZPDUO11HYV72KgbGSpgEIXheOitK1tp 0QMpSWaueAd2SS5PySiGLTfrpQo6jkzEnrv5ai854Hd3ANV0gU1XYANu/tKDwOeOApP+tcKL Osou584xawc3Ueacq2QlMfWfLYmtHNnJX6JTYbGh8O8mC1/HOVwY+/NyLd8gYVUjtJz7tn23 PCiRbF6qKqtOz+4gPA1lXU849dlLLau5h+7Y23+4oowwfX+0KVjbdaKvq/VfcO0aeSAWMR4Z zxStEbTp1OAj3qDzmISFDWqnjdOX4Vmg/fIBmj8CDeSQiTfkNmNyKH7rgpKCcxonBQz+1Uwe ZF2XmUuIFQCg6FlCPh58LQXxUvjUasp2E++NRjwkC3fLFuI4O5l7Zvtn+90a1wax7S+cQiCq 1jHcvc7PFZfReTaG3YpHBmxJipUm4oFhmLT0AesojNugIm00xR3g8d3ogSj30A/JUyR91N4P nFKL1hkPVLQtUNZaxwCe8dSY+8C3DLQxjLLGWOSG6XWJ0vKjbIsdr68b817OaldNgBy4Yzgo 3IVBdCuWs7ayvVeIWzNV1wg1nwqUmGLEHQI/Bllu5EU+fHNcjW2AW4OSQTr/c= X-IronPort-Anti-Spam-Filtered: true X-IronPort-AV: E=Sophos;i="5.88,289,1635206400"; d="scan'208,217";a="818589149" Received: from alln-core-10.cisco.com ([173.36.13.132]) by alln-iport-8.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 14 Jan 2022 21:39:09 +0000 Received: from mail.cisco.com (xbe-aln-001.cisco.com [173.36.7.16]) by alln-core-10.cisco.com (8.15.2/8.15.2) with ESMTPS id 20ELd9uq007835 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=OK); Fri, 14 Jan 2022 21:39:09 GMT Received: from xfe-rcd-001.cisco.com (173.37.227.249) by xbe-aln-001.cisco.com (173.36.7.16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.14; Fri, 14 Jan 2022 15:39:09 -0600 Received: from xfe-rcd-001.cisco.com (173.37.227.249) by xfe-rcd-001.cisco.com (173.37.227.249) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.14; Fri, 14 Jan 2022 15:39:08 -0600 Received: from NAM12-DM6-obe.outbound.protection.outlook.com (72.163.14.9) by xfe-rcd-001.cisco.com (173.37.227.249) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.14 via Frontend Transport; Fri, 14 Jan 2022 15:39:08 -0600 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ErJAhEuCwqz9O7UBYPPDJhUQophX13aMwDHKX3l2gMa+f4GO/x5ddCoAK8MCszG6Yo0t6VmzXLMgmx/Jm094dj2bTgzhwWYLIpVp5pjHk8goomGxSN9WVi/v+7c3Q3UGWT6wh3bmykuTioo9uZh84BiCDqhHcDeWT4IjIiReyVIz+oHaAMeKzCSPQlSvH11+Qlw+ninWfEiphn1HlnqeJ/wXodng7GYdXJF2XtuiHD3elY1UewXnbJefiAioPLEx9HFSlHumk17ah/XJzU3IDQ8h9905v7S/uDgrLisPiFhH5pw14FqGWpaCltszuEtz4i/0utt5fFmFW5BGIRsW+Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=c5nT/IvswGCadaDqptNcXMBDk3V/uJ+VVJFO9prKYFA=; b=Yo06qIlfEdUIk96hxcDm9AzUlksEoaZYwA5xLMsB1ni3uppuCeijMx+L8hwQLfbQzsKqwoULqdtNrm0TiMoJoKmiGk0uTxTqmSk4yn4qUMhAdOEeUezEx0yJ2z8d7DTXLZpj/c1uKa/RVGeck/gHqovflMx91Kth42h2ZuAftQYSCqwyQwyw7oUw/QmuZWsxdi+B7J/o8SeQ/wRylK1E/1CfS0+sMrE7pFoWQgCL0+HEQPh7IMBKMA5CEdRmiBX2Ot47h3dHQI0pFjX6b7DZLq/ZGPq/DUFASbNdLamw08cP/n2IlPyO7sApHFLXACz4Dv/auTYU3MdVZPK+UfKfhQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=c5nT/IvswGCadaDqptNcXMBDk3V/uJ+VVJFO9prKYFA=; b=qY2b9r2opzYSg29k3sLoa8oz9vbferc7e+LMnhJb2F7OjFdVBf5moeEJtYwIbDSPCjr64Wpes6spoE/eoypdoeM9oqKW1EoqJYHBoqGEnVsyr+ydQO2G6KqXett9mFpB9jH6bAPsm1A7ZdU+VB2oSobU2BOG58gX7STtM7WUzpY= Received: from CH0PR11MB5444.namprd11.prod.outlook.com (2603:10b6:610:d3::13) by CO1PR11MB5204.namprd11.prod.outlook.com (2603:10b6:303:95::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4888.9; Fri, 14 Jan 2022 21:39:06 +0000 Received: from CH0PR11MB5444.namprd11.prod.outlook.com ([fe80::29ee:a7e6:7074:a9c4]) by CH0PR11MB5444.namprd11.prod.outlook.com ([fe80::29ee:a7e6:7074:a9c4%6]) with mapi id 15.20.4888.012; Fri, 14 Jan 2022 21:39:06 +0000 From: "Scott Fluhrer (sfluhrer)" To: "crypto-panel@irtf.org" CC: "rfc-ise@rfc-editor.org" Thread-Topic: Review of draft-bar-cfrg-spake2plus-04 Thread-Index: AdgJhyWe9uP0F3zBQQaddy/BPovplgAB/IzA Date: Fri, 14 Jan 2022 21:39:06 +0000 Message-ID: References: In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=cisco.com; x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 0dfc9a61-da50-43c2-f3d8-08d9d7a64a6e x-ms-traffictypediagnostic: CO1PR11MB5204:EE_ x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:10000; x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: HW3JiZnILF7ZFGR3ExSs9dVE/raAfzBc2718h7i6W1QUaGc2QeMR1gXCk0z+WmiWQiY4t+keogSgPMnEN+e4kWNxjLi8M5zl3JZMFNDDAKRPR2NRrQz8cJHgtI09LWNPM2iTL6tais/BXyfdbB8PJ6/RxAMM8g8dv7+XAOF+OzKazboOg1t2hSBkWlUy1lMt/CuyiIMJ59wF4BYlxLko2kfirK0WkbOMICg6rHrb0NQ16SypncwkO8PRb6nWsQhII1n6othqfH1AZQtlOppiYGLYDBbxG4dbb7ibtZ9xFCxaSA3eEFjexNQBUqyeuaMWdWsOSfhnf2hKjTZZmFIzcQY34oQxwHVQGEman74MTuKcO1G4YdYWNgLntIhbdccT7eUWjj/Z5oCAJm4/6tYF/LCmI/EBS1pJ4p3xXn9riDfVJezRmOy0UibeYVqqNwcxNpOR9bEyLvhZTNq3wXiwJuISIDgZxT7ZqsTj3qy/L1qk2WDmqw74Jc4HxJZ6KE5nOLp6Vns6dIGOAOauJ3pHHjAEjJ4Wg8ggfAg9uWbypX/ezSgyWuFddX6z+i8yD2DEGTNmxCrSAFIDe5gxV0mbU1fPJBuPYhQqNzixludZJNDX1do0uNeDblpM+Ih4t3F2nqFaAXeCtxwPNun+t77SRyMm/hqZ8sOOOYgQilZdVt8vkvyyf7YwA/NZhdg3N3wKl98KpxQVd2KjSNdI4ZVQLw== x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CH0PR11MB5444.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(366004)(66446008)(66556008)(7696005)(64756008)(66476007)(2906002)(52536014)(5660300002)(38070700005)(71200400001)(4326008)(316002)(6916009)(76116006)(508600001)(86362001)(38100700002)(6506007)(26005)(8936002)(83380400001)(9686003)(53546011)(2940100002)(66946007)(33656002)(55016003)(186003)(122000001)(8676002); DIR:OUT; SFP:1101; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?WBDc4I4yU6JKxTRgbK1+KixLGdT6HzoL2p2dZJRL8N2KdUoYEIT9ycHfHkUv?= =?us-ascii?Q?BpUfY3vJYBBOKqRXEtMn2cV/suVxG9xBx4bOWVBFpGTUzUCHdj98uu6eU97/?= =?us-ascii?Q?oKTyYVs5oaUTHJcjbCNMDKUoBHlPtzeImepKiR1Ir7HAev+dDeOl1qYIDsdl?= =?us-ascii?Q?m16+IchpsJp6zBZjscXjjVjIhHN0dRAG+VwlLAbni/Qaf9CP+AkDQNp5b39c?= =?us-ascii?Q?rG2WPLyq4vtKHyKv7DQGnXKRwreJB4ne8VpFaYk3HBzlHl6C2kFMAbZaEKJn?= =?us-ascii?Q?zoKo3eJdubYc79/wrh688eNHQcoTAfTo80RblFM31t8sDST6dfP1ZYKr2jDI?= =?us-ascii?Q?J6jEfPCdfkpO65C5gV9L9l7e2NzDc04qMb8wHhXznmZDhOnov+lTT9+vcxZ5?= =?us-ascii?Q?m0ZeLoERFdManOdCG1TLFQFwWj3+QJ8qZzBUOTmSdlJT/so4AuR3G+q/J8+2?= =?us-ascii?Q?C8pau1MwUmCBYf+Pu1BSuFiX4TPR28OU0iY/xHmw+gDZqsyKMhaEIaN+rOJE?= =?us-ascii?Q?VBUWF4l6pBSgJ5xhM9sk5HwprW+tJLE3Z6hlJRhan5Pk8JpyrwjirIgjta7t?= =?us-ascii?Q?hpH2cMfrIbrC0FwqQQ72zQOJy6VN37jnkC+T7GIJWlCzrc7pvetic+2RzA/V?= =?us-ascii?Q?WITQOfg656XNoofHGdgIwXCXqRuPJ0Dk2AfvY/xgiKDWoVxOoiTwx6gbp92s?= =?us-ascii?Q?U4ebBIZ0mO1U5RsUu/I3xGdYvmXWK8bblsHec7GwQHHUcbzR1zI+rXSly52o?= =?us-ascii?Q?2AmmNmv9hPAHHsJ58zK8cH8wIbW+cNPM6+RGv64/q1NSIGxcj7uvhz1VHw9N?= =?us-ascii?Q?6touXAgMEdDpQvLqhsRYbH8W4bevvfA8UYQJzogKAK7bvjR2nTpmjlV9Tuh7?= =?us-ascii?Q?q+3qXlLLSM/4IvA/9DUAKsnotrwiryrTi1iR6Z/3OEGZdTyBtgthmdlgH0II?= =?us-ascii?Q?Tp0abI+SWDWK2FXwJa3vagjP12cuiNYPxwaJZYKMy2L6WXu6UK0KH44vksAX?= =?us-ascii?Q?qsKHSdVZQ3J7kKIyoG+LOgU8ip57DmFvNHqfRmUMs37h+0WRjZIl8zP1Gbli?= =?us-ascii?Q?M1wDyXmDSh3ykkBWxQc1N0+LKLSFY0+ITCZmaZnakpTTZ5p8EFpy43FVxV6Z?= =?us-ascii?Q?1s8PH6PwR4/mzKt88rSwQHUp13CwDVBCdk0cxOU6EuIF6bjpv83ZuSKXrcJK?= =?us-ascii?Q?U9mb1rsvVl36In2F0G2nBywcgdwf5o86VLcPWfWOZESxGid8RoiajTVI5i++?= =?us-ascii?Q?47far1DYoR4ioqbHmsBFZpUIiBfUz0eO7pvSxfbZljvUoa3MPA5A+66BCBhi?= =?us-ascii?Q?9zHgfXKTCEX8gB4ctXTvF8ZshuNMhe7cmees2T9vuIH3gqPiCvkW+mYlLmcO?= =?us-ascii?Q?g/jOZNe2BVm6Om6amPryYrotcK6vtuEnYlpJTNbWEXFCviz+WFyb0ymi4TYf?= =?us-ascii?Q?K+zq+EI+zn/eFzOENCguFBxW87oedxzm+r31AsvRz//k2hDzEOXGPGVeBZT0?= =?us-ascii?Q?C5MqTzeAgrLx/wekhv4PwFetMwixYuO1aMA0MM8zQrDXK5DR0Nc9iWpkUWcu?= =?us-ascii?Q?JX1MDbh1V0qMViJ0FnNg7zR5+VS9ywDoP0lqfUQwpaRr0f6TZof7pUj47A6k?= =?us-ascii?Q?uA=3D=3D?= Content-Type: multipart/alternative; boundary="_000_CH0PR11MB544456922E7B8356FDCE2430C1549CH0PR11MB5444namp_" MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: CH0PR11MB5444.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 0dfc9a61-da50-43c2-f3d8-08d9d7a64a6e X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Jan 2022 21:39:06.1714 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: q5tP2oFOXN6WeLcsxUv9wQyTYnNSDxHkrfEHub/dwlJUpmMZ4hSK4+cAchev8h+W0FLUo7YNC+k6JCURFOeQeQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CO1PR11MB5204 X-OriginatorOrg: cisco.com X-Outbound-SMTP-Client: 173.36.7.16, xbe-aln-001.cisco.com X-Outbound-Node: alln-core-10.cisco.com Archived-At: Subject: [Crypto-panel] FW: Review of draft-bar-cfrg-spake2plus-04 X-BeenThere: crypto-panel@irtf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 14 Jan 2022 21:39:16 -0000 --_000_CH0PR11MB544456922E7B8356FDCE2430C1549CH0PR11MB5444namp_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable From: Scott Fluhrer (sfluhrer) Sent: Friday, January 14, 2022 3:56 PM To: cfrg-chairs@ietf.org Subject: Review of draft-bar-cfrg-spake2plus-04 I went through the draft, the TLDR is that other than one sticking point (w= hich has been raised before), it looks pretty good; my comments were about = a few places which I thought could be expressed clearer. Here are my comments (actually, I initially reviewed the -03 version and ha= d more comments; some of those have already been addressed before I even ra= ised them): * In section 3.1 (the offline initialization), you state: We fix two random elements M and N in the prime-order subgroup of G as defined in the table in this document for common groups, as well as a generator P of the (large) prime-order subgroup of G. It is critical to the security that no one know the discrete = log of M wrt P; IMHO, something that critical should be called out. * In section 3.4 (Protocol), you give the various steps of the on-line = protocol. However, some of those steps are out of order (for example, A ch= ecks on the received value Y before B computes and sends it); I believe it = would be clearer if you followed strict chronological order (and included t= he mandatory error checking in pseudocode, rather than just in text). * In section 3.4, you also state: All proofs of security hold even if the discrete log of the fixed group element N is known to the adversary. In particular, one MAY set N=3DI, i.e. set N to the unit element in G. If that is the case, then why just not mandate N=3DI always? = After all, this simplifies the computation. * The only other issue (which has been raised a number of times before)= is the selection of a global M for a specific parameter set. While this i= s convenient, this also means that the protocol has a 'solve one discrete l= og problem, break the entire system globally' property that I cannot endors= e. --_000_CH0PR11MB544456922E7B8356FDCE2430C1549CH0PR11MB5444namp_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

 

 

From: Scott Fluhrer (sfluhrer)
Sent: Friday, January 14, 2022 3:56 PM
To: cfrg-chairs@ietf.org
Subject: Review of draft-bar-cfrg-spake2plus-04

 

I went through the draft, the TLDR is that other tha= n one sticking point (which has been raised before), it looks pretty good; = my comments were about a few places which I thought could be expressed clea= rer.

 

Here are my comments (actually, I initially reviewed= the -03 version and had more comments; some of those have already been add= ressed before I even raised them):

 

  • In section 3.1 (the offline initialization), you state:

 

=    We fix two random elements M and N in the prime-order subgroup=

=    of G as defined in the table in this document for common group= s, as

=    well as a generator P of the (large) prime-order subgroup of G= .

 

        &nbs= p;     It is critical to the security that no one know = the discrete log of M wrt P; IMHO, something that critical should be called= out.

 

  • In section 3.4 (Protocol), you give the various steps of the on-line = protocol.  However, some of those steps are out of order (for example,= A checks on the received value Y before B computes and sends it); I believe it would be clearer if you followed st= rict chronological order (and included the mandatory error checking in pseu= docode, rather than just in text).

 

  • In section 3.4, you also state:

 

=    All proofs of security hold even if the discrete log of the fi= xed

=    group element N is known to the adversary.  In particular= , one MAY

=    set N=3DI, i.e. set N to the unit element in G.

 

        &nbs= p;     If that is the case, then why just not mandate N= =3DI always?  After all, this simplifies the computation.

 

  • The only other issue (which has been raised a number of times before)= is the selection of a global M for a specific parameter set.  While t= his is convenient, this also means that the protocol has a ‘solve one discrete log problem, break the entire sys= tem globally’ property that I cannot endorse.
--_000_CH0PR11MB544456922E7B8356FDCE2430C1549CH0PR11MB5444namp_-- From nobody Fri Jan 21 14:33:42 2022 Return-Path: X-Original-To: crypto-panel@ietfa.amsl.com Delivered-To: crypto-panel@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6B7E03A1395 for ; Fri, 21 Jan 2022 14:33:36 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.81 X-Spam-Level: X-Spam-Status: No, score=-2.81 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, NICE_REPLY_A=-0.714, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hYCIQlDSDK-y for ; Fri, 21 Jan 2022 14:33:27 -0800 (PST) Received: from mail-qv1-xf32.google.com (mail-qv1-xf32.google.com [IPv6:2607:f8b0:4864:20::f32]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 27F903A1392 for ; Fri, 21 Jan 2022 14:33:27 -0800 (PST) Received: by mail-qv1-xf32.google.com with SMTP id s6so4949875qvv.11 for ; Fri, 21 Jan 2022 14:33:27 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=message-id:date:mime-version:user-agent:subject:content-language:to :cc:references:from:in-reply-to; bh=Eq2hObRX/s0JNdEIOLpQEZ6nv/WjCA//TrWdqB9lyPo=; b=F7pnT++FthDxWlBp5sUAY1RRq6U5PeSx9/v3el4D0n+IoXPfNXKI4+hmc/YenATJI4 XWXANV04QVy+kr9JgSbP2axtR+JeV16JM3Wclfln+YwI6S5bnfkQPpAATkSOQzhbSdDT Xrsyg8aceHaEhIv9uyMF+937WAJPEBFCGBmtM00bODaPYXv42ARSQhPDmzDbJB69KQec zXc3XI8WxHwAnh7aDYbJxcMrGRLrzcs4pUqBMtOcugqQ/T0AUJhwMTQIlaBLko0dNhuR YL1GKcVOhfjmSzZtVUx/Fg1qxHOxj44iGpKE/xapWqZlIb9C/pR/92Wq/Fup1XDchyxD cHdw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:message-id:date:mime-version:user-agent:subject :content-language:to:cc:references:from:in-reply-to; bh=Eq2hObRX/s0JNdEIOLpQEZ6nv/WjCA//TrWdqB9lyPo=; b=DqoC+MnByE0oUuSrLKin4a7H0mBMd2gj9YJ3IMYs+bRfWLAW2HxPEpJhzPiGEMOL3r 1So4dKN9l19CeuqlS8C97WXkhyjgr8hKqtUg06Lhqdkg6vU16KLuJdjvV0NtbaRgaBBa wogkLHpHhOE594iuWxBw0rYun46ISZeSc/VO8wz1QB8PJaWP6lcvCj3LMM+kz+AzmWk9 QLIBB35x9uK41vRVNf02ySrLyHrUTYf7eqc2ap3EZjvu2DNtMY0tKRdplgekl6g2ntkq zLtQJzl9n6od2MRw18Y1V212l/lPUaaUcxDOK07TaBO6s8aO6i7E8jrXYMYwM9bPJPhL Bdxw== X-Gm-Message-State: AOAM531lK8Xdfs1biyC7V46eJNl7czKV8JJ9uZqzkR4aWVtqEUrExsL7 WGgVTG1HyzjFhvv6NI3RjqQ= X-Google-Smtp-Source: ABdhPJxYoPu/mjEO+51dq4hoWqwAX84nP8KSBwaqanMg+/fguGJP1yzPcpeMWgVSzpilSZS7BinhDQ== X-Received: by 2002:ad4:5fcc:: with SMTP id jq12mr5736523qvb.70.1642804404699; Fri, 21 Jan 2022 14:33:24 -0800 (PST) Received: from ?IPV6:2607:fea8:8a0:1397:b920:3bac:c83:f4e3? ([2607:fea8:8a0:1397:b920:3bac:c83:f4e3]) by smtp.gmail.com with ESMTPSA id bi33sm3976109qkb.18.2022.01.21.14.33.22 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Fri, 21 Jan 2022 14:33:23 -0800 (PST) Content-Type: multipart/alternative; boundary="------------FL5HQeo02yerpcSdtyYUVWjx" Message-ID: <7fb8d6cf-6134-8642-7c49-43b5619e9948@gmail.com> Date: Fri, 21 Jan 2022 17:33:21 -0500 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.5.0 Content-Language: en-US To: Karthikeyan Bhargavan , crypto-panel@irtf.org, ek.ietf@gmail.com, sec-ads@ietf.org, draft-ietf-lwig-curve-representations.all@ietf.org, cfrg-chairs@ietf.org Cc: Benjamin Smith References: <5915C771-DCCF-4186-AD78-81A11A739160@gmail.com> <8B6AC27E-2483-4939-8813-9BC9F2F0C352@gmail.com> <3B440D27-2490-4050-BDA0-4D0700FB8944@gmail.com> From: Rene Struik In-Reply-To: <3B440D27-2490-4050-BDA0-4D0700FB8944@gmail.com> Archived-At: Subject: Re: [Crypto-panel] Request for review: "Alternative Elliptic Curve Representations" X-BeenThere: crypto-panel@irtf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Jan 2022 22:33:37 -0000 This is a multi-part message in MIME format. --------------FL5HQeo02yerpcSdtyYUVWjx Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Response to review comments on draft-ietf-lwig-curve-representations-21 by Rene Struik (Jan 21, 2022) status review: "crypto review panel" review review request date: July 16, 2021 (by Erik Kline) review completion date: November 12, 2021 (communicated by Karthik Bhargavan; actual reviewer: Ben Smith) Note: focus with responses to the crypto review panel review is on cryptographic matters. Responses bracketed by RS>> and <> Main motivation for draft is two-fold: (a) reuse of existing implementations; (b) reuse of existing specifications. Side motivation: background material useful for implementors or for cross-referencing with future specification work. <> The above analysis seems to assume that implementors primarily aim for speed, which is not always the case, since it would preclude algorithm and domain parameter agility, and hamper reuse of certified modules with side-channel measures. Please see Section 6 (Implementation Considerations), which already delves into this topic and discusses trade-offs between reusing existing generic short-Weierstrass curve implementations (e.g., a hardware-assisted implementation of the Brainpool curve BP-256 without hardcoded domain parameters) and optimizing an implementation for a particular new curve and domain parameters from scratch. See also Section 7 (Implementation Status), which gives some examples with, e.g., NXP chipsets and (in rev23) with code by ANSSI (the French information security agency). <> The draft requests code points for Wei25519 and Wei448 and *not* for the curves Wei25519.-3 and Wei448.-3. Those were discussed in the draft to assist practitioners who may have hardcoded a=-3 parameters in their implementations, where using isogenies provides a mechanism to whip parameters into the proper shape, so that interfaces to a scalar multiplier could be made to work. Should one wish to use isogenies, the protocol tweak (#4 above) is minor (instead of public-key pair (k,k*G) one gets (l*k, l*k*G), where l is the degree of the applicable isogeny), as discussed in the second para of Section 3 (Use of Representation Switches). <> I would be happy to consider suggestions to streamline text, as long as this does not jeopardize clarity and readability by non-domain experts (the target audience of this draft), since - at present - do not see how this can be easily done. Please bear in mind that this draft is aimed at humans and not machines, so I opted against a bunch of dense, but unreadable routines. <> I don't think any of these sections can be easily removed, without jeopardizing the goal of describing in a succinct way to practitioners how alternative representations could help them with implementations. As to Appendix I, I am not aware of any existing text that discusses data conversions, including bit- and byte-orderings, in a precise, complete, and error-free way, so decided to set the record straight; as to Appendix Q, this was including due to continuing misconceptions on the correct definition of ECDSA by some developers and imprecise specifications of ECDSA in, e.g., RFC 8152, when the bit-size of the curve group is not byte-size (see also first para of that appendix); As to Appendix P, again, I am not aware of any existing text that describes this; Appendix K provides essential routines for taking square roots and inverses, including some speed-ups, and provides a mechanism for alternative representations of random curve points as random bit strings (based on Mehdi Tibouchi's papers) (see also Section 9 (Privacy Considerations), where future work can easily standardize this via cross-referencing). Please bear in mind that most of this material has been in the draft since early July 2019 (yes - IETF is very slow). As to Appendix N, the curve Edwards448 is used with EdDSA (RFC 8032), so a relevant alternative representation of Curve448 for practitioners and IETF. <> Please see my earlier remark, where I indicated that I only requested for codepoints for the curves Wei25519 and Wei448. So, nothing precludes an implementor to use their favorite representation under the hood, whether this is a Montgomery curve, a twisted Edwards curve, short-Weierstrass curve with a=-3 via the isogeny in the draft or role-your-own isogenies, etc. I opted against adding text on composition of isogenies, since the draft is targeted at practitioners who are not necessarily domain experts, and might loose them. Besides, adding this altenative would not change the main messages. <> Section 4.1 specifies co-factor ECDH, as in all standards using short-Weierstrass curves, and illustrates how this works with Montgomery curves (in Note 1), first with all mandatory checks in standards (X25519+), and then as X25519 does this (with RFC7748). To check that this was correctly specified, simply observe that, with X25519, one exchanges keys X:=(h*x)*G=x*(h*G) and Y:=(h*y)*G=y*(h*G) and computes shared key K:=(h*x)*Y=h*x*y*(h*G) and take G':=h*G. The remaining text simply stipulates the relaxed checks on received values and relaxed way of generating a private key in a "half space". <> I do not understand this comment. Please note that G' and G are the base points of Curve25519 and Ed25519, respectively, where Step (2) uses the isomorphic mapping from Curve25519 to Ed25519 defined in Appendix E. Please note that (k, R':=k*G') is a random public-private key pair (see Appendix B.1, 4th and 5th para, and 1000s of papers that define this), i.e., k is a random integer in the interval [1,n-1]. Curve25519 is a specific Montgomery curve (both in this draft and in RFC7748), where the DH-flavor protocol in RFC7748 is called X25519 (and also described in Note 1 of Section 4.1). <> I am reluctant to add any esoteric (to non-domain experts) language on endomorphism rings, vulcanous, torsions, and rational points, since this would almost surely loose the target audience of practitioners of this draft. Notes 1 and 2 simply illustrate that, with slightly different domain parameter generation methods, one could have provided a better fit with existing implementations, with zero cost in practice. As such, this illustrates that - were one to produce another set of domain parameters in the future - one should perhaps take into account existing implementations better. Without these notes, the audience might have gotten the (incorrect) impression that this would not be possible. The u-coordinate only compression is indeed lossy, since without knowledge of the v-coordinate, e.g., the generation method of Ed25519 keys with Curve25519 implementations as a subroutine (as the example of Section 4.2 does) is underspecified. <> The computational cost of evaluating the isogenies in the draft is relatively negligible (roughly 3*l field multiplies with Horner scheme). With l=47, this yields relative incremental cost less than one multiply per scalar bit. Whether the term "low-degree" is that low is in the eye of the beholder, but allows easy statement on DLP complexity, without having to use technical lingo or "variable-itis" in this section (remember that, in Appendix B.1, the order h*n of the curve is such that co-factor h is relatively low and n is prime). <> The CACR reference in the draft is an update ("postprint"?) of the PKC 2002 paper, but either reference does of course work. <` would be more typical. - In B.1: `The order of curve E` should be "The order of *a* curve E" - In B.1: `All curves of prime order are cyclic`: more generally, if the order is not divisible by a square > 1 then the group is cyclic. - In B.1: `if h*P = O (and is a high-order point otherwise); this point has order n` is slightly ambiguous: `the point P has order n` would be a little clearer. - In B.1: `Random points R of (P), where P has order l, ... computing R:=k*P, where R has rder l/gcd(k,l)`: this "where" sounds like a restriction on R, rather than a corollary. Something like `computing R:=k*P. The point R has order l/gcd(k,l)` would be clearer. - In B.1: `unless k is a multipl of n`: this `n` should be an `l`, but then `k` cannot be a multiple of `l` unless it is zero (because it was sampled from [0,l-1]). RS>> I can add the bracketed text in "In particular, if P is a high-order point (of curve E of order h*n)" to remind the reader that concepts introduced before (including h and n prime) are still in scope. <> As to the definition of "isomorphism", there is a trade-off between precision and risk of loosing an audience (hence, the "in this document" preamble to the 6th paragraph). I don't think the precise definition of isomorphism matters *for this draft* (since has no impact on any other 150- pages of the document). Nevertheless, what I change this as follows: "Two curves E1 and E2 defined over the field GF(q) are said to be isogenous if these have the same order and are said to be isomorphic if the defining equation of E1 can be transformed into the defining equation of E2 via a so-called admissible change of variables. Note that isomorphic curves have necessarily the same order and are, thus, a special case of isogenous curves. Isomorphic curves have the same group structure, whereas this is not necessarily the case for isogenous curves. Further details are out of scope."? Any suggestion that does not introduce too esoteric language welcome. <> With the draft, any construction involving twisted Edwards curve is supposed to be subject to the Note of Appendix C.3 (a square in GF(q), d not). To remove any unclarity, I will add "Note that this is well-defined, since neither (A-2)/B nor A^2-4 are squares in GF(q), so M_{A,B} has a single point of order two and no affine points (u,v) with u=-1." and "Note that this is well-defined, since for points (x,y) of E_{a,d}, x=0 only if y=(+/-)1." to the mapping and inverse mapping, respectively. <> This is indeed the case. The domain parameters and relationships between base points between various curve models are all specified in Section E.2 and G.2. Same with Curve448 and family members. <> For secp256k1, the concrete instantation of the isogeny used with the constructions in Appendix K is essential: without this, one only obtains abstract function families, with a nondescript isogeny as parameter. This draft is targeted at practitioners who (should) care about details of practical choices. <> See previous remark: Edwards448 is used with EdDSA (RFC 8032), so of practical interest. < > Hello All, > > Below is a detailed technical review of > draft-ietf-lwig-curve-representations-21 by Benjamin Smith (cc-ed). > > I discussed this review with Ben and agree with his concerns and it > would be great if the authors could address his questions. > > In particular, I feel the code reuse motivation needs to be better > justified. > One way to do this would be to extend Implementation Considerations > (and/or Implementation Status) with concrete examples of code reuse in > Wei25519 implementations, quantified in lines of code, for example. > If most of the code in these implementations is in the field > arithmetic, which can be reused between representations anyway, the > argument for this draft becomes less compelling. > RS>> Simple question: how does one instantiate ECDSA with SHA-256 and Wei25519, where this could use Curve25519 under the hood, without actually doing the work? I do not understand how lines of code would be relevant as a metric here (some of this is dealt with in Section 6 (Implementation Considerations) and Section 7 (Implementation Status), of the draft, though. < Best regards, > Karthik > > [snip] > > >> On 12 Nov 2021, at 08:42, Stanislav V. Smyshlyaev >> wrote: >> >> Thanks, we'll be looking forward to it. >> >> Regards, >> Stanislav >> >> On Fri, 12 Nov 2021 at 10:35, Karthikeyan Bhargavan >> wrote: >> >> Sorry about this, am pushing my colleague and we’ll get it done. >> >>> On 12 Nov 2021, at 07:35, Stanislav V. Smyshlyaev >>> wrote: >>> >>> Hi Karthik, >>> >>> >> We’ll send our review early next week. >>> The authors keep asking me about the review - could you please >>> finish it today (it is already later than "early this week" :) )?.. >>> >>> Regards, >>> Stanislav >>> >>> On Sat, 6 Nov 2021 at 01:55, Stanislav V. Smyshlyaev >>> wrote: >>> >>> Thank you, Karthik! >>> >>> Regards, >>> Stanislav >>> >>> On Sat, 6 Nov 2021 at 00:33, Karthikeyan Bhargavan >>> wrote: >>> >>> Hi Stanislav, >>> >>> My colleague and I dropped the ball on this, but have >>> made progress this week. >>> We’ll send our review early next week. >>> >>> -Karthik >>> >>>> On 5 Nov 2021, at 19:27, Stanislav V. Smyshlyaev >>>> wrote: >>>> >>>> (CC’ing the second Karthik’s address that I am aware of.) >>>> >>>> Karthik, please let me know about the status of your >>>> review. The authors have already asked us about the >>>> status of their review today, so my question to you >>>> yesterday was reasonable. >>>> >>>> Regards, >>>> Stanislav >>>> >>>> On Thu, 4 Nov 2021 at 20:50, Stanislav V. Smyshlyaev >>>> wrote: >>>> >>>> Dear Karthik, >>>> >>>> I may be missing something here, but could you >>>> please remind me whether you had sent a review for >>>> that document?.. >>>> >>>> Regards, >>>> Stanislav >>>> >>>> On Wed, 11 Aug 2021 at 17:01, Stanislav V. >>>> Smyshlyaev wrote: >>>> >>>> In my opinion, it will be absolutely fine, >>>> taking the size of the document into account. >>>> >>>> Thank you, Karthik! >>>> >>>> Regards, >>>> Stanislav (on behalf of the CFRG Chairs) >>>> >>>> On Wed, 11 Aug 2021 at 16:58, Karthikeyan >>>> Bhargavan wrote: >>>> >>>> Is 1 month too long a wait? >>>> >>>>> On 11 Aug 2021, at 09:52, Stanislav V. >>>>> Smyshlyaev wrote: >>>>> >>>>> Great, thanks! >>>>> >>>>> How much time will you need for this >>>>> (taking 146 pages into account) >>>>> I would like to send a message to the >>>>> authors (CC'ing crypto-panel mailing list). >>>>> >>>>> Regards, >>>>> Stanislav >>>>> >>>>> On Wed, 11 Aug 2021 at 16:43, Karthikeyan >>>>> Bhargavan wrote: >>>>> >>>>> Sure, I got a request on another >>>>> thread a well and can do this (with >>>>> help from some colleaugues.) >>>>> >>>>> -K. >>>>> >>>>>> On 11 Aug 2021, at 09:39, Stanislav >>>>>> V. Smyshlyaev wrote: >>>>>> >>>>>> Karthik, >>>>>> >>>>>> Can you do a review of this document >>>>>> (as a Crypto Review Panel member)? >>>>>> >>>>>> Regards, >>>>>> Stanislav >>>>>> >>>>>> On Fri, 6 Aug 2021 at 12:46, >>>>>> Stanislav V. Smyshlyaev >>>>>> wrote: >>>>>> >>>>>> Dear Karthik, >>>>>> >>>>>> Nick, Alexey and I have had some >>>>>> discussion about reviewing the >>>>>> "Alternative Elliptic Curve >>>>>> Representations" draft, >>>>>> draft-ietf-lwig-curve-representations-21, >>>>>> https://datatracker.ietf.org/doc/draft-ietf-lwig-curve-representations/ - >>>>>> may we ask you to do the review >>>>>> (on behalf of the Crypto Panel)? >>>>>> >>>>>> Regards, >>>>>> Stanislav >>>>>> >>>>>> On Fri, 16 Jul 2021 at 11:50, >>>>>> Stanislav V. Smyshlyaev >>>>>> wrote: >>>>>> >>>>>> Dear Crypto Panel Experts, >>>>>> >>>>>> We've obtained a request for >>>>>> review of the version -21 of >>>>>> the "Alternative Elliptic >>>>>> Curve Representations" draft, >>>>>> draft-ietf-lwig-curve-representations-21, >>>>>> https://datatracker.ietf.org/doc/draft-ietf-lwig-curve-representations/ >>>>>> >>>>>> >>>>>> The Crypto Panel (that was my >>>>>> review back then) provided a >>>>>> review of the -00 version >>>>>> three years ago: >>>>>> https://mailarchive.ietf.org/arch/msg/crypto-panel/1itH0lM9w0bZiADJXQkizr8JTiA/ >>>>>> >>>>>> The document has changed >>>>>> significantly since then, so >>>>>> the authors ask for a new >>>>>> review. >>>>>> >>>>>> The chairs would like to ask >>>>>> the Crypto Panel to provide a >>>>>> review (another pair of eyes >>>>>> + reviewing all the changes >>>>>> in the document). >>>>>> >>>>>> Any volunteers? >>>>>> >>>>>> Regards, >>>>>> Stanislav (for CFRG Chairs) >>>>>> >>>>> >>>> >>> >> > > -- email:rstruik.ext@gmail.com | Skype: rstruik cell: +1 (647) 867-5658 | US: +1 (415) 287-3867 --------------FL5HQeo02yerpcSdtyYUVWjx Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 8bit

Response to review comments on draft-ietf-lwig-curve-representations-21 by Rene Struik (Jan 21, 2022)
status review: "crypto review panel" review
review request date: July 16, 2021 (by Erik Kline)
review completion date: November 12, 2021 (communicated by Karthik Bhargavan; actual reviewer: Ben Smith)

Note: focus with responses to the crypto review panel review is on cryptographic matters. Responses bracketed by RS>> and <<RS

===
draft-ietf-lwig-curve-representations-21
===

[Curve representations draft](https://datatracker.ietf.org/doc/draft-ietf-lwig-curve-representations/)

# Review by Benjamin Smith

This draft specifies a series of new elliptic curves related to Curve25519 and Curve448, and transformations between these new curves and Curve25519/Curve448.  The motivation is essentially code re-use: legacy elliptic-curve software and hardware works with the classic "short Weierstrass form", often with the a-coefficient set to -3, but in more recent protocols and software we might work with Curve25519 and Curve448 in either "Montgomery form" or "twisted Edwards form" (depending on the protocol), for efficiency reasons.  On the surface, these equation forms are not the same, so the newer curves are incompatible with legacy ECC code.

RS>>
Main motivation for draft is two-fold: (a) reuse of existing implementations; (b) reuse of existing specifications. Side motivation: background material useful for implementors or for cross-referencing with future specification work.
<<RS

This document bridges the gap by writing down isomorphisms to short Weierstrass curves with a=-3 where such isomorphisms exist, and isogenies (homomorphic maps) where isomorphisms do not exist.  It also specifies several other curves and maps, of various levels of usefulness.

I am not entirely convinced by the code re-use argument here.  I agree that this is an interesting goal, given the time and effort it takes to develop and certify cryptographic software and especially hardware.  But for a concrete example, suppose we have an existing implementation elliptic-curve scalar multiplication on NIST P256, and we want to use this document to re-use that software for scalar multiplication on Curve25519:

1. The curve group operations for P256 can be and reused, and so can the scalar multiplication algorithm(s), insofar as they just call the curve group operations.
2. The underlying field arithmetic implementation must be rewritten/replaced, because these curves work modulo different primes.  Generally this isn't just a matter of changing a hard-coded value for the prime p: the different primes have been chosen to allow completely different optimized modular reduction algorithms.
3. The code to actually map points between the two curves must be added, and in some cases this code will be particularly large.  In particular, the code here to convert from Curve25519 to Weierstrass with a=-3 involves 9kb worth of data to define the isogeny (to say nothing of the code to evaluate the isogeny).
4. The protocol may need to be tweaked to deal with the implicit multiplication by the isogeny degree

Comparing the small amount of code saved to the new code to be added, and the possible modifications to the protocol: is this really worth it?  If you're going to have to add a whole new field arithmetic implementation _and_ an extremely heavy isogeny-evaluation function (specified by a massive collection of precomputed coefficients), then maybe you would be better off just implementing Curve25519 properly.

One might argue that the real benefit here would be for curve implementations in hardware, where changing (and re-certifying) designs is extremely slow, but I think that argument is defeated by the fact that the finite field arithmetic (the lowest level) still has to be rewritten.

Ironically, herefore, this document could be read as a convincing argument **against** code re-use.  Of course, I might just be totally missing the point. In that case, since I have read all 150 pages and still missed the point, I think this means that the author hasn't fully explained the point.

RS>>
The above analysis seems to assume that implementors primarily aim for speed, which is not always the case, since it would preclude algorithm and domain parameter agility, and hamper reuse of certified modules with side-channel measures. Please see Section 6 (Implementation Considerations), which already delves into this topic and discusses trade-offs between reusing existing generic short-Weierstrass curve implementations (e.g., a hardware-assisted implementation of the Brainpool curve BP-256 without hardcoded domain parameters) and optimizing an implementation for a particular new curve and domain parameters from scratch. See also Section 7 (Implementation Status), which gives some examples with, e.g., NXP chipsets and (in rev23) with code by ANSSI (the French information security agency).
<<RS

RS>>
The draft requests code points for Wei25519 and Wei448 and *not* for the curves Wei25519.-3 and Wei448.-3. Those were discussed in the draft to assist practitioners who may have hardcoded a=-3 parameters in their implementations, where using isogenies provides a mechanism to whip parameters into the proper shape, so that interfaces to a scalar multiplier could be made to work. Should one wish to use isogenies, the protocol tweak (#4 above) is minor (instead of public-key pair (k,k*G) one gets (l*k, l*k*G), where l is the degree of the applicable isogeny), as discussed in the second para of Section 3 (Use of Representation Switches).
<<RS

The document is _extremely_ long, and often quite repetitive.  There is too much repetition of boilerplate text blocks for the various transformations applied to different concrete instances.  To give just one example: Appendix M is essentially the same as Appendix E, but with different curve parameters.  There must be a way to minimise this repetition (especially given the focus on code re-use!).

RS>>
I would be happy to consider suggestions to streamline text, as long as this does not jeopardize clarity and readability by non-domain experts (the target audience of this draft), since - at present - do not see how this can be easily done. Please bear in mind that this draft is aimed at humans and not machines, so I opted against a bunch of dense, but unreadable routines.
<<RS

More structural/editorial issues:

- Appendix I (data conversions) must already be covered elsewhere: it could probably be removed.
- Appendices P, and Q are basically out of scope, and should be removed.
- Appendix K is also essentially out of scope.
- Appendix L can also be removed: it is a long and unneccessary elaboration on a remark in Appendix K, and therefore out of scope.
- Appendix N seems mostly superfluous: I don't understand why this Edwards448 curve needs to be defined and named (we already have Ed448...)

RS>>
I don't think any of these sections can be easily removed, without jeopardizing the goal of describing in a succinct way to practitioners how alternative representations could help them with implementations. As to Appendix I, I am not aware of any existing text that discusses data conversions, including bit- and byte-orderings, in a precise, complete, and error-free way, so decided to set the record straight; as to Appendix Q, this was including due to continuing misconceptions on the correct definition of ECDSA by some developers and imprecise specifications of ECDSA in, e.g., RFC 8152, when the bit-size of the curve group is not byte-size (see also first para of that appendix); As to Appendix P, again, I am not aware of any existing text that describes this; Appendix K provides essential routines for taking square roots and inverses, including some speed-ups, and provides a mechanism for alternative representations of random curve points as random bit strings (based on Mehdi Tibouchi's papers) (see also Section 9 (Privacy Considerations), where future work can easily standardize this via cross-referencing). Please bear in mind that most of this material has been in the draft since early July 2019 (yes - IETF is very slow). As to Appendix N, the curve Edwards448 is used with EdDSA (RFC 8032), so a relevant alternative representation of Curve448 for practitioners and IETF.
<<RS

Most of the technical content is uncontroversial, and it is mostly correct (detailed technical comments follow).  I am not competent to evaluate Sections 10, 11, and 12, but I have checked the rest in detail.

One key technical point: as mentioned above, the transfer between many of the curves here requires an isogeny (a homomorphic map) rather than an isomorphism (essentially a change of coordinates).  One of the most important isogenies here - the one from Curve25519 to Wei25519.-3 - has degree 47.  This means that specifying it involves, at a minimum, a degree-23 polynomial w(x).  This polynomial w(x) is dense, so we need to specify (and store) 23x 32-byte coefficients.  This obviously requires a lot of space!  I say "at a minimum", because two more polynomials, u(x) and v(x), of similar degree, are required. Mathematically they can be derived from w(x), but for algorithmic simplicity it may be more convenient to specify them in their expanded form, as is done here.  Then, the "dual" map from Wei25519.-3 back to Curve25519 has its own large u, v, and w.  Ultimately, this means a *lot* of space: 9kB of memory in code, and 12+ pages of this document.

Reducing this size (and evaluation time) is important if this is to be made practical.  I have checked, and I agree with the author that there is no isogeny of *prime* degree less than 47 from Curve25519 to a short-Weierstrass curve with a=-3.  However, there *is* such an isogeny of composite degree 46 (I could not find any lower-degree composite isogenies that do the job).  This doesn't look like much of an improvement on the surface, but the degree-46 isogeny is the composite of a degree-2 isogeny (very easy to specify/compute) and a degree-23 isogeny (roughly half the coefficients and complexity compared with the 47-isogeny).  This means that by changing the definition of Wei25519.-3 to be the codomain of the 46-isogeny instead of the 47-isogeny, the time and space required to encode and compute the isogeny will be literally cut in half.  Of course, half of 9kB is still quite expensive, and it remains to be seen if anyone will consider this practical for applications, but I think it is still an improvement that the author might want to consider using.

RS>>
Please see my earlier remark, where I indicated that I only requested for codepoints for the curves Wei25519 and Wei448. So, nothing precludes an implementor to use their favorite representation under the hood, whether this is a Montgomery curve, a twisted Edwards curve, short-Weierstrass curve with a=-3 via the isogeny in the draft or role-your-own isogenies, etc. I opted against adding text on composition of isogenies, since the draft is targeted at practitioners who are not necessarily domain experts, and might loose them. Besides, adding this altenative would not change the main messages.
<<RS

## Technical remarks

- "unequal to" should generally be replaced with "not equal to"
- most instances of "hereof" should be "thereof", though something less archaic than "(t)hereof" would be even better

### 1 Fostering Code Reuse with New Elliptic Curves

- `we specify these curves` should probably be a bit more specific: "we specify the CFRG curves"?

### 4 Examples

- In 4.1: `Moreover, with X25519, private keys are generated in the interval [2^251,2^252-1] rather than in the interval [1,n-1] (the so-called "clamping") and one uses as base point G':=h*G, where G, n, and h are, respectively, the fixed base point, the order of the base point, and the co-factor of the curve in question`: I think this is wrong.  The private keyspace for X25519 is $S = \{2^{254} + 8k : k \in [0,2^{251}-1]\}$.  If you use the keyspace defined here and multiply by the cofactor 8 then this gives the same thing, but that's not how X25519 is specified: clamping produces an element of $S$, and there is no explicit cofactor multiplication.  We should double-check the equivalence of these schemes.

RS>>
Section 4.1 specifies co-factor ECDH, as in all standards using short-Weierstrass curves, and illustrates how this works with Montgomery curves (in Note 1), first with all mandatory checks in standards (X25519+), and then as X25519 does this (with RFC7748). To check that this was correctly specified, simply observe that, with X25519, one exchanges keys X:=(h*x)*G=x*(h*G) and Y:=(h*y)*G=y*(h*G) and computes shared key K:=(h*x)*Y=h*x*y*(h*G) and take G':=h*G. The remaining text simply stipulates the relaxed checks on received values and relaxed way of generating a private key in a "half space".
<<RS

- In 4.2: `One can implement the computation of the ephemeral key pair for Ed25519 using an existing Montgomery curve implementation by (1) generating a public-private key pair (k, R':=k*G') for Curve25519;(2) representing this public-private key as the pair (k, R:=k*G) for Ed25519.`  This is confusing, because $G$ and $G'$ are not the same point.  There's also this explicit-vs-implicit question for Curve25519 key pairs.  Finally, "*key pair* for Curve25519" makes me think of Curve25519 the protocol, rather than Curve25519 the curve, and in the protocol the public key is only an x-coordinate.

RS>>
I do not understand this comment. Please note that G' and G are the base points of Curve25519 and Ed25519, respectively, where Step (2) uses the isomorphic mapping from Curve25519 to Ed25519 defined in Appendix E. Please note that (k, R':=k*G') is a random public-private key pair (see Appendix B.1, 4th and 5th para, and 1000s of papers that define this), i.e., k is a random integer in the interval [1,n-1]. Curve25519 is a specific Montgomery curve (both in this draft and in RFC7748), where the DH-flavor protocol in RFC7748 is called X25519 (and also described in Note 1 of Section 4.1).
<<RS

### 5 Caveats

- In 5.1: the u-coordinate-only compression of RFC7748 (X25519) is not "lossy" (the dropped v-coordinate was never part of the protocol or keys), unless "lossy" means that it maps the point at infinity and (0,0) to the same value, 0.
- In 5.3: "NOTE 1" is interesting, but also kind of pointless in this kind document.
- In 5.3: "NOTE 2" makes me wonder how all these isogenies were found/computed.  It might be worth noting that this 2-isogeny does not preserve the endomorphism ring: you move one level up to the "crater" of the 2-volcano with this isogeny.  On a more basic level, the curves don't have the same abelian group structure: the twist of Curve25519 has a cyclic group, while the 2-isogenous curve has non-cyclic 2-torsion.  This is not an issue with the 47-isogeny from Curve25519, which restricts to an isomorphism on groups of rational points.

RS>>
I am reluctant to add any esoteric (to non-domain experts) language on endomorphism rings, vulcanous, torsions, and rational points, since this would almost surely loose the target audience of practitioners of this draft. Notes 1 and 2 simply illustrate that, with slightly different domain parameter generation methods, one could have provided a better fit with existing implementations, with zero cost in practice. As such, this illustrates that - were one to produce another set of domain parameters in the future - one should perhaps take into account existing implementations better. Without these notes, the audience might have gotten the (incorrect) impression that this would not be possible. The u-coordinate only compression is indeed lossy, since without knowledge of the v-coordinate, e.g., the generation method of Ed25519 keys with Curve25519 implementations as a subroutine (as the example of Section 4.2 does) is underspecified.
<<RS

### 6 Implementation considerations

Clarification: `All NIST curves [FIPS-186-4] and Brainpool curves [RFC5639] are Weierstrass curves with a=-3 domain parameter, thus facilitating more efficient elliptic curve group operations (via so-called Jacobian coordinates).` - this "more efficient" is w.r.t. general short Weierstrass curves with a != -3.

### 8 Security considerations

- `...which is either an isomorphism of a low-degree isogeny`: 47 isn't that low (well, not unless you're a CSIDH implementer)!
- `the complexity of cryptographic problems (such as the discrete logarithm problem) of curves related via a low-degree isogeny are tightly related.  Thus, the use of these techniques does not negatively impact cryptogaphic security of elliptic curve operations.`: this can be made more precise.  The 47-isogeny is an isomorphism on the level of groups of points (because 47 is coprime to the group order), and since the groups are isomorphic their DLPs have equivalent difficulty.  (The 2-isogeny from the twist restricts to an isomorphism of the prime-order subgroups, which is where all the DLP difficulty comes from in that case, so similarly the DLPs have equivalent difficulty.)
- `the use of these techniques does not negatively impact cryptogaphic security of elliptic curve operations`: this might be true in the sense of DLP operations, but the existence of an isomorphism doesn't mean that things like side-channel safety extends from a Curve25519 implementation to a Wei25519 implementation.  So maybe "security of elliptic curve operations" should be changed to something like "security of the underlying elliptic curve discrete logarithms"?

RS>>
The computational cost of evaluating the isogenies in the draft is relatively negligible (roughly 3*l field multiplies with Horner scheme). With l=47, this yields relative incremental cost less than one multiply per scalar bit. Whether the term "low-degree" is that low is in the eye of the beholder, but allows easy statement on DLP complexity, without having to use technical lingo or "variable-itis" in this section (remember that, in Appendix B.1, the order h*n of the curve is such that co-factor h is relatively low and n is prime).
<<RS

### 14 References

`[Wei-Ladder]` was published in PKC 2002, and there's no reason to cite a preprint instead here instead of the definitive version.  This reference can be updated to: Tetsuya Izu and Tsuyoshi Takagi, "A Fast Parallel Elliptic Curve Multiplication Resistant Against Side Channel Attacks", PKC 2002, Lecture Notes in Computer Science Vol. 2274, Springer-Verlag, 2002.

RS>>
The CACR reference in the draft is an update ("postprint"?) of the PKC 2002 paper, but either reference does of course work.
<<RS

### Appendix B

I'm not really sure why this is separate from Appendix A.

- In B.1: The notation `(P)` for the subgroup generated by P is nonstandard and has a fair potential for confusion; `<P>` would be more typical.
- In B.1: `The order of curve E` should be "The order of *a* curve E"
- In B.1: `All curves of prime order are cyclic`: more generally, if the order is not divisible by a square > 1 then the group is cyclic.
- In B.1: `if h*P = O (and is a high-order point otherwise); this point has order n` is slightly ambiguous: `the point P has order n` would be a little clearer.
- In B.1: `Random points R of (P), where P has order l, ... computing R:=k*P, where R has rder l/gcd(k,l)`: this "where" sounds like a restriction on R, rather than a corollary.  Something like `computing R:=k*P. The point R has order l/gcd(k,l)` would be clearer.
- In B.1: `unless k is a multipl of n`: this `n` should be an `l`, but then `k` cannot be a multiple of `l` unless it is zero (because it was sampled from [0,l-1]).

RS>>
I can add the bracketed text in "In particular, if P is a high-order point (of curve E of order h*n)" to remind the reader that concepts introduced before (including h and n prime) are still in scope.
<<RS

- In B.1: `If P is a fixed base point G of the curve...`: P is never used again in this paragraph (or indeed, in the rest of this appendix), so its appearance here is confusing. Maybe this could be rephrased purely in terms of G?
- In B.1: `If this representation is nonzero, R has order n`: this is only true for `n` prime.
- In B.1: `...|E| relatively close to q, where, in fact, |E|=q+1-t`: this "where" is grammatically confusing.  `...|E| relatively close to q. In fact, |E|=q+1-t` would be clearer.
- In B.1: `Points that are both points of E and E'` should be "Points that are points of both E an E'", which sounds funny because of the "Points that are points"; maybe `Points that are simultaneously in E and in E'` would be better?
- In B.1: `Two curves E and E'... are said to be isomorphic if these have the same group structure`: **this is wrong**.  They are isomorphic if there exists an isomorphism *of elliptic curves*, not a group isomorphism.  For example, if q is fixed and large, and n is a prime in the Hasse interval close to q, then there are O(\sqrt{q}) non-isomorphic curves of order n, all with groups of points isomorphic to Z/nZ.  These curves are all isogenous, but they are generally connected by isogenies of extremely large degree, which cannot be computed efficiently - so the DLP in these curves is not necessarily equivalent, in the sense that the DLP in one curve cannot necessarily be mapped into another in polynomial time.  There is certainly no algebraic isomorphism between the curves; generally, mapping points homomorphically from one group into another means solving DLPs!  So even though the groups are isomorphic, I think it is wrong (and seriously misleading) to say that these curves are isomorphic.

RS>>
As to the definition of "isomorphism", there is a trade-off between precision and risk of loosing an audience (hence, the "in this document" preamble to the 6th paragraph). I don't think the precise definition of isomorphism matters *for this draft* (since has no impact on any other 150- pages of the document). Nevertheless, what I change this as follows:
"Two curves E1 and E2 defined over the field GF(q) are said to be isogenous if these have the same order and are said to be isomorphic if the defining equation of E1 can be transformed into the defining equation of E2 via a so-called admissible change of variables. Note that isomorphic curves have necessarily the same order and are, thus, a special case of isogenous curves. Isomorphic curves have the same group structure, whereas this is not necessarily the case for isogenous curves. Further details are out of scope."?
Any suggestion that does not introduce too esoteric language welcome.
<<RS

- In B.2: `where g^0 is the identity element 1 of GF(q)`: 1 is the multiplicative identity element (0 is the additive identity element).  It might be clearer to just say "the multiplicative identity element 1 of GF(q)", or even simpler "the element 1 of GF(q)".
- In B.2: `the set GF(q)\{0} is cyclic`: this should be `the set GF(q)\{0}` forms a cyclic group (a set cannot be cyclic).
- In B.2: `computing square roots and inverses in GF(q) - if these exist`: inverses always exist (except for 0).  I think the "if these exist" qualifier belongs with the square roots instead.
- In B.2: `Readers not interested in this, could simply view...`: remove the comma.


### Appendix C

- In C.1: `For each point P of the Weierstrass curve W_{a,b}, the point at infinity O serves as identity element`: the identity element is always defined for the group, not w.r.t. each element P.  This would be clearer as `On the Weierstrass curve W_{a,b}, the point at infinity serves as identity element`.
- In C.1: `One has P + (-P) = O`: this is an example of somewhere where the notation `(P)` for the subgroup generated by P causes a bad ambiguity.
- In C.1: `...let Q:=P1 + P2, where Q is not the identity element.  Then Q:=(X, Y)`: Q is being defined in `Q:=P1 + P2`, so you can't restrict it in this way, and then the second definition `Q:=(X, Y)` is tautological.  Maybe this would be clearer as `...let Q:= P1 + P2.  If X1 = X2 and Y1 = -Y2, then Q is the identity element. Otherwise, Q = (X,Y), where...`
- In C.2: Exactly the same comments apply here as for C.1/short Weierstrass curves.
- In C.3: Same comments here as for C.1/short Weierstrass curves.

### Appendix D

- In D.1: `while mapping each other point (u,v) of M_{A,B} to the point (x,y):=(u/v,(u-1)/(u+1)) of E_{a,d}`: what about the two points of order two on M_{A,B} not equal to (0,0) (i.e., the points where v = 0 but u != 0)?  The image is not defined.  This situation may be covered/prohibited by the Note on twisted Edwards curves, but no such condition was imposed on the Montgomery curves here...
- In D.2: `Note that not all Weierstrass curves can be injectively mapped to Montgomery curves`: I don't think the "injectively" makes any sense here.  Some Weierstrass curves cannot be transformed into Montgomery form in any way.  Also note that having a point of order 2 is necessary *but not sufficient* for the existence of a Montgomery model.

RS>>
With the draft, any construction involving twisted Edwards curve is supposed to be subject to the Note of Appendix C.3 (a square in GF(q), d not). To remove any unclarity, I will add
"Note that this is well-defined, since neither (A-2)/B nor A^2-4 are squares in GF(q), so M_{A,B} has a single point of order two and no affine points (u,v) with u=-1." and "Note that this is well-defined, since for points (x,y) of E_{a,d}, x=0 only if y=(+/-)1." to the mapping and inverse mapping, respectively.
<<RS

### Appendix E

- In E.2: `as a shift of (p+A)/3 for the isomorphic mapping and -(p+A)/3 for its inverse, where delta=(p+A)/3 is...`: this should probably be `as a shift of delta for the isomorphic mapping and -delta for its inverse, where delta:=(p+A)/3 is...`

### Appendix H

- `Point decompression... where one tries and recover` should be `where one tries to recover`
- `from its compressed representation and information on the domain parameters of the curve`:

### Appendix J

It would be good if the base points on the various curves were mapped onto each other by the isomorphisms/isogenies defined above; this is probably the case, but it should still be mentioned explicitly here.

RS>>
This is indeed the case. The domain parameters and relationships between base points between various curve models are all specified in Section E.2 and G.2. Same with Curve448 and family members.
<<RS

### Appendix K

- I'm really not convinced that this is necessary: it's long, it's repetitive, it's of marginal interest, and it doesn't fit with the code-reuse/mapping theme of the main document (except for the mapping into the twisted Edwards curve).  These maps are not operations of primary interest, so this appendix amounts to 11 highly technical pages worth of bloat. I really don't understand the motivation for including this in this document.
- In K.2: It would be worth mentioning that the "Fermat" inversion 1/y = y^{q-2} in GF(q) works also for q = p prime, and that it is easier to implement in constant-time (where this is relevant/required).
- In K.4.1: `If t is an element of GF(q) that is not a square... yields an affine point P(t)... Let P0:=(X0,Y0) be a fixed affine point of W_{a,b} for which neither P0, P0 + P(t), not P0 - P(t) is in the small subgroup`: it should be made clear that this property is supposed to hold *for all nonsquare t*.
- In K.4.2: Same remark as above for K.4.1

### Appendix L

`This section illustrates how isogenies can be used to yield curves with specific properties (here, illustrated for the "BitCoin" curve secp256k1).`  What are these specific properties in this instance?  The new curve secp256k1.m is not in Montgomery form, does not have a = -3 or -1, does not have particularly nice coefficients...  We have to go back to NOTE 2 of Appendix K to find out that the objective here is just to map from secp256k1 to a Weierstrass curve with nonzero a and b coefficients.  This can only be achieved with an isogeny, not an isomorphism, but then why not transform into one of these more "useful" restricted-short-Weierstrass models (e.g. a = 1 or a = -3)?  That would be more coherent with the "code re-use" motivation of the document.  If all you want is nonzero coefficients then virtually any rational isogeny would do the job, and that reduces this entire appendix to an extra sentence in NOTE 2 of Appendix K.

RS>>
For secp256k1, the concrete instantation of the isogeny used with the constructions in Appendix K is essential: without this, one only obtains abstract function families, with a nondescript isogeny as parameter. This draft is targeted at practitioners who (should) care about details of practical choices.
<<RS

### Appendix M

- In M.1: `with as base point the point (Gx, Gy)` should be `with base point (Gx, Gy)`.
- Same for the `with as base point the point (GX, GY)`.
- In M.2: Same "delta" comment as for E.2.

### Appendix N

What is the point of Edwards448? Is this just some intermediate curve?  Does this curve really need to be named and specified?

RS>>
See previous remark: Edwards448 is used with EdDSA (RFC 8032), so of practical interest.
<<RS

On 2021-11-12 8:28 a.m., Karthikeyan Bhargavan wrote:

Hello All,

Below is a detailed technical review of draft-ietf-lwig-curve-representations-21 by Benjamin Smith (cc-ed).

I discussed this review with Ben and agree with his concerns and it would be great if the authors could address his questions.

In particular, I feel the code reuse motivation needs to be better justified.
One way to do this would be to extend Implementation Considerations (and/or Implementation Status) with concrete examples of code reuse in Wei25519 implementations, quantified in lines of code, for example.
If most of the code in these implementations is in the field arithmetic, which can be reused between representations anyway, the argument for this draft becomes less compelling.

RS>>

Simple question: how does one instantiate ECDSA with SHA-256 and Wei25519, where this could use Curve25519 under the hood, without actually doing the work? I do not understand how lines of code would be relevant as a metric here (some of this is dealt with in Section 6 (Implementation Considerations) and Section 7 (Implementation Status), of the draft, though.

<<RS

Best regards,
Karthik

[snip]


On 12 Nov 2021, at 08:42, Stanislav V. Smyshlyaev <smyshsv@gmail.com> wrote:

Thanks, we'll be looking forward to it.

Regards,
Stanislav

On Fri, 12 Nov 2021 at 10:35, Karthikeyan Bhargavan <karthik.bhargavan@gmail.com> wrote:
Sorry about this, am pushing my colleague and we’ll get it done.

On 12 Nov 2021, at 07:35, Stanislav V. Smyshlyaev <smyshsv@gmail.com> wrote:

Hi Karthik,

>> We’ll send our review early next week.
The authors keep asking me about the review - could you please finish it today (it is already later than "early this week" :) )?..

Regards,
Stanislav

On Sat, 6 Nov 2021 at 01:55, Stanislav V. Smyshlyaev <smyshsv@gmail.com> wrote:
Thank you, Karthik!

Regards,
Stanislav 

On Sat, 6 Nov 2021 at 00:33, Karthikeyan Bhargavan <karthik.bhargavan@gmail.com> wrote:
Hi Stanislav,

My colleague and I dropped the ball on this, but have made progress this week.
We’ll send our review early next week.

-Karthik

On 5 Nov 2021, at 19:27, Stanislav V. Smyshlyaev <smyshsv@gmail.com> wrote:

(CC’ing the second Karthik’s address that I am aware of.)

Karthik, please let me know about the status of your review. The authors have already asked us about the status of their review today, so my question to you yesterday was reasonable. 

Regards, 
Stanislav 

On Thu, 4 Nov 2021 at 20:50, Stanislav V. Smyshlyaev <smyshsv@gmail.com> wrote:
Dear Karthik,

I may be missing something here, but could you please remind me whether you had sent a review for that document?..

Regards,
Stanislav 

On Wed, 11 Aug 2021 at 17:01, Stanislav V. Smyshlyaev <smyshsv@gmail.com> wrote:
In my opinion, it will be absolutely fine, taking the size of the document into account.

Thank you, Karthik!

Regards,
Stanislav (on behalf of the CFRG Chairs)

On Wed, 11 Aug 2021 at 16:58, Karthikeyan Bhargavan <karthik.bhargavan@gmail.com> wrote:
Is 1 month too long a wait?

On 11 Aug 2021, at 09:52, Stanislav V. Smyshlyaev <smyshsv@gmail.com> wrote:

Great, thanks!

How much time will you need for this (taking 146 pages into account) 
I would like to send a message to the authors (CC'ing crypto-panel mailing list).

Regards,
Stanislav

On Wed, 11 Aug 2021 at 16:43, Karthikeyan Bhargavan <karthik.bhargavan@gmail.com> wrote:
Sure, I got a request on another thread a well and can do this (with help from some colleaugues.)

-K.

On 11 Aug 2021, at 09:39, Stanislav V. Smyshlyaev <smyshsv@gmail.com> wrote:

Karthik,

Can you do a review of this document (as a Crypto Review Panel member)?

Regards,
Stanislav

On Fri, 6 Aug 2021 at 12:46, Stanislav V. Smyshlyaev <smyshsv@gmail.com> wrote:
Dear Karthik,

Nick, Alexey and I have had some discussion about reviewing the "Alternative Elliptic Curve Representations" draft, draft-ietf-lwig-curve-representations-21, https://datatracker.ietf.org/doc/draft-ietf-lwig-curve-representations/ - may we ask you to do the review (on behalf of the Crypto Panel)?

Regards,
Stanislav

On Fri, 16 Jul 2021 at 11:50, Stanislav V. Smyshlyaev <smyshsv@gmail.com> wrote:
Dear Crypto Panel Experts, 

We've obtained a request for review of the version -21 of the "Alternative Elliptic Curve Representations" draft, draft-ietf-lwig-curve-representations-21, https://datatracker.ietf.org/doc/draft-ietf-lwig-curve-representations/

The Crypto Panel (that was my review back then) provided a review of the -00 version three years ago:

The document has changed significantly since then, so the authors ask for a new review. 

The chairs would like to ask the Crypto Panel to provide a review (another pair of eyes + reviewing all the changes in the document).

Any volunteers?

Regards,
Stanislav (for CFRG Chairs)







-- 
email: rstruik.ext@gmail.com | Skype: rstruik
cell: +1 (647) 867-5658 | US: +1 (415) 287-3867
--------------FL5HQeo02yerpcSdtyYUVWjx-- From nobody Thu Jan 27 22:20:14 2022 Return-Path: X-Original-To: crypto-panel@ietfa.amsl.com Delivered-To: crypto-panel@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 16FCB3A1E6D for ; Thu, 27 Jan 2022 22:20:12 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.096 X-Spam-Level: X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pkpENXhClVDQ for ; Thu, 27 Jan 2022 22:20:07 -0800 (PST) Received: from mail-ed1-x52c.google.com (mail-ed1-x52c.google.com [IPv6:2a00:1450:4864:20::52c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9DB233A1E6F for ; Thu, 27 Jan 2022 22:20:07 -0800 (PST) Received: by mail-ed1-x52c.google.com with SMTP id p12so7695385edq.9 for ; Thu, 27 Jan 2022 22:20:07 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:from:date:message-id:subject:to:cc; bh=4nLeg4YDg4xmrGURvHeAbvD4u1APvt7XGf4cweKS3o8=; b=Iv0u8zu9Oher4nsKxTO4CMsAe+KTDmzJqrk02TZG8dHYS7IwXRJj8hOin9sW8zO0GN 2Qrez4l3+Gu/+pE9MMK8ZVpRt+GvejB0p3fGTyLmgVO0UJwL2B+/uZ2otU1wew1wtMgz 9JAjT6DcvMgMGNlqeA2idY2t3PNuxE7Cg/EZvY9FMqKFoJowXZISOEUAubT2ad7w2e+z f0zeY14HOAmZ35kEpLohslg9mDIYzTfSnm2A04Sm/1h0/kV07/FhYtaPUxac2pcIa/lX EooTQNE/CCXWoSluETBaENrOvAjttTAcppwG2sUVkE78n30IJz66aD1XqdwGRNvz0Gdt VRJw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc; bh=4nLeg4YDg4xmrGURvHeAbvD4u1APvt7XGf4cweKS3o8=; b=psYwc+ns9aQVDq2gQ+WJMMzy5oxTYvnVopZl888kJqzgKEUVDT2E6nrLotJCeTiU+K he50wkmhXx4JjcbIUCo3ATy5Jpqn1yEj/pi9kMBYL3b4ZFiyPK2ANkKWOzitU+bGoQnp kDaRehYMIwsSb6l+dXpV0EkObi4mIUDJkfj35bC931IsgVOnjPnDGSvD8Jo4tvoL2GPA gxNCrGm9wP8YWl7Gz3j88ouBXGdFNKEe/b+IryW9t6e4t+M0eBli1K8+TYxS1eQE42zF MZcvY0vFOTSN2ZM/0YYilqPAlmL/WpM0Z8C6tzKLbnY42Zieg0blkTnPZzHfUdTLVB01 MVrg== X-Gm-Message-State: AOAM532xZYRuY4spkEApxoocxfgZR6kq37EJzXD8nObVVA4VG14G1UQI mFALeHNHjNMlRq9Jva6+bhxqgJmn+TKVJFDdIphIxUt8gWs= X-Google-Smtp-Source: ABdhPJyrAXAke/0DBgiBTYTKnEAEiW5l+tCSE2dmXx/mkBV8ejduIrW7yPtfcbV52jaUrydy+SyfAw2ypzr4QQ9qVFM= X-Received: by 2002:a05:6402:1910:: with SMTP id e16mr6785160edz.168.1643350804510; Thu, 27 Jan 2022 22:20:04 -0800 (PST) MIME-Version: 1.0 From: "Stanislav V. Smyshlyaev" Date: Fri, 28 Jan 2022 09:19:46 +0300 Message-ID: To: crypto-panel@irtf.org Cc: cfrg-chairs@ietf.org Content-Type: multipart/alternative; boundary="000000000000f1baf905d69e6ca1" Archived-At: Subject: [Crypto-panel] Request for review of two erratas opened against RFC 8032 (EdDSA) X-BeenThere: crypto-panel@irtf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 28 Jan 2022 06:20:12 -0000 --000000000000f1baf905d69e6ca1 Content-Type: text/plain; charset="UTF-8" Dear Crypto Review Panel experts, We've received a request to have a closer look at two errata opened against RFC 8032: https://www.rfc-editor.org/errata/eid5758, https://www.rfc-editor.org/errata/eid5759. Previously these two errata were rejected since no mistakes in the current text of the draft had been found. At the same time, the two errata might provide more effective ways for square-roots-mod-p. We would like to ask a Crypto Panel expert (or two experts) to check the proposed formulas, i.e., to verify that they are correct and more effective (always or in a vast majority of cases). Any volunteers? Best regards, Stanislav (for chairs) --000000000000f1baf905d69e6ca1 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Dear Crypto Review Panel experts,

We= 9;ve received a request to have a closer look at two errata opened against = RFC 8032: https://www= .rfc-editor.org/errata/eid5758, https://www.rfc-editor.org/errata/eid5759.=C2=A0

Previously these two errata were rejected since no mistak= es in the current text of the draft had been found. At the same time, the t= wo errata might provide more effective ways for=C2=A0square-roots-mod-p.=C2= =A0

We would like to ask a Crypto Panel expert (or= two experts) to check the proposed formulas, i.e., to verify that they are= correct and more effective (always or in a vast majority of cases).
<= div>
Any volunteers?

Best regards,
Stanislav (for chairs)
--000000000000f1baf905d69e6ca1-- From nobody Fri Jan 28 03:23:17 2022 Return-Path: X-Original-To: crypto-panel@ietfa.amsl.com Delivered-To: crypto-panel@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9763A3A0CF0 for ; Fri, 28 Jan 2022 03:23:14 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.097 X-Spam-Level: X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hCFCCqNGT9lw for ; Fri, 28 Jan 2022 03:23:09 -0800 (PST) Received: from mail-yb1-xb30.google.com (mail-yb1-xb30.google.com [IPv6:2607:f8b0:4864:20::b30]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 285913A0CEB for ; Fri, 28 Jan 2022 03:23:09 -0800 (PST) Received: by mail-yb1-xb30.google.com with SMTP id k31so17516554ybj.4 for ; Fri, 28 Jan 2022 03:23:09 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=tRQgO/YZKLEjSyvpydq0Vxilq2Yn6mhicwQ8TR7SUIk=; b=PNM+xMiWawxVfxmsbsihyxTlz8myniDYrSv6AR4iJkT7YLwdG1TBeM5PJOHx7+5kSt 6MY+0Y57DDMoq7LZOGbRzt+qGem+iq0rTe+b53C3IIedbNYqDG1XQQs8j1M6lU0LgmDn 3QZ6el1SDrV4bXqI0Nq8uuxPOaWZDu5sooXeg9fR6doG+FbX1c8TbJpxGsAo6G90HvWa 5AmixqArkPD/LbjfH61KBwH9c8/vlnREi4DCnGEL4Au2NeR6j8nWGyU7jE7UlPzK5PIP FfciQzqq9JXoFvwWWR5zyIxAO9ItMHyUz25ZmJprnHwng2nHurnx1NjOFc1CvHuO7DCT ZZ2w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=tRQgO/YZKLEjSyvpydq0Vxilq2Yn6mhicwQ8TR7SUIk=; b=RGwXwldS1Qd+ypmg37N8cyAuFqop8RB9j16RtgR0WY9SeMpp46RRkidasPShrBO2fs ga0LM5FpZJqeFjNZXYxEIzNZWzf2TlYxTLrAop6ZqNGhs1m5vvpA0ptdTX+slbUoMV/3 kexosGjFAr7o9G4MRTXMAdAm0w62vrM+cEWxDz1dYUcUmquml1hlAp3cRVQxKD/DL0g4 1wHDc47wKfMqsugeeWczZgrRW2AK6A+QN2CAw0jcGM4ZXM3n3dqzV56ZDYrOMGWN2Szq KTTn1EeePLQuUVHk6HXkE2Nne/vyjoR1rJvZlwvfFxBbXNUiMMdsA5ME1qFHRbPlqodS /+Vg== X-Gm-Message-State: AOAM5320xIhy7LPV2DoMkdD/En+/1io0WPCvwgD4RTEckgytcIn4/aFD aK8R9eaANZ36Jw1HDTcydmqy/9g0mSmEpHOsJ8A= X-Google-Smtp-Source: ABdhPJy6FjvnoKj6ezrRgZdL2jftAp6Pg38P2ZIlf0MZTkrU7FHbxCpSv9lWfTmALun4dk8NU1py0ms/chqT0MZVntg= X-Received: by 2002:a05:6902:1148:: with SMTP id p8mr264667ybu.553.1643368987699; Fri, 28 Jan 2022 03:23:07 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: From: Chloe Martindale Date: Fri, 28 Jan 2022 11:22:56 +0000 Message-ID: To: "Stanislav V. Smyshlyaev" Cc: crypto-panel@irtf.org, cfrg-chairs@ietf.org Content-Type: multipart/alternative; boundary="000000000000bf2d6905d6a2a851" Archived-At: Subject: Re: [Crypto-panel] Request for review of two erratas opened against RFC 8032 (EdDSA) X-BeenThere: crypto-panel@irtf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 28 Jan 2022 11:23:15 -0000 --000000000000bf2d6905d6a2a851 Content-Type: text/plain; charset="UTF-8" Hi all, I can take a look at this. All the best, Chloe On Fri, 28 Jan 2022 at 06:20, Stanislav V. Smyshlyaev wrote: > Dear Crypto Review Panel experts, > > We've received a request to have a closer look at two errata opened > against RFC 8032: https://www.rfc-editor.org/errata/eid5758, > https://www.rfc-editor.org/errata/eid5759. > > Previously these two errata were rejected since no mistakes in the current > text of the draft had been found. At the same time, the two errata might > provide more effective ways for square-roots-mod-p. > > We would like to ask a Crypto Panel expert (or two experts) to check the > proposed formulas, i.e., to verify that they are correct and more effective > (always or in a vast majority of cases). > > Any volunteers? > > Best regards, > Stanislav (for chairs) > _______________________________________________ > Crypto-panel mailing list > Crypto-panel@irtf.org > https://www.irtf.org/mailman/listinfo/crypto-panel > --000000000000bf2d6905d6a2a851 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hi all,

I can take a look at= this.

All the best,
Chloe

On F= ri, 28 Jan 2022 at 06:20, Stanislav V. Smyshlyaev <smyshsv@gmail.com> wrote:
Dear Crypto Review Panel = experts,

We've received a request to have a closer l= ook at two errata opened against RFC 8032: https://www.rfc-editor.org/errata/e= id5758, https://www.rfc-editor.org/errata/eid5759.=C2=A0
Previously these two errata were rejected since no mistakes in = the current text of the draft had been found. At the same time, the two err= ata might provide more effective ways for=C2=A0square-roots-mod-p.=C2=A0

We would like to ask a Crypto Panel expert (or two e= xperts) to check the proposed formulas, i.e., to verify that they are corre= ct and more effective (always or in a vast majority of cases).
Any volunteers?

Best regards,
Stanislav (for chairs)
_______________________________________________
Crypto-panel mailing list
Crypto-panel@irt= f.org
https://www.irtf.org/mailman/listinfo/crypto-panel=
--000000000000bf2d6905d6a2a851-- From nobody Fri Jan 28 03:32:08 2022 Return-Path: X-Original-To: crypto-panel@ietfa.amsl.com Delivered-To: crypto-panel@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 10EB33A0D50 for ; Fri, 28 Jan 2022 03:32:06 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.097 X-Spam-Level: X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PI6sunGBY07c for ; Fri, 28 Jan 2022 03:32:01 -0800 (PST) Received: from mail-ej1-x635.google.com (mail-ej1-x635.google.com [IPv6:2a00:1450:4864:20::635]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 174293A0D46 for ; Fri, 28 Jan 2022 03:32:00 -0800 (PST) Received: by mail-ej1-x635.google.com with SMTP id me13so14939160ejb.12 for ; Fri, 28 Jan 2022 03:32:00 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=qv2g+AHAxkUc2N54Fpm2jx8BJjpqNKALkZ800T6yLUU=; b=LbWsCj2u++0LllJlhum2STGZE2Aqz8HvMCX55RWJOkt2Q47G6mV5Az4FaytLakPTT8 DiLfxZqxFd6d3/5lDtP4VScbWuxq9E4e8IXXr2XNo5T0+KzMeUv5Bj00Q9zjvpaU217U UotJe9RJtOgGHEyPc3i1tTNhVUNIj1dHq7YR3wvPnthep6FM1chlKuF94CYzyjRqWItY ULE0xh3lCw6dOCvjee5mrz+4pQL/6VnirLgQP1vH/T4Gg3ViIcZ/f85CS7Cxtm3tKRXZ zpQDVBv1f67UQcVcej7jjPteW6s4OEv3o14zDaD5yTnJmo7ET1uJUKTYEMwnyiOj6783 n1Pw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=qv2g+AHAxkUc2N54Fpm2jx8BJjpqNKALkZ800T6yLUU=; b=rpEXa+cJhZAGM2gc3nTMnlQXy2RY1dabCsYtxMERX7OLdbdrp0nmLleCiGIkBR2zgI N2Q7E9Y0rIEZ94bOdjtMOTlqxkvHfIboZ563TKYJHRVMZVZhhLu0gS6ttwsOioXgJ5t3 h2vUjZGC3ET4a4H2AVDUgANosTQ37F8D4ghps4nyxaoUsV5K+qRzZNwLQwG2oxXUhKmD ctVkdqI7aiSdyq60o/G5bqVQ0ixHlEKp7q0izj9EWfHTLInc9I10PGSZd7T58ity90LY 9bTYc/qajr4eQ56teNKodq4yw26q7kQwmzAFvjZS8sKRQCKp1GS7bdJdeUdCs13AXUIC NdOw== X-Gm-Message-State: AOAM533ou8QMDEq58Ua+VG3CKagrHeSq8j7isO7cCNCshctdbWim+KQM VCmjNepb0nv2fJwteciWh1i7TzNl+kij/jNKuIU= X-Google-Smtp-Source: ABdhPJy19P979iJPMqpJJPZAVd6tfLswxq+HP94t37iWjBlB3tTMQ27iUIrXez0wEzkqJIG6Iq7AvGKL08kT3t9irm0= X-Received: by 2002:a17:906:2e8b:: with SMTP id o11mr6509918eji.241.1643369518499; Fri, 28 Jan 2022 03:31:58 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: From: "Stanislav V. Smyshlyaev" Date: Fri, 28 Jan 2022 14:31:40 +0300 Message-ID: To: Chloe Martindale Cc: crypto-panel@irtf.org, cfrg-chairs@ietf.org Content-Type: multipart/alternative; boundary="000000000000628bf005d6a2c878" Archived-At: Subject: Re: [Crypto-panel] Request for review of two erratas opened against RFC 8032 (EdDSA) X-BeenThere: crypto-panel@irtf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 28 Jan 2022 11:32:06 -0000 --000000000000628bf005d6a2c878 Content-Type: text/plain; charset="UTF-8" Great, thanks a lot, Chloe! Regards, Stanislav On Fri, 28 Jan 2022 at 14:23, Chloe Martindale wrote: > Hi all, > > I can take a look at this. > > All the best, > Chloe > > On Fri, 28 Jan 2022 at 06:20, Stanislav V. Smyshlyaev > wrote: > >> Dear Crypto Review Panel experts, >> >> We've received a request to have a closer look at two errata opened >> against RFC 8032: https://www.rfc-editor.org/errata/eid5758, >> https://www.rfc-editor.org/errata/eid5759. >> >> Previously these two errata were rejected since no mistakes in the >> current text of the draft had been found. At the same time, the two errata >> might provide more effective ways for square-roots-mod-p. >> >> We would like to ask a Crypto Panel expert (or two experts) to check the >> proposed formulas, i.e., to verify that they are correct and more effective >> (always or in a vast majority of cases). >> >> Any volunteers? >> >> Best regards, >> Stanislav (for chairs) >> _______________________________________________ >> Crypto-panel mailing list >> Crypto-panel@irtf.org >> https://www.irtf.org/mailman/listinfo/crypto-panel >> > --000000000000628bf005d6a2c878 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Great, thanks a lot, Chloe!

Regards,
Stanislav

On Fri, 28 Jan 2022 at 14:23, Chloe Martindale <<= a href=3D"mailto:chloemartindale@gmail.com">chloemartindale@gmail.com&g= t; wrote:
Hi all,

I can take a look at this.=

All the best,
Chloe

=
On Fri, 28= Jan 2022 at 06:20, Stanislav V. Smyshlyaev <smyshsv@gmail.com> wrote:
Dear Crypto R= eview Panel experts,

We've received a request to hav= e a closer look at two errata opened against RFC 8032: https://www.rfc-editor.= org/errata/eid5758, https://www.rfc-editor.org/errata/eid5759.=C2=A0

Previously these two errata were rejected since no = mistakes in the current text of the draft had been found. At the same time,= the two errata might provide more effective ways for=C2=A0square-roots-mod= -p.=C2=A0

We would like to ask a Crypto Panel expe= rt (or two experts) to check the proposed formulas, i.e., to verify that th= ey are correct and more effective (always or in a vast majority of cases).<= /div>

Any volunteers?

Best rega= rds,
Stanislav (for chairs)
_______________________________________________
Crypto-panel mailing list
Crypto-panel@irt= f.org
https://www.irtf.org/mailman/listinfo/crypto-panel=
--000000000000628bf005d6a2c878-- From nobody Fri Jan 28 04:43:05 2022 Return-Path: X-Original-To: crypto-panel@ietfa.amsl.com Delivered-To: crypto-panel@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C7DDD3A1168 for ; Fri, 28 Jan 2022 04:43:03 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -7 X-Spam-Level: X-Spam-Status: No, score=-7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=nccgroup.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MQCjhWoJP_S6 for ; Fri, 28 Jan 2022 04:42:58 -0800 (PST) Received: from NAM10-BN7-obe.outbound.protection.outlook.com (mail-bn7nam10on2080.outbound.protection.outlook.com [40.107.92.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6EF193A1169 for ; Fri, 28 Jan 2022 04:42:58 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=WwCroRArlIZG2rbrNf4x312YPgrc1YSxhkS/nIKXLrzoD34wA4RdQ1b1iI6IDf8I0ylZtkOjHWwx64l+WBQHptU4JjZUBzpoWZovZjHP4ENIxrL1fGeFfUSc4LgUD/rs2cIVf8yeMeA5NtO8/e41adFXirIMn8/BtO/yWbE3JPjGWg0Y3Us2YAkaidEHOZg9u743Ycb53gwS3QDFEhvHG1AE4ey+4Om8fL6KGgUAwOsRsoEbM7u1k7xuv5DT4F41jdNvbufWs7q1F4u8gJIMJyifRdn7ep7i6YOu8Ey7XoR/MwG2yPzOkHl7lNle81zEjACv7u5YkB9oKUASdiTUDw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=5Sp0k+VNP7fV6im14vZNxT0vGTcarWgB26XyyGU1EcE=; b=oUbLSqQOEky9gqxYfmbPfHuCJd6BIy41FC/OHqEblEevlXzlfkw04LemkMCTx6F4ErQm+xZRHmbXcflRo7xJG78p4s9P91e19jZClg7k3sKn3/Qi77V9dDlbC6PSi6xlB55+L2tJj6AdgZ0jZYi7JcXjFnGFMWmaNgVLdcxGb1kT+7Ky0EmWC8bW9Mgw+s2rWep9etA5mS/cMNka1Lggc3uNC0eTa66Q3e7kw6H/YZfKI9VeEEMy974hb/eDRX9wJLlLqGsza0+Dtkx2O0Nho4G9OyoUQ1opHZbbTMhu0C5Uc6nMoimTWmRi/IuuqnmxW+gZfZRSZTipSmQ9Uf2ERA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nccgroup.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=5Sp0k+VNP7fV6im14vZNxT0vGTcarWgB26XyyGU1EcE=; b=dt7EgRHAjFW6oI51q1xcSLX9K6NwO+hgG+w+tdn67uA7547xNHe7glo16fPk9B2APoUBaD4Vhk/TVQTY3qth1V7JPUyO2D0jhS0p9gWZgZ9463wlvflqRJA3BJ2wrSnIV67YcJHh+eZOrsh+eZgwejgU1wgBSRPrYfxRcIwTxPd3QuZc5jwdC+x6OVbDjZC8mAxhwZuy0HZNRi1f32YUb6X7UCFdpBBKavIVpFktY6Wvwvtprjc5QSPYlmyoCSVgpp0xwSUxXlvOYoxO0l3UoJ3I4eyr/H0iixA3KNSFbfOsSKBCCeJlzsACz/HfD4+fXNuJ9vRNJ68kacG1VBivLg== Received: from DM6PR06MB6187.namprd06.prod.outlook.com (2603:10b6:5:126::28) by DM8PR06MB7800.namprd06.prod.outlook.com (2603:10b6:8:3f::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4930.15; Fri, 28 Jan 2022 12:42:55 +0000 Received: from DM6PR06MB6187.namprd06.prod.outlook.com ([fe80::c878:f32b:41d3:e0f8]) by DM6PR06MB6187.namprd06.prod.outlook.com ([fe80::c878:f32b:41d3:e0f8%5]) with mapi id 15.20.4930.019; Fri, 28 Jan 2022 12:42:55 +0000 From: Thomas Pornin To: Chloe Martindale , "Stanislav V. Smyshlyaev" CC: "crypto-panel@irtf.org" , "cfrg-chairs@ietf.org" Thread-Topic: EXTERNAL: Re: [Crypto-panel] Request for review of two erratas opened against RFC 8032 (EdDSA) Thread-Index: AQHYFDmiQ4GwaypE202HFmpw6eXVYqx4DNIA Date: Fri, 28 Jan 2022 12:42:54 +0000 Message-ID: References: In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=nccgroup.com; x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 90465eb0-69ce-4ddd-0de4-08d9e25bb4aa x-ms-traffictypediagnostic: DM8PR06MB7800:EE_ x-microsoft-antispam-prvs: campaign: C_Default signature: S_NoSignature disclaimer: D_NoDisclaimer x-ms-oob-tlc-oobclassifiers: OLM:8882; x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: dGYT2nkfWQzUX+N9uowkMzzZvX/zLP335fUo01I1ViMrYYI3fTPs6Wo07OO2nIe2brSRDiViWt+b0jyT6dklkDLdJMZJtcxdHILYQPPI4HRuPoaovGPosy7P5p9EnqlVyUIMsd/O677MwTHcEmqNRPXdzi+EwzR8YSHY7d3kOXVu2Z2+/WoRY0vzkPz3jT3lopzLLrtIc0DSxuOM1Ho+7//XYPhII7XyFeE2qV55CN3iOYbhZK04W9igFyBSZwzuOVQXIkw+8uEg6KmWWMX7pc9lT81Tigjl4iPMrsE1PusJBTYbiA7ni4fvOhcVd0uZcEjif3tGJDkJcin5nrEBbr4hRokVn3ViZcIcTMYMVtsII1tVvaEg+XwYs+CiI4yl3sivhitcOXaovNuRE9+DpWbsTk/L9f82xPBHq4ReQxvnpNyEaEeLbVs3wf8ecNfdxhJadkXQ++04BPBzZtOHykBEer2mUqXmL+qE1S6eEcIPkRb2DxxREei9iKg4OJ3+ImBSu5JK+i8Xyl1nI+cpnUwbw8JT+IBsaAvy73Tv6NWccQUkKDKz2DP3yzVnXNI21QgJGlYwZZVZfLImyv6YCnFicQnkITmhFmo2FeueExzO5EvzxYXQ3QSdVHwlPynHS79qd7pc3dzPoDP1Dz9r5BjX8RbUdNO29rNsdU/ylMTPtI23uwUEmg9kvd27SZU1aykeggaQ++mwReJCt+cDup5p7jBHewEmdcFo5eMaodpJfb8SK5wG9Mb/ZXSDsQLaiDAYQjxNZSxQ88QkugZsZiW6uVEcoaoFUtguYrRenYsyMLDf0vjHEiK0HVGxxjch x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM6PR06MB6187.namprd06.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(4636009)(366004)(6506007)(8936002)(6512007)(38100700002)(8676002)(53546011)(122000001)(508600001)(44832011)(71200400001)(166002)(186003)(316002)(33656002)(26005)(5660300002)(91956017)(2906002)(64756008)(966005)(6486002)(4326008)(36756003)(83380400001)(66446008)(2616005)(54906003)(86362001)(66946007)(110136005)(76116006)(38070700005)(66556008)(66476007)(45980500001)(20210929001); DIR:OUT; SFP:1101; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?utf-8?B?Nk5WT3FhbkhmUXJIZ243ekdtMG82K2dSMDQrVVR4QUUrNW8xczRVN3luK2Yr?= =?utf-8?B?aE5SdGR1bG9OY1UxeWpvVjI2c1RPaGhZZ1AwRngrSzFaQVExRFFJUG13K0Jx?= =?utf-8?B?YnlJbnRNc2VTekFkMmpoY0txaXU5RUowWTJHcFVtUVI0NE41eGdxV2dBY3gy?= =?utf-8?B?YzZtVU5PRlRRUnRMaEZvVW1Pb1VNYWQ4NlA3SXE1NEtIeHZrMlJ2VTY0LzZY?= =?utf-8?B?T0kwODhoeTQyZWRZbElyU2VsRklLamZKQ2RsdEc0Z0VwR2FISVVYZk5VK0FT?= =?utf-8?B?empmcXBiL2h0cTkvNXR5UEpFNmNua3RsNUNUUitYMjdZNnJWUWtDSFdlQnBB?= =?utf-8?B?L0l1ekIrSEwzZWZIWXg2eVVwU0hGK3F6TEZkWVBCMHRmM1NncEdNamRnNXo4?= =?utf-8?B?WHg0UWpheTI0KzFvdk94S2wxV2h1OElmVk1yTUloV01FcTRHUEY0YTVGeEo2?= =?utf-8?B?dTR6dnVDZ3lDYTVTQThvTnZZbzBqTVllQzFZQVRBamo3aThkenNhYVdwbkNM?= =?utf-8?B?Ny9hVUMzNUlJQmgzb1ZOS1hsNmlIbnFkR0JsWnloU0hLcUxkc1ZhTWIyUjJZ?= =?utf-8?B?dk9SNFBCcnI0bHl4cVdkNy9EckxzcFZ0cHFtSTB3TExmZU9jT3o4QXlvQ2FP?= =?utf-8?B?ak5kU1B6bExrVHd3NjA4N05VSCtGQVltSXd4ZkQvZit0NnpOaGdkcHRzNHQ2?= =?utf-8?B?TE5GZDFFSHYxZDcyNFNQR1NSQUhOVEpCM2w0TG5raEthRlhxQktPNElPektw?= =?utf-8?B?OXBSQWdpU3ppamxVbzRCNzFzRjlvMTJaNzBUdTdFYy9hR2ZTOXAyUHljK0Y1?= =?utf-8?B?ZFYyMkNudkkwZmRFbTRLOU44VWRweFBWQjRoczlOOURpMUl6UzBiV210UC94?= =?utf-8?B?L3VHZUR1R201Nk9QT3p0REk0emVEQVF1STR6SUpwRE9wRTQ5bFh2SytDVVN6?= =?utf-8?B?dXpNRk5keFpoT1FRQll2eTZ2SVY4KzlSMWYxc3k2WEZaKzdWZHB5SEFhZmZq?= =?utf-8?B?VW1pLyswSHVQL0FGTTg2WkF6dXgyMVJQekxKVHBucytNVnlCV0pPUmtlODdU?= =?utf-8?B?NU44eU82SHh6YnNpZHNtcGI5UDhvaUJCbktRNWlxZ0lEQnBkOHdMM0dWREp0?= =?utf-8?B?ckZzYzZoS1IzRXRxSTB6NFlWbG41ZnE0SERkemgxZ2tMYVhaamd3a2lnUHA1?= =?utf-8?B?Ymx0eTFQZnduK2Rud0hJSlFLUXA3QzRCWDBZYUtmOGRqWEgyU0hOSW5ONEJk?= =?utf-8?B?T20xeFEybGpYU0E2S09RcTdFL3NReWdLeitXdUxOcTVrRklzbzNqbVRMeE43?= =?utf-8?B?V2NjOHZwWHRqcjlaaFhFNDRiSkdNMTNMckZRVnpqdVoySmZLSjRoWG5BT3Fr?= =?utf-8?B?OU85TzFHTDhrQ2hXNzZma0pIWUJCZ2d1RmVBVDFCeGFpNVZoeHoySjJ3THhz?= =?utf-8?B?UjZlWWp4OHRTQzhDOHVLalZzTkovL2Y0OEFFQWVpWlFBQnNrRFJSd1RycS93?= =?utf-8?B?a0srQVExdDVMblZrQUlzeWlCRzQrSlF4NUQ3YkpCZ01xcjE0bmZtcVV4ZFY3?= =?utf-8?B?Syt1SHorN3hiMVMwbnRIQUpjUXlGSlFRUzJmV0xDSnBiMC9xcHpjU05CVVVY?= =?utf-8?B?bm0waWpBbTBucE1QNEtqQ2Z6R2hHUlVSaFJWbEVkS2cwZXRMQXFVWlVBaStz?= =?utf-8?B?NkRna0F5bGVHNlY4WVFEMXN5QkhNb3JETWtaMlFoaDJHYWEybEt2b1hOSE9l?= =?utf-8?B?emthaUpSQzhBWXVOdFB5R1FuVG5MUzJDRk1PVVJiMlMyTjJWOXN6S2NpaGd0?= =?utf-8?B?bzVJajg0MWVOYzVZbVJKM1FUc0xWSUhtWld0bWJxNWU4dDdjc3ZTdldQZDQ0?= =?utf-8?B?dUxGbzhXd1NzQ0tjNko2MWk3QXZaME5wSUU1TGdtdElGS2hSV2x0YnJYa24w?= =?utf-8?B?UnpHb2lRQzdVU1dLN2RhZ3dYaTQxYzdBZ2tNRmd0TTgzSGVqa21kQUFOR0pE?= =?utf-8?B?dStJYldJdjZkRldaYVRtY1hXSGxjNm9ZS3kxek1kM0xieWhGY2dpdGphQjFt?= =?utf-8?B?alZDa1BubG1LZzJqSThlSzgwOVUzcmY2d0MvaXBxc1l2T0t2VzlqODU0YzhC?= =?utf-8?B?b3dFNEpvZndQYWZYTklGM0R0eUNyR25jVHlvOUlka0F2VjR0Nm5LdDJyWTZH?= =?utf-8?B?VXlPZnJPczl5R09xTXkvc1dKenpCckFOS3J5ZndjZmxHNlBMSzBpZ3l0MjlB?= =?utf-8?Q?+KwAr2RrUjPazcJQzMde3Va94oO0XO+PD3iCemtvzM=3D?= Content-Type: multipart/alternative; boundary="_000_F341E4901A0A4A4181ED3C9254B74713nccgroupcom_" MIME-Version: 1.0 X-OriginatorOrg: nccgroup.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: DM6PR06MB6187.namprd06.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 90465eb0-69ce-4ddd-0de4-08d9e25bb4aa X-MS-Exchange-CrossTenant-originalarrivaltime: 28 Jan 2022 12:42:54.9330 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: a41111be-486b-45f6-8bd0-ee01a62f368e X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: DJ6Btbi5MW35uP+8/rjRvAIlFnmQKIDmUwAxrLj/f14YZic431buUTooshzxTnxrg6rIC4jKICjBL056UfbbkjTHj625YLwshB5COws2ack= X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM8PR06MB7800 Archived-At: Subject: Re: [Crypto-panel] EXTERNAL: Re: Request for review of two erratas opened against RFC 8032 (EdDSA) X-BeenThere: crypto-panel@irtf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 28 Jan 2022 12:43:04 -0000 --_000_F341E4901A0A4A4181ED3C9254B74713nccgroupcom_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 SSB3aWxsIGhhdmUgYSBsb29rIHRvby4gVGhpcyBsb29rcyB3ZWlyZC4NCg0KVGhvbWFzDQoNCkZy b206IENyeXB0by1wYW5lbCA8Y3J5cHRvLXBhbmVsLWJvdW5jZXNAaXJ0Zi5vcmc+IG9uIGJlaGFs ZiBvZiBDaGxvZSBNYXJ0aW5kYWxlIDxjaGxvZW1hcnRpbmRhbGVAZ21haWwuY29tPg0KRGF0ZTog RnJpZGF5LCBKYW51YXJ5IDI4LCAyMDIyIGF0IDA2OjI0DQpUbzogIlN0YW5pc2xhdiBWLiBTbXlz aGx5YWV2IiA8c215c2hzdkBnbWFpbC5jb20+DQpDYzogImNyeXB0by1wYW5lbEBpcnRmLm9yZyIg PGNyeXB0by1wYW5lbEBpcnRmLm9yZz4sICJjZnJnLWNoYWlyc0BpZXRmLm9yZyIgPGNmcmctY2hh aXJzQGlldGYub3JnPg0KU3ViamVjdDogRVhURVJOQUw6IFJlOiBbQ3J5cHRvLXBhbmVsXSBSZXF1 ZXN0IGZvciByZXZpZXcgb2YgdHdvIGVycmF0YXMgb3BlbmVkIGFnYWluc3QgUkZDIDgwMzIgKEVk RFNBKQ0KDQpIaSBhbGwsDQoNCkkgY2FuIHRha2UgYSBsb29rIGF0IHRoaXMuDQoNCkFsbCB0aGUg YmVzdCwNCkNobG9lDQoNCk9uIEZyaSwgMjggSmFuIDIwMjIgYXQgMDY6MjAsIFN0YW5pc2xhdiBW LiBTbXlzaGx5YWV2IDxzbXlzaHN2QGdtYWlsLmNvbTxtYWlsdG86c215c2hzdkBnbWFpbC5jb20+ PiB3cm90ZToNCkRlYXIgQ3J5cHRvIFJldmlldyBQYW5lbCBleHBlcnRzLA0KDQpXZSd2ZSByZWNl aXZlZCBhIHJlcXVlc3QgdG8gaGF2ZSBhIGNsb3NlciBsb29rIGF0IHR3byBlcnJhdGEgb3BlbmVk IGFnYWluc3QgUkZDIDgwMzI6IGh0dHBzOi8vd3d3LnJmYy1lZGl0b3Iub3JnL2VycmF0YS9laWQ1 NzU4PGh0dHBzOi8vZ2JyMDEuc2FmZWxpbmtzLnByb3RlY3Rpb24ub3V0bG9vay5jb20vP3VybD1o dHRwcyUzQSUyRiUyRnd3dy5yZmMtZWRpdG9yLm9yZyUyRmVycmF0YSUyRmVpZDU3NTgmZGF0YT0w NCU3QzAxJTdDdGhvbWFzLnBvcm5pbiU0MG5jY2dyb3VwLmNvbSU3QzliNmI0N2RkYzFhMzQ3ZmRm NzlkMDhkOWUyNTA5NmQ1JTdDYTQxMTExYmU0ODZiNDVmNjhiZDBlZTAxYTYyZjM2OGUlN0MwJTdD MCU3QzYzNzc4OTY1ODc4MDA4ODY4OSU3Q1Vua25vd24lN0NUV0ZwYkdac2IzZDhleUpXSWpvaU1D NHdMakF3TURBaUxDSlFJam9pVjJsdU16SWlMQ0pCVGlJNklrMWhhV3dpTENKWFZDSTZNbjAlM0Ql N0MyMDAwJnNkYXRhPTFpbWNiT3hIME9pWThkOW0lMkZqWmFZdkROSE5RYiUyQkVURUJMa3Z0NVdG ZDZBJTNEJnJlc2VydmVkPTA+LCBodHRwczovL3d3dy5yZmMtZWRpdG9yLm9yZy9lcnJhdGEvZWlk NTc1OTxodHRwczovL2dicjAxLnNhZmVsaW5rcy5wcm90ZWN0aW9uLm91dGxvb2suY29tLz91cmw9 aHR0cHMlM0ElMkYlMkZ3d3cucmZjLWVkaXRvci5vcmclMkZlcnJhdGElMkZlaWQ1NzU5JmRhdGE9 MDQlN0MwMSU3Q3Rob21hcy5wb3JuaW4lNDBuY2Nncm91cC5jb20lN0M5YjZiNDdkZGMxYTM0N2Zk Zjc5ZDA4ZDllMjUwOTZkNSU3Q2E0MTExMWJlNDg2YjQ1ZjY4YmQwZWUwMWE2MmYzNjhlJTdDMCU3 QzAlN0M2Mzc3ODk2NTg3ODAwODg2ODklN0NVbmtub3duJTdDVFdGcGJHWnNiM2Q4ZXlKV0lqb2lN QzR3TGpBd01EQWlMQ0pRSWpvaVYybHVNeklpTENKQlRpSTZJazFoYVd3aUxDSlhWQ0k2TW4wJTNE JTdDMjAwMCZzZGF0YT01akZZNUx6SDJrTTduazdQaUhqbTRFSGxqaDlIOXJqd0VQN1FsSlVWQXJV JTNEJnJlc2VydmVkPTA+Lg0KDQpQcmV2aW91c2x5IHRoZXNlIHR3byBlcnJhdGEgd2VyZSByZWpl Y3RlZCBzaW5jZSBubyBtaXN0YWtlcyBpbiB0aGUgY3VycmVudCB0ZXh0IG9mIHRoZSBkcmFmdCBo YWQgYmVlbiBmb3VuZC4gQXQgdGhlIHNhbWUgdGltZSwgdGhlIHR3byBlcnJhdGEgbWlnaHQgcHJv dmlkZSBtb3JlIGVmZmVjdGl2ZSB3YXlzIGZvciBzcXVhcmUtcm9vdHMtbW9kLXAuDQoNCldlIHdv dWxkIGxpa2UgdG8gYXNrIGEgQ3J5cHRvIFBhbmVsIGV4cGVydCAob3IgdHdvIGV4cGVydHMpIHRv IGNoZWNrIHRoZSBwcm9wb3NlZCBmb3JtdWxhcywgaS5lLiwgdG8gdmVyaWZ5IHRoYXQgdGhleSBh cmUgY29ycmVjdCBhbmQgbW9yZSBlZmZlY3RpdmUgKGFsd2F5cyBvciBpbiBhIHZhc3QgbWFqb3Jp dHkgb2YgY2FzZXMpLg0KDQpBbnkgdm9sdW50ZWVycz8NCg0KQmVzdCByZWdhcmRzLA0KU3Rhbmlz bGF2IChmb3IgY2hhaXJzKQ0KX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX18NCkNyeXB0by1wYW5lbCBtYWlsaW5nIGxpc3QNCkNyeXB0by1wYW5lbEBpcnRmLm9y ZzxtYWlsdG86Q3J5cHRvLXBhbmVsQGlydGYub3JnPg0KaHR0cHM6Ly93d3cuaXJ0Zi5vcmcvbWFp bG1hbi9saXN0aW5mby9jcnlwdG8tcGFuZWw8aHR0cHM6Ly9nYnIwMS5zYWZlbGlua3MucHJvdGVj dGlvbi5vdXRsb29rLmNvbS8/dXJsPWh0dHBzJTNBJTJGJTJGd3d3LmlydGYub3JnJTJGbWFpbG1h biUyRmxpc3RpbmZvJTJGY3J5cHRvLXBhbmVsJmRhdGE9MDQlN0MwMSU3Q3Rob21hcy5wb3JuaW4l NDBuY2Nncm91cC5jb20lN0M5YjZiNDdkZGMxYTM0N2ZkZjc5ZDA4ZDllMjUwOTZkNSU3Q2E0MTEx MWJlNDg2YjQ1ZjY4YmQwZWUwMWE2MmYzNjhlJTdDMCU3QzAlN0M2Mzc3ODk2NTg3ODAwODg2ODkl N0NVbmtub3duJTdDVFdGcGJHWnNiM2Q4ZXlKV0lqb2lNQzR3TGpBd01EQWlMQ0pRSWpvaVYybHVN eklpTENKQlRpSTZJazFoYVd3aUxDSlhWQ0k2TW4wJTNEJTdDMjAwMCZzZGF0YT04anJIQmJhQ09l YVYyTkwlMkY2SnhHaVYlMkYyWDJmcUswb2F6VHRiRXRDWHNvVSUzRCZyZXNlcnZlZD0wPg0K --_000_F341E4901A0A4A4181ED3C9254B74713nccgroupcom_ Content-Type: text/html; charset="utf-8" Content-ID: Content-Transfer-Encoding: base64 PGh0bWwgeG1sbnM6bz0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6b2ZmaWNlIiB4 bWxuczp3PSJ1cm46c2NoZW1hcy1taWNyb3NvZnQtY29tOm9mZmljZTp3b3JkIiB4bWxuczptPSJo dHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL29mZmljZS8yMDA0LzEyL29tbWwiIHhtbG5zPSJo dHRwOi8vd3d3LnczLm9yZy9UUi9SRUMtaHRtbDQwIj4NCjxoZWFkPg0KPG1ldGEgaHR0cC1lcXVp dj0iQ29udGVudC1UeXBlIiBjb250ZW50PSJ0ZXh0L2h0bWw7IGNoYXJzZXQ9dXRmLTgiPg0KPG1l dGEgbmFtZT0iR2VuZXJhdG9yIiBjb250ZW50PSJNaWNyb3NvZnQgV29yZCAxNSAoZmlsdGVyZWQg bWVkaXVtKSI+DQo8c3R5bGU+PCEtLQ0KLyogRm9udCBEZWZpbml0aW9ucyAqLw0KQGZvbnQtZmFj ZQ0KCXtmb250LWZhbWlseToiQ2FtYnJpYSBNYXRoIjsNCglwYW5vc2UtMToyIDQgNSAzIDUgNCA2 IDMgMiA0O30NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6Q2FsaWJyaTsNCglwYW5vc2UtMToy IDE1IDUgMiAyIDIgNCAzIDIgNDt9DQovKiBTdHlsZSBEZWZpbml0aW9ucyAqLw0KcC5Nc29Ob3Jt YWwsIGxpLk1zb05vcm1hbCwgZGl2Lk1zb05vcm1hbA0KCXttYXJnaW46MGNtOw0KCWZvbnQtc2l6 ZToxMS4wcHQ7DQoJZm9udC1mYW1pbHk6IkNhbGlicmkiLHNhbnMtc2VyaWY7fQ0KYTpsaW5rLCBz cGFuLk1zb0h5cGVybGluaw0KCXttc28tc3R5bGUtcHJpb3JpdHk6OTk7DQoJY29sb3I6Ymx1ZTsN Cgl0ZXh0LWRlY29yYXRpb246dW5kZXJsaW5lO30NCnNwYW4uRW1haWxTdHlsZTE4DQoJe21zby1z dHlsZS10eXBlOnBlcnNvbmFsLXJlcGx5Ow0KCWZvbnQtZmFtaWx5OiJDYWxpYnJpIixzYW5zLXNl cmlmOw0KCWNvbG9yOndpbmRvd3RleHQ7fQ0KLk1zb0NocERlZmF1bHQNCgl7bXNvLXN0eWxlLXR5 cGU6ZXhwb3J0LW9ubHk7DQoJZm9udC1zaXplOjEwLjBwdDt9DQpAcGFnZSBXb3JkU2VjdGlvbjEN Cgl7c2l6ZTo2MTIuMHB0IDc5Mi4wcHQ7DQoJbWFyZ2luOjcyLjBwdCA3Mi4wcHQgNzIuMHB0IDcy LjBwdDt9DQpkaXYuV29yZFNlY3Rpb24xDQoJe3BhZ2U6V29yZFNlY3Rpb24xO30NCi0tPjwvc3R5 bGU+DQo8L2hlYWQ+DQo8Ym9keSBsYW5nPSJFTi1DQSIgbGluaz0iYmx1ZSIgdmxpbms9InB1cnBs ZSIgc3R5bGU9IndvcmQtd3JhcDpicmVhay13b3JkIj4NCjxkaXYgY2xhc3M9IldvcmRTZWN0aW9u MSI+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJFTi1VUyI+SSB3aWxsIGhhdmUg YSBsb29rIHRvby4gVGhpcyBsb29rcyB3ZWlyZC48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBj bGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJFTi1VUyI+PG86cD4mbmJzcDs8L286cD48L3Nw YW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iRU4tVVMiPlRob21hczxv OnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVO LVVTIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8ZGl2IHN0eWxlPSJib3JkZXI6bm9u ZTtib3JkZXItdG9wOnNvbGlkICNCNUM0REYgMS4wcHQ7cGFkZGluZzozLjBwdCAwY20gMGNtIDBj bSI+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48Yj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEyLjBw dDtjb2xvcjpibGFjayI+RnJvbTogPC9zcGFuPjwvYj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEy LjBwdDtjb2xvcjpibGFjayI+Q3J5cHRvLXBhbmVsICZsdDtjcnlwdG8tcGFuZWwtYm91bmNlc0Bp cnRmLm9yZyZndDsgb24gYmVoYWxmIG9mIENobG9lIE1hcnRpbmRhbGUgJmx0O2NobG9lbWFydGlu ZGFsZUBnbWFpbC5jb20mZ3Q7PGJyPg0KPGI+RGF0ZTogPC9iPkZyaWRheSwgSmFudWFyeSAyOCwg MjAyMiBhdCAwNjoyNDxicj4NCjxiPlRvOiA8L2I+JnF1b3Q7U3RhbmlzbGF2IFYuIFNteXNobHlh ZXYmcXVvdDsgJmx0O3NteXNoc3ZAZ21haWwuY29tJmd0Ozxicj4NCjxiPkNjOiA8L2I+JnF1b3Q7 Y3J5cHRvLXBhbmVsQGlydGYub3JnJnF1b3Q7ICZsdDtjcnlwdG8tcGFuZWxAaXJ0Zi5vcmcmZ3Q7 LCAmcXVvdDtjZnJnLWNoYWlyc0BpZXRmLm9yZyZxdW90OyAmbHQ7Y2ZyZy1jaGFpcnNAaWV0Zi5v cmcmZ3Q7PGJyPg0KPGI+U3ViamVjdDogPC9iPkVYVEVSTkFMOiBSZTogW0NyeXB0by1wYW5lbF0g UmVxdWVzdCBmb3IgcmV2aWV3IG9mIHR3byBlcnJhdGFzIG9wZW5lZCBhZ2FpbnN0IFJGQyA4MDMy IChFZERTQSk8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0i TXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxkaXY+DQo8 cCBjbGFzcz0iTXNvTm9ybWFsIj5IaSBhbGwsPG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+ DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRp dj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPkkgY2FuIHRha2UgYSBsb29rIGF0IHRoaXMuPG86cD48 L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNw OzwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPkFsbCB0aGUg YmVzdCw8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwi PkNobG9lPG86cD48L286cD48L3A+DQo8L2Rpdj4NCjwvZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1h bCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8ZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3Jt YWwiPk9uIEZyaSwgMjggSmFuIDIwMjIgYXQgMDY6MjAsIFN0YW5pc2xhdiBWLiBTbXlzaGx5YWV2 ICZsdDs8YSBocmVmPSJtYWlsdG86c215c2hzdkBnbWFpbC5jb20iPnNteXNoc3ZAZ21haWwuY29t PC9hPiZndDsgd3JvdGU6PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxibG9ja3F1b3RlIHN0eWxl PSJib3JkZXI6bm9uZTtib3JkZXItbGVmdDpzb2xpZCAjQ0NDQ0NDIDEuMHB0O3BhZGRpbmc6MGNt IDBjbSAwY20gNi4wcHQ7bWFyZ2luLWxlZnQ6NC44cHQ7bWFyZ2luLXJpZ2h0OjBjbSI+DQo8ZGl2 Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+RGVhciBDcnlwdG8gUmV2aWV3IFBhbmVsIGV4cGVydHMs PG86cD48L286cD48L3A+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8 L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj5XZSd2ZSByZWNl aXZlZCBhIHJlcXVlc3QgdG8gaGF2ZSBhIGNsb3NlciBsb29rIGF0IHR3byBlcnJhdGEgb3BlbmVk IGFnYWluc3QgUkZDIDgwMzI6DQo8YSBocmVmPSJodHRwczovL2dicjAxLnNhZmVsaW5rcy5wcm90 ZWN0aW9uLm91dGxvb2suY29tLz91cmw9aHR0cHMlM0ElMkYlMkZ3d3cucmZjLWVkaXRvci5vcmcl MkZlcnJhdGElMkZlaWQ1NzU4JmFtcDtkYXRhPTA0JTdDMDElN0N0aG9tYXMucG9ybmluJTQwbmNj Z3JvdXAuY29tJTdDOWI2YjQ3ZGRjMWEzNDdmZGY3OWQwOGQ5ZTI1MDk2ZDUlN0NhNDExMTFiZTQ4 NmI0NWY2OGJkMGVlMDFhNjJmMzY4ZSU3QzAlN0MwJTdDNjM3Nzg5NjU4NzgwMDg4Njg5JTdDVW5r bm93biU3Q1RXRnBiR1pzYjNkOGV5SldJam9pTUM0d0xqQXdNREFpTENKUUlqb2lWMmx1TXpJaUxD SkJUaUk2SWsxaGFXd2lMQ0pYVkNJNk1uMCUzRCU3QzIwMDAmYW1wO3NkYXRhPTFpbWNiT3hIME9p WThkOW0lMkZqWmFZdkROSE5RYiUyQkVURUJMa3Z0NVdGZDZBJTNEJmFtcDtyZXNlcnZlZD0wIiB0 YXJnZXQ9Il9ibGFuayI+DQpodHRwczovL3d3dy5yZmMtZWRpdG9yLm9yZy9lcnJhdGEvZWlkNTc1 ODwvYT4sIDxhIGhyZWY9Imh0dHBzOi8vZ2JyMDEuc2FmZWxpbmtzLnByb3RlY3Rpb24ub3V0bG9v ay5jb20vP3VybD1odHRwcyUzQSUyRiUyRnd3dy5yZmMtZWRpdG9yLm9yZyUyRmVycmF0YSUyRmVp ZDU3NTkmYW1wO2RhdGE9MDQlN0MwMSU3Q3Rob21hcy5wb3JuaW4lNDBuY2Nncm91cC5jb20lN0M5 YjZiNDdkZGMxYTM0N2ZkZjc5ZDA4ZDllMjUwOTZkNSU3Q2E0MTExMWJlNDg2YjQ1ZjY4YmQwZWUw MWE2MmYzNjhlJTdDMCU3QzAlN0M2Mzc3ODk2NTg3ODAwODg2ODklN0NVbmtub3duJTdDVFdGcGJH WnNiM2Q4ZXlKV0lqb2lNQzR3TGpBd01EQWlMQ0pRSWpvaVYybHVNeklpTENKQlRpSTZJazFoYVd3 aUxDSlhWQ0k2TW4wJTNEJTdDMjAwMCZhbXA7c2RhdGE9NWpGWTVMekgya003bms3UGlIam00RUhs amg5SDlyandFUDdRbEpVVkFyVSUzRCZhbXA7cmVzZXJ2ZWQ9MCIgdGFyZ2V0PSJfYmxhbmsiPg0K aHR0cHM6Ly93d3cucmZjLWVkaXRvci5vcmcvZXJyYXRhL2VpZDU3NTk8L2E+LiZuYnNwOzxvOnA+ PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJz cDs8L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj5QcmV2aW91 c2x5IHRoZXNlIHR3byBlcnJhdGEgd2VyZSByZWplY3RlZCBzaW5jZSBubyBtaXN0YWtlcyBpbiB0 aGUgY3VycmVudCB0ZXh0IG9mIHRoZSBkcmFmdCBoYWQgYmVlbiBmb3VuZC4gQXQgdGhlIHNhbWUg dGltZSwgdGhlIHR3byBlcnJhdGEgbWlnaHQgcHJvdmlkZSBtb3JlIGVmZmVjdGl2ZSB3YXlzIGZv ciZuYnNwO3NxdWFyZS1yb290cy1tb2QtcC4mbmJzcDs8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0K PGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPC9kaXY+ DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+V2Ugd291bGQgbGlrZSB0byBhc2sgYSBDcnlw dG8gUGFuZWwgZXhwZXJ0IChvciB0d28gZXhwZXJ0cykgdG8gY2hlY2sgdGhlIHByb3Bvc2VkIGZv cm11bGFzLCBpLmUuLCB0byB2ZXJpZnkgdGhhdCB0aGV5IGFyZSBjb3JyZWN0IGFuZCBtb3JlIGVm ZmVjdGl2ZSAoYWx3YXlzIG9yIGluIGEgdmFzdCBtYWpvcml0eSBvZiBjYXNlcykuPG86cD48L286 cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwv bzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPkFueSB2b2x1bnRl ZXJzPzxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+ PG86cD4mbmJzcDs8L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFs Ij5CZXN0IHJlZ2FyZHMsPG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0i TXNvTm9ybWFsIj5TdGFuaXNsYXYgKGZvciBjaGFpcnMpPG86cD48L286cD48L3A+DQo8L2Rpdj4N CjwvZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+X19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX188YnI+DQpDcnlwdG8tcGFuZWwgbWFpbGluZyBsaXN0PGJyPg0K PGEgaHJlZj0ibWFpbHRvOkNyeXB0by1wYW5lbEBpcnRmLm9yZyIgdGFyZ2V0PSJfYmxhbmsiPkNy eXB0by1wYW5lbEBpcnRmLm9yZzwvYT48YnI+DQo8YSBocmVmPSJodHRwczovL2dicjAxLnNhZmVs aW5rcy5wcm90ZWN0aW9uLm91dGxvb2suY29tLz91cmw9aHR0cHMlM0ElMkYlMkZ3d3cuaXJ0Zi5v cmclMkZtYWlsbWFuJTJGbGlzdGluZm8lMkZjcnlwdG8tcGFuZWwmYW1wO2RhdGE9MDQlN0MwMSU3 Q3Rob21hcy5wb3JuaW4lNDBuY2Nncm91cC5jb20lN0M5YjZiNDdkZGMxYTM0N2ZkZjc5ZDA4ZDll MjUwOTZkNSU3Q2E0MTExMWJlNDg2YjQ1ZjY4YmQwZWUwMWE2MmYzNjhlJTdDMCU3QzAlN0M2Mzc3 ODk2NTg3ODAwODg2ODklN0NVbmtub3duJTdDVFdGcGJHWnNiM2Q4ZXlKV0lqb2lNQzR3TGpBd01E QWlMQ0pRSWpvaVYybHVNeklpTENKQlRpSTZJazFoYVd3aUxDSlhWQ0k2TW4wJTNEJTdDMjAwMCZh bXA7c2RhdGE9OGpySEJiYUNPZWFWMk5MJTJGNkp4R2lWJTJGMlgyZnFLMG9helR0YkV0Q1hzb1Ul M0QmYW1wO3Jlc2VydmVkPTAiIHRhcmdldD0iX2JsYW5rIj5odHRwczovL3d3dy5pcnRmLm9yZy9t YWlsbWFuL2xpc3RpbmZvL2NyeXB0by1wYW5lbDwvYT48bzpwPjwvbzpwPjwvcD4NCjwvYmxvY2tx dW90ZT4NCjwvZGl2Pg0KPC9kaXY+DQo8L2JvZHk+DQo8L2h0bWw+DQo= --_000_F341E4901A0A4A4181ED3C9254B74713nccgroupcom_-- From nobody Fri Jan 28 04:45:37 2022 Return-Path: X-Original-To: crypto-panel@ietfa.amsl.com Delivered-To: crypto-panel@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D2F9E3A117D for ; Fri, 28 Jan 2022 04:45:35 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.997 X-Spam-Level: X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1wTj-j33s0ei for ; Fri, 28 Jan 2022 04:45:30 -0800 (PST) Received: from mail-ed1-x531.google.com (mail-ed1-x531.google.com [IPv6:2a00:1450:4864:20::531]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9D4663A117E for ; Fri, 28 Jan 2022 04:45:30 -0800 (PST) Received: by mail-ed1-x531.google.com with SMTP id j23so9628085edp.5 for ; Fri, 28 Jan 2022 04:45:30 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=GT0viaRqPel8JKM9eGRSWpuD04chDiZnwd1ITJHiBNc=; b=dNFb3E5CqXqLyMPRzh2CSKJ/UPa+TTM5mEeyUDJXcwH0idP/er7IxrxKrKwary147B TC1pMDlTG7Ztbunw5CKsrzn8eEvRhIn+SgcnJhfi/4bcWMDwz6NuV7OaYKcp2Lsk59Oq 9PoEY2W3FKmU2VhG5j/5oV/bNh7pZoTOZGHaJIvecYzvFkFe9L0hZ0b4SCvX4WdbBHHP bMD2ThYMRLugDosCv55RymHCjJFyqICuQiKAa9dGGt16vSO9MiEGYblWa5irpdzIVQqn AyD7pnqBQOQgKl5sHWIKLey8Y04gOsCtK0ELqYj2jwd76zosbooyHjtDlnzviCPqsJZR LbFg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=GT0viaRqPel8JKM9eGRSWpuD04chDiZnwd1ITJHiBNc=; b=qLWMTCvTaTuFyS/oN5g0vHBGwmMme797AtbUvfRK7u5VX4mNvKQAGCgBDEuzXI07h/ jV/bYasvEgxhLi5CdUTR8cjF3rN1hWbjkexQrgZt9t+2fryXZFPfeDUJN6wM0E13q+Zw 69xdEW/Y877Lk+999uyycLh3LovAEiaHhlD6CHQ8Lw482dkQeAi8EJAQ9RLrhndC2Ifc HpOnQSRcGi6yAwjhMDSPmt6HFPdPdVsOoG9Cp3TD2wFztYBbWEkAC2zJzpdES7J6qgzX L37oWGPQOpjjRnBjii0WCwZ30PR1HgsG1A1iNMGITovMr3jwVlYXOgDfPxVdtGkihVhv uTHw== X-Gm-Message-State: AOAM531TXFRF/CNPUhbkXWsN0fXm9BM9SfWO2HroDFfcr7j7+tz1+CM2 BfozOSTN0a7dcO3QkXJBq8Ixo3N7yA69R+8s7HQ= X-Google-Smtp-Source: ABdhPJx2P3a8GKyfyaSZ97ahjT5vPScvTtsoboFML/qaUxYyQ0PDEYkyOYpD3UGj9c9dr3PPUrYyY9Sn0w1S2Y5NYdE= X-Received: by 2002:aa7:ca04:: with SMTP id y4mr8275041eds.73.1643373927757; Fri, 28 Jan 2022 04:45:27 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: From: "Stanislav V. Smyshlyaev" Date: Fri, 28 Jan 2022 15:45:09 +0300 Message-ID: To: Thomas Pornin Cc: Chloe Martindale , "crypto-panel@irtf.org" , "cfrg-chairs@ietf.org" Content-Type: multipart/alternative; boundary="000000000000327aa305d6a3cf6b" Archived-At: Subject: Re: [Crypto-panel] EXTERNAL: Re: Request for review of two erratas opened against RFC 8032 (EdDSA) X-BeenThere: crypto-panel@irtf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 28 Jan 2022 12:45:36 -0000 --000000000000327aa305d6a3cf6b Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Thank you, Thomas! Regards, Stanislav On Fri, 28 Jan 2022 at 15:43, Thomas Pornin wrote: > I will have a look too. This looks weird. > > > > Thomas > > > > *From: *Crypto-panel on behalf of Chloe > Martindale > *Date: *Friday, January 28, 2022 at 06:24 > *To: *"Stanislav V. Smyshlyaev" > *Cc: *"crypto-panel@irtf.org" , " > cfrg-chairs@ietf.org" > *Subject: *EXTERNAL: Re: [Crypto-panel] Request for review of two erratas > opened against RFC 8032 (EdDSA) > > > > Hi all, > > > > I can take a look at this. > > > > All the best, > > Chloe > > > > On Fri, 28 Jan 2022 at 06:20, Stanislav V. Smyshlyaev > wrote: > > Dear Crypto Review Panel experts, > > > > We've received a request to have a closer look at two errata opened > against RFC 8032: https://www.rfc-editor.org/errata/eid5758 > , > https://www.rfc-editor.org/errata/eid5759 > > . > > > > Previously these two errata were rejected since no mistakes in the curren= t > text of the draft had been found. At the same time, the two errata might > provide more effective ways for square-roots-mod-p. > > > > We would like to ask a Crypto Panel expert (or two experts) to check the > proposed formulas, i.e., to verify that they are correct and more effecti= ve > (always or in a vast majority of cases). > > > > Any volunteers? > > > > Best regards, > > Stanislav (for chairs) > > _______________________________________________ > Crypto-panel mailing list > Crypto-panel@irtf.org > https://www.irtf.org/mailman/listinfo/crypto-panel > > > _______________________________________________ > Crypto-panel mailing list > Crypto-panel@irtf.org > https://www.irtf.org/mailman/listinfo/crypto-panel > --000000000000327aa305d6a3cf6b Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Thank you, Thomas!

Regards,
S= tanislav

On Fri, 28 Jan 2022 at 15:43, Thomas Pornin <thomas.porn= in=3D40nccgroup.com@dmarc.= ietf.org> wrote:

I will have a look too. This lo= oks weird.

=C2=A0

Thomas

=C2=A0

From: = Crypto-panel <crypto-panel= -bounces@irtf.org> on behalf of Chloe Martindale <chloemartindale@gmail.com>
Date: Friday, January 28, 2022 at 06:24
To: "Stanislav V. Smyshlyaev" <smyshsv@gmail.com>
Cc: "crypto-panel@irtf.org" <crypto-panel@irtf.org>, "cfrg-chairs@ietf.org" <= ;cfrg-chairs@ietf= .org>
Subject: EXTERNAL: Re: [Crypto-panel] Request for review of two erra= tas opened against RFC 8032 (EdDSA)

=C2=A0

Hi all,

=C2=A0

I can take a look at this.

=C2=A0

All the best,

Chloe

=C2=A0

On Fri, 28 Jan 2022 at 06:20, Stanislav V. Smyshlyae= v <smyshsv@gmail.= com> wrote:

Dear Crypto Review Panel experts,

=C2=A0

We've received a request to have a closer look a= t two errata opened against RFC 8032: https://www.rfc-editor.org/errata/eid5758, https://www.rfc-editor.org/errata/eid5759.=C2=A0

=C2=A0

Previously these two errata were rejected since no m= istakes in the current text of the draft had been found. At the same time, = the two errata might provide more effective ways for=C2=A0square-roots-mod-= p.=C2=A0

=C2=A0

We would like to ask a Crypto Panel expert (or two e= xperts) to check the proposed formulas, i.e., to verify that they are corre= ct and more effective (always or in a vast majority of cases).

=C2=A0

Any volunteers?

=C2=A0

Best regards,

Stanislav (for chairs)

_______________________________________________
Crypto-panel mailing list
Crypto-panel@irt= f.org
https://www.irtf.org/mailman/listinfo/crypto-panel<= /a>

_______________________________________________
Crypto-panel mailing list
Crypto-panel@irt= f.org
https://www.irtf.org/mailman/listinfo/crypto-panel=
--000000000000327aa305d6a3cf6b-- From nobody Fri Jan 28 05:42:51 2022 Return-Path: X-Original-To: crypto-panel@ietfa.amsl.com Delivered-To: crypto-panel@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 15FE73A13E7 for ; Fri, 28 Jan 2022 05:42:49 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.101 X-Spam-Level: X-Spam-Status: No, score=-2.101 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=nccgroup.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XLHQrSW3BHcf for ; Fri, 28 Jan 2022 05:42:43 -0800 (PST) Received: from NAM12-DM6-obe.outbound.protection.outlook.com (mail-dm6nam12on2046.outbound.protection.outlook.com [40.107.243.46]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EC49B3A13EA for ; Fri, 28 Jan 2022 05:42:42 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=gC2Y86zp9cWK2e0HSXVLUMHdOANR4KCPddgYNTvBXUD3tOBEmjVOpBRmYkbxnWFyPo8LolmBm9XLFUMUQ4gHlPM/D7EfSZ53S9UWddGfezb65VETqGwHfgCOmIzlPK3eB6p1nrfgJ0XoVdAF1bgtwNl5oBflYZRyEVl6BTb9jdXAFHNKLAAJyanug3zwkT6TUMIsBURKQzXHEdlnOMo/RPndH2VVs9OvC31Qk/MPhYjiHAFrfD7K7RDu7/rCOaJqTrN+MEHb3XAE0GckUH1LfyQwMnfqhds51Wg2KCyts9CZ4aJNUrzKuEbnn/SDBv5YoCMFPXosaP/9jG1GYXRjZA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=kOWyEZe2vXv/sJpQEe0sbW0e4WVc4N+VH2ILKID/PHI=; b=eAfBgimZvQkFPVt77iZHtgi5g1BTA9L1afqSYV/kKfathghANSaI9XXwjZBJn2mPBKWWOs6vSSAfdPG3cKZKQVc2qkKvgLMLHBf769HVZK177Dvt/teQSZaKQV8pwp8bqW2oq9dFt8R1sETdIjMrXWnsvHqWq9nrGA7Pl+MUlySfpUrso0dnomqdyFV9Ojr7LT9g2FQwIZrCBwlUOTZDpmjrkWaycqQMsF54tKXQ3VBk16/amooAxZfsAGc81KZvZUcUGbhfj0PTwlWF/87AfRaH/QJtdmvCltfY41PShAFfNS5eoZeKXk9ql79bW6golfOk9s8K97raHeMLFRs82Q== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nccgroup.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=kOWyEZe2vXv/sJpQEe0sbW0e4WVc4N+VH2ILKID/PHI=; b=QtS4+KR1xv4GB9kXd8z4W0kIJBaJYcYOWb03Jh+5rN+/ybH1GIGIqXMneS9H/Y40lrSoeHwpEC8lZbuHGgZDA5hmjbrAUV1lSIcIL3fJV/sVNZCiM3EsDEj4L81k8vC8NC8+X1+WWP7phL8auNgpevYqd3Y+Npxeof6TBLmJ6FnBKI9n7OhUuDgXbfj51E7G6/189SODwudSdIxA85vXoedZfBAZssw/5caBtEUJzR6m+q+pB8cqUO+ZGJ9qXZufuO6m2VNL+FhO6Wzx+SLRQ52Y8p0ybhjwEtGPbOMsmCKTtZvMtqYpp+L1wHCU5UyOYH7pxlA5dKjtwYp4d1xIGw== Received: from DM6PR06MB6187.namprd06.prod.outlook.com (2603:10b6:5:126::28) by BL0PR06MB4658.namprd06.prod.outlook.com (2603:10b6:208:5e::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4909.10; Fri, 28 Jan 2022 13:42:38 +0000 Received: from DM6PR06MB6187.namprd06.prod.outlook.com ([fe80::c878:f32b:41d3:e0f8]) by DM6PR06MB6187.namprd06.prod.outlook.com ([fe80::c878:f32b:41d3:e0f8%5]) with mapi id 15.20.4930.019; Fri, 28 Jan 2022 13:42:38 +0000 From: Thomas Pornin To: "Stanislav V. Smyshlyaev" CC: Chloe Martindale , "crypto-panel@irtf.org" , "cfrg-chairs@ietf.org" Thread-Topic: [Crypto-panel] EXTERNAL: Re: Request for review of two erratas opened against RFC 8032 (EdDSA) Thread-Index: AQHYFET4aTMdsiQfCUyCGY7lXSensax4HXaA Date: Fri, 28 Jan 2022 13:42:37 +0000 Message-ID: References: In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=nccgroup.com; x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: e6626bc2-b9e4-414e-d773-08d9e2640c55 x-ms-traffictypediagnostic: BL0PR06MB4658:EE_ x-microsoft-antispam-prvs: campaign: C_Default signature: S_NoSignature disclaimer: D_NoDisclaimer x-ms-oob-tlc-oobclassifiers: OLM:10000; x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: 09w3JTW7BQRo9QHXR2ZlHe+M7M1lqnrXAIYbuSVJD4ksNZkboVoHmvH2KGCWglVxcxr1nJK5lvW6FNDixNwd71v8fJ0Sol2ocMpMnvqbj38k9DDHDZYOZ//r5o4Q1P0kqCgsBYdP3NSis802VSWTcEu5Mhnt8af4spM6BHWPxymIE9GMZaKRN+OUp33MXTpuDIws2RH9rKxPFwWh8oYQeHMSignAwc7GVkAsCHgTLsHZ4eVt70kImb4dc2q4pL+EnmZ2EHAL3Let2EjQHmajxcUCGS4sbylolTue7JHkEjyuDl3gWHQHm99+O+LRFNb4oZixaHPfmlJf6OBHQzZzT86wmWJsF4ZAXRk5ZawLLHlI0GSG+UYxMDDwpVH7x4rma14Edodq4542q5uY15fWn6IRx1VpjDef/vgEQjdOJxg1yfAZKWNPRP3PZR5SfFBCLC+GUO84RbAvd/++P2iHc3l9N04K8q/v8sjQIG4+m+eZQpXzzxsMihH9YkP5iEzJLM4M6wlui9NzlQ7W5nA45CeIRiXnzPj87hTUVJ2/M2sm3f5OKDm9yR4nHY6xR1RTErhChDhY9LW35w3scCXRwMgDuINwUako55QZ+avD6USw2warouAn4WIyOQCA04cxifGhOfGEWoknJOlCvn8zgjHgEV2TgdpuWqPqnh2KbHenWKDv8w4x5wMSAP5amURzVbK7AtUDset5ocJO6uTUSk60mGSZjjsY2qlM+UHsxANx1i2UoXX6Ar9etUcpNKIytJugrX9QvfGjEqQRftFVTSmQE8Me7GUqpWRVm49xE1Jon8D8btTh9bmuigAKemOr x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM6PR06MB6187.namprd06.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(38100700002)(33656002)(122000001)(8676002)(186003)(38070700005)(71200400001)(36756003)(508600001)(26005)(2616005)(53546011)(6506007)(966005)(8936002)(6512007)(83380400001)(44832011)(66946007)(54906003)(5660300002)(316002)(86362001)(91956017)(76116006)(6486002)(4326008)(6916009)(2906002)(66446008)(66476007)(64756008)(66556008)(45980500001); DIR:OUT; SFP:1101; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?utf-8?B?U1NLY1pGa2pIb1VjVEVBK0o2VU9OVVd2em9WVmNqQ2JZWCtURUxMZ0s0dVFY?= =?utf-8?B?QW1HbzRnOWYxYWM1RXpkdmhhTitqZThiQ3UwMzFJeGJaU2krcGdDOURKTW1p?= =?utf-8?B?S1dieUhyYTI4RE9LVHd6QTFLNEhQRkFzUmJEdkNWM1BGaFBnZXQ0ZXJHc2Ew?= =?utf-8?B?UmVkeGJvd0lIUkxUVHk5b1QyS3hVUVdmRU9uMGFhZTI4NGVmNHpHRitSWW04?= =?utf-8?B?R3JvL29vSUI0b3Bhd0RacmJDbFg3QTdzbUpqOUc2TW9zT1d3RldFa09IQW9Z?= =?utf-8?B?cUlnUFNKenk5TklydTl4RFhkN2cyTFZ2OEtkVy90Vmd1NVJLMUhXOURiZzRh?= =?utf-8?B?V05CUEVXWVNPaDhkOVVMb05FQVpTUGFtaTd2V25FWDR2WVF4cEl3ZHZ1ZjlO?= =?utf-8?B?anhHM21MdnFudlRDSUxlRlFSQUp6MDRMT2RPRWJRRWhyeG9ZWlM2cTVUV3RE?= =?utf-8?B?VVdJSUU1YlFseDhQNmVsczVPTzhkbDFCaGpmU0hDZW4veGNNUjdwK0RRb2Zx?= =?utf-8?B?STgrdWFEb0xSQks4WXpkalBPQ3Q5R3NTdU5zaXhmUW9ic1hhNUdpTEtuTG9T?= =?utf-8?B?ZE9zZGg0WEJZaVlVL0ZYc2lCOEpSZ1NnTlI5blA1clhIb1ZIN2dXMStBMHBx?= =?utf-8?B?Y21CWE5TWWx5STBEdVZKaFh0dVJycDMrZXQyQlRzeUdvbmxreWVFR1ZYWXVG?= =?utf-8?B?eUU5elNLcXFsMm9HWlFzekdZVHBSQXQvTjlUVmlpMThXTVdPV1BncFpvakMx?= =?utf-8?B?d2VSaURjSDIrbjlBbitwQXd2MTJTRmdiZ25malZUcm1ITTcxdEUrYTN1MEph?= =?utf-8?B?NVV1TWsrOEJOODNnZFJWR3JJeXBzRUpYZUxHVCtZNlArV1p6emNlTmFid0Vn?= =?utf-8?B?V3kweUdNbkRBekFmeHh1eUUzSU1NYTJXTnRrRnBpS0I1dVpuSkVkR2hGcGZi?= =?utf-8?B?UGtkN0hYa2JnQ251VGZOdlJLdEhYNnFuS2k1OEpJNzhzRTBCZ3hNSHhUYUVW?= =?utf-8?B?bVVPY0JlSEFyNVdGMlYyWGlCRE93N2lXcmphTCtvUHhNa2d5aWRocTVhMk9m?= =?utf-8?B?YyszREdJMTBpMFcra0NPM3FUQU9OenVjZi9BWlFDV3FiZ0NmbkE1TE5FdDNp?= =?utf-8?B?bURuUUhsTmVHS2VNcHh0ekJEcndYMkF2SHJ1ZWdCdEd0T1dpTElVcVEzQ2FC?= =?utf-8?B?NmdqNXpRN2pQODRpQUNjSTFROTM0YmNNOFduRzNpUmhMY0pJYTgyWHRGaHRs?= =?utf-8?B?NWRxNHdhbmExR0pJdVVzSHdkeVNWcm1TNWpCZHdsN2orcnlCZzI2M3VFYTZT?= =?utf-8?B?MzdrSE1kcWs5d3phYjBuZW9mYTV4ODlodzA5VmNOR09SSTFGK1hQZTNjWU9N?= =?utf-8?B?c2FMZFZINEJWcGpRbjJVVEtUdTlPek1uTm9IZ2l6aUpEbTVvWkVvQ3MvcGlN?= =?utf-8?B?TTJFRHlkZUhLdzRoYUlEc3psOHgvQU5nUW9iZnNkVmtlWHZ6eXpHRmNjZytp?= =?utf-8?B?dnQrZS9sYTlCTEJhaDcrOURPTU1KZ2tGOW9TZU1rWVZoeHlqY29vZ29McUNy?= =?utf-8?B?UmpWcDFObzBjZUI3UzFDMGRVVHNINjZUejgyNkxuRVJMRVVyanlhcTFPc1BS?= =?utf-8?B?ZzFOVmNjUGM4ZFNNSkJ0QTVpZWpEWjNpZ2xNZE9GZy8wQ25xVzVjYTdEc3pX?= =?utf-8?B?M2tueDNPdUpIRjBUZzRIaFZacGlYak9KbDliZk5UeVBHV2NmR2w4bGE0dE5J?= =?utf-8?B?eEN6QUM5STl4UlBtdzhGVCtSR1FQdWdsSmxwUGFZc25GY0xIczduTlZRb3dB?= =?utf-8?B?bmxRNUtlUGFuVEsyMC95dFAwSEtENFd5ZEFaanBYdytzSmlGT3BnYnZ3Z0RT?= =?utf-8?B?Qnd1RU04eG5yNEVKWnloTmtFSmNTbHVKUlIxY1lEVXJrenJWc2kySG1DMnpS?= =?utf-8?B?aTNwK3pVM2cvOFlaSGdsNmIxTVFSSFQyWW55c1Buc1NpejVsQy9oRk9RK2No?= =?utf-8?B?UldXSFpkNksvQ1kzWFpGVFFHL2VzUHZqNE95bDBGbTJkMm4rVEg5a2xPNTJV?= =?utf-8?B?MHplNHdvU2s1TWhPeWJuTFF4M244ZGF4QWF4Q25ubUNRbTJxMzBxbTdIbmNV?= =?utf-8?B?d0NaR2RjSUtNVy9kcXpCaENjWisxdXBDeDRzT2t3bnlnRkhQMGhMc2YzRnhp?= =?utf-8?B?WGFwSlZaNExOTTRkWHhjNmY1N09OMkE4WUc0djRPMXErcmxDZk5JMlVvQWU0?= =?utf-8?Q?YJDyiVi/PGMZXSVx/fwKBLsRno0iuHmgEHGrnlajI0=3D?= Content-Type: text/plain; charset="utf-8" Content-ID: Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-OriginatorOrg: nccgroup.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: DM6PR06MB6187.namprd06.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: e6626bc2-b9e4-414e-d773-08d9e2640c55 X-MS-Exchange-CrossTenant-originalarrivaltime: 28 Jan 2022 13:42:37.9476 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: a41111be-486b-45f6-8bd0-ee01a62f368e X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: vGPJEgs8k/Ri0X4jKPF8t2ZgQEKU3LS6Ul2Gp1ofZgnT6NBXu+aNOodDaTYf8jzGXY4JdofeEZ+gm3cUr02fje4Tk8xFWT3vA8u2HZ3YmTg= X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL0PR06MB4658 Archived-At: Subject: Re: [Crypto-panel] EXTERNAL: Re: Request for review of two erratas opened against RFC 8032 (EdDSA) X-BeenThere: crypto-panel@irtf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 28 Jan 2022 13:42:49 -0000 T0ssIHRoZSBwcm9wb3NlZCBmb3JtdWxhcyBhcmUgY29ycmVjdC4gVGhlIG9yaWdpbmFsIGZvcm11 bGFzIHdlcmUgY29ycmVjdCwgdG9vLg0KDQpGb3IgcCA9IDJeMjU1LTE5OiBnaXZlbiB1IGFuZCB2 IGluIHRoZSBmaWVsZCwgdGhlbjoNCnYqeF4yID0gdioodSoodSp2KV4oKHAtNSkvOCkpXjIgPSB2 Kih1XjIpKih1XigocC01KS80KSkqKHZeKChwLTUpLzQpKSA9IHUgKiAodV4oKHAtMSkvNCkgKiB2 XigocC0xKS80KSkNCklmIHUvdiBpcyBhIHNxdWFyZSAoYW5kIHUgIT0gMCwgdiAhPSAwKSB0aGVu IHVeKChwLTEpLzIpICogdl4oKHAtMSkvMikgPSAxIChpLmUuIGJvdGggdSBhbmQgdiBhcmUgc3F1 YXJlcywgb3IgYm90aCB1IGFuZCB2IGFyZSBub24tc3F1YXJlcykuDQoodV4oKHAtMSkvNCkgKiB2 XigocC0xKS80KSkgaXMgYSBzcXVhcmUgcm9vdCBvZiAodV4oKHAtMSkvMikgKiB2XigocC0xKS8y KSksIHNvIGl0cyB2YWx1ZSBjYW4gb25seSBiZSAxIG9yIC0xLCB0aGVyZWZvcmUgdip4XjIgPSB1 IG9yIC11LiBJbiBib3RoIGNhc2VzLCB0aGlzIGxlYWRzIHRvIGEgc3F1YXJlIHJvb3Qgb2YgKHUv dikgYnkgYXBwbHlpbmcgc3RlcCAzIG9mIFJGQyA4MDMyIHNlY3Rpb24gNS4xLjM6IGlmIHdlIGdv dCB4IHN1Y2ggdGhhdCB2KnheMiA9IHUsIHRoZW4geCBpcyBhIHNxdWFyZSByb290IG9mIHUvdjsg aWYgeCBpcyBzdWNoIHRoYXQgdip4XjIgPSAtdSwgdGhlbiB4KmkgaXMgYSBzcXVhcmUgcm9vdCBv ZiB1L3YsIHVzaW5nIGkgPSBzcXJ0KC0xKSAoaW4gdGhlIFJGQywgaXQncyBnaXZlbiBhcyAyXigo cC0xKS80KSwgYW5kIGl0IGlzIGluZGVlZCBhIHNxdWFyZSByb290IG9mIC0xKS4NClRodXMsIHRo ZSBwcm9wb3NlZCBmb3JtdWxhLCBpbnNlcnRlZCBpbiB0aGUgUkZDIHRleHQsIGluZGVlZCB5aWVs ZHMgYSBzcXVhcmUgcm9vdCBvZiB1L3YgaWYgaXQgZXhpc3RzLiBJdCBkb2VzIG5vdCBuZWNlc3Nh cmlseSB5aWVsZCB0aGUgc2FtZSBzcXVhcmUgcm9vdCBhcyB0aGUgb3JpZ2luYWwgZm9ybXVsYSwg YnV0IHRoYXQgZG9lcyBub3QgbWF0dGVyIHNpbmNlIHN0ZXAgNCBvZiB0aGUgZGVjb2RpbmcgcHJv Y2VzcyBub3JtYWxpemVzIHRoZSBzb2x1dGlvbiB1c2luZyB0aGUgbGVhc3Qgc2lnbmlmaWNhbnQg Yml0Lg0KTm90ZSB0aGF0IHN0ZXAgMyBvZiBzZWN0aW9uIDUuMS4zIGluY2x1ZGVzIGV4cGxpY2l0 bHkgY2hlY2tpbmcgdGhhdCB2KnheMiA9IHUgb3IgLXUsIGFuZCBpZiB1L3YgaXMgbm90IGEgc3F1 YXJlIHRoZW4gdGhlcmUgY2Fubm90IGJlIGEgeCB2YWx1ZSB0aGF0IG1hdGNoZXMgdGhhdCB0ZXN0 OyB0aHVzLCB0aGUgbmV3IGZvcm11bGEgZG9lcyBub3QgaW5jb3JyZWN0bHkgcmV0dXJuIGEgdmFs dWUgZm9yIGEgbm9uLXNxdWFyZSB1L3YuDQoNCkZvciBwID0gMl40NDggLSAyXjIyNCAtIDEsIGl0 IGlzIHNsaWdodGx5IHNpbXBsZXI6DQp2KnheMiA9IHYqKHUqKHUqdileKChwLTMpLzQpKV4yID0g dSAqICh1XigocC0xKS8yKSAqIHZeKChwLTEpLzIpDQpJZiB1L3YgaXMgYSBzcXVhcmUgdGhlbiB1 XigocC0xKS8yKSAqIHZeKChwLTEpLzIpID0gMSAoc2VlIGFib3ZlKSwgaGVuY2Ugdip4XjIgPSB1 IGFuZCB4IGlzIG5lY2Vzc2FyaWx5IGEgc29sdXRpb24uIEFnYWluLCB0aGlzIGlzIHRlc3RlZCBl eHBsaWNpdGx5IChzdGVwIDMgb2Ygc2VjdGlvbiA1LjIuMykgc28gdGhlcmUgaXMgbm8gcmlzayBv ZiBpbmNvcnJlY3RseSBhY2NlcHRpbmcgYSBub24tc3F1YXJlLg0KDQpBcyBub3RlZCBhYm92ZSwg dGhlIG5vcm1hbGl6aW5nIHN0ZXAgbWVhbnMgdGhhdCBpdCBtYWtlcyBubyBkaWZmZXJlbmNlIHdo aWNoIG9mIHRoZSB0d28gc3F1YXJlIHJvb3RzIHlvdSBnZXQsIGF0IGxlYXN0IGluIHRoZSBjb250 ZXh0IG9mIFJGQyA4MDMyLiBJIHRoaW5rIGl0IGhhcyBzb21lIHNsaWdodCBpbXBhY3QgaW4gYW5v dGhlciBjb250ZXh0LCB3aGVyZSB0aGUgZXhhY3QgY2hvaWNlIG9mIHRoZSBzcXVhcmUgcm9vdCBj YW4gaGVscCBzaW1wbGlmeSBhIGZvcm11bGEsIGJ1dCBteSBtZW1vcnkgaXMgYSBiaXQgaGF6eSBo ZXJlLiBUaGlzIG1heSBiZSByZWxhdGVkIHRvIHRoZSBmYWN0IHRoYXQsIHdpdGggcCA9IDJeNDQ4 IC0gMl4yMjQgLSAxLCBleGFjdGx5IG9uZSBvZiB0aGUgdHdvIHNxdWFyZSByb290cyBvZiB1L3Yg aXMgaXRzZWxmIGEgc3F1YXJlLCBhbmQgdGhlIG9yaWdpbmFsIFJGQyBmb3JtdWxhIGFsd2F5cyBy ZXR1cm5zIHRoYXQgb25lLCB3aGlsZSB0aGUgcHJvcG9zZWQgZm9ybXVsYSBtYXkgcmV0dXJuIHRo ZSBzcXVhcmUgcm9vdCB3aGljaCBpcyBhIG5vbi1zcXVhcmU7IGFnYWluLCB0aGlzIGRvZXMgbm90 IG1hdHRlciBpbiB0aGUgY2FzZSBvZiBSRkMgODAzMi4NCg0KVGhvbWFzDQoNCkZyb206IENyeXB0 by1wYW5lbCA8Y3J5cHRvLXBhbmVsLWJvdW5jZXNAaXJ0Zi5vcmc+IG9uIGJlaGFsZiBvZiAiU3Rh bmlzbGF2IFYuIFNteXNobHlhZXYiIDxzbXlzaHN2QGdtYWlsLmNvbT4NCkRhdGU6IEZyaWRheSwg SmFudWFyeSAyOCwgMjAyMiBhdCAwNzo0NQ0KVG86IFRob21hcyBQb3JuaW4gPHRob21hcy5wb3Ju aW49NDBuY2Nncm91cC5jb21AZG1hcmMuaWV0Zi5vcmc+DQpDYzogQ2hsb2UgTWFydGluZGFsZSA8 Y2hsb2VtYXJ0aW5kYWxlQGdtYWlsLmNvbT4sICJjcnlwdG8tcGFuZWxAaXJ0Zi5vcmciIDxjcnlw dG8tcGFuZWxAaXJ0Zi5vcmc+LCAiY2ZyZy1jaGFpcnNAaWV0Zi5vcmciIDxjZnJnLWNoYWlyc0Bp ZXRmLm9yZz4NClN1YmplY3Q6IFJlOiBbQ3J5cHRvLXBhbmVsXSBFWFRFUk5BTDogUmU6IFJlcXVl c3QgZm9yIHJldmlldyBvZiB0d28gZXJyYXRhcyBvcGVuZWQgYWdhaW5zdCBSRkMgODAzMiAoRWRE U0EpDQoNClRoYW5rIHlvdSwgVGhvbWFzIQ0KDQpSZWdhcmRzLA0KU3RhbmlzbGF2DQoNCk9uIEZy aSwgMjggSmFuIDIwMjIgYXQgMTU6NDMsIFRob21hcyBQb3JuaW4gPHRob21hcy5wb3JuaW49NDBu Y2Nncm91cC5jb21AZG1hcmMuaWV0Zi5vcmc+IHdyb3RlOg0KSSB3aWxsIGhhdmUgYSBsb29rIHRv by4gVGhpcyBsb29rcyB3ZWlyZC4NCsKgDQpUaG9tYXMNCsKgDQpGcm9tOiBDcnlwdG8tcGFuZWwg PGNyeXB0by1wYW5lbC1ib3VuY2VzQGlydGYub3JnPiBvbiBiZWhhbGYgb2YgQ2hsb2UgTWFydGlu ZGFsZSA8Y2hsb2VtYXJ0aW5kYWxlQGdtYWlsLmNvbT4NCkRhdGU6IEZyaWRheSwgSmFudWFyeSAy OCwgMjAyMiBhdCAwNjoyNA0KVG86ICJTdGFuaXNsYXYgVi4gU215c2hseWFldiIgPHNteXNoc3ZA Z21haWwuY29tPg0KQ2M6ICJjcnlwdG8tcGFuZWxAaXJ0Zi5vcmciIDxjcnlwdG8tcGFuZWxAaXJ0 Zi5vcmc+LCAiY2ZyZy1jaGFpcnNAaWV0Zi5vcmciIDxjZnJnLWNoYWlyc0BpZXRmLm9yZz4NClN1 YmplY3Q6IEVYVEVSTkFMOiBSZTogW0NyeXB0by1wYW5lbF0gUmVxdWVzdCBmb3IgcmV2aWV3IG9m IHR3byBlcnJhdGFzIG9wZW5lZCBhZ2FpbnN0IFJGQyA4MDMyIChFZERTQSkNCsKgDQpIaSBhbGws DQrCoA0KSSBjYW4gdGFrZSBhIGxvb2sgYXQgdGhpcy4NCsKgDQpBbGwgdGhlIGJlc3QsDQpDaGxv ZQ0KwqANCk9uIEZyaSwgMjggSmFuIDIwMjIgYXQgMDY6MjAsIFN0YW5pc2xhdiBWLiBTbXlzaGx5 YWV2IDxzbXlzaHN2QGdtYWlsLmNvbT4gd3JvdGU6DQpEZWFyIENyeXB0byBSZXZpZXcgUGFuZWwg ZXhwZXJ0cywNCsKgDQpXZSd2ZSByZWNlaXZlZCBhIHJlcXVlc3QgdG8gaGF2ZSBhIGNsb3NlciBs b29rIGF0IHR3byBlcnJhdGEgb3BlbmVkIGFnYWluc3QgUkZDIDgwMzI6IGh0dHBzOi8vd3d3LnJm Yy1lZGl0b3Iub3JnL2VycmF0YS9laWQ1NzU4LCBodHRwczovL3d3dy5yZmMtZWRpdG9yLm9yZy9l cnJhdGEvZWlkNTc1OS7CoA0KwqANClByZXZpb3VzbHkgdGhlc2UgdHdvIGVycmF0YSB3ZXJlIHJl amVjdGVkIHNpbmNlIG5vIG1pc3Rha2VzIGluIHRoZSBjdXJyZW50IHRleHQgb2YgdGhlIGRyYWZ0 IGhhZCBiZWVuIGZvdW5kLiBBdCB0aGUgc2FtZSB0aW1lLCB0aGUgdHdvIGVycmF0YSBtaWdodCBw cm92aWRlIG1vcmUgZWZmZWN0aXZlIHdheXMgZm9ywqBzcXVhcmUtcm9vdHMtbW9kLXAuwqANCsKg DQpXZSB3b3VsZCBsaWtlIHRvIGFzayBhIENyeXB0byBQYW5lbCBleHBlcnQgKG9yIHR3byBleHBl cnRzKSB0byBjaGVjayB0aGUgcHJvcG9zZWQgZm9ybXVsYXMsIGkuZS4sIHRvIHZlcmlmeSB0aGF0 IHRoZXkgYXJlIGNvcnJlY3QgYW5kIG1vcmUgZWZmZWN0aXZlIChhbHdheXMgb3IgaW4gYSB2YXN0 IG1ham9yaXR5IG9mIGNhc2VzKS4NCsKgDQpBbnkgdm9sdW50ZWVycz8NCsKgDQpCZXN0IHJlZ2Fy ZHMsDQpTdGFuaXNsYXYgKGZvciBjaGFpcnMpDQpfX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fXw0KQ3J5cHRvLXBhbmVsIG1haWxpbmcgbGlzdA0KQ3J5cHRvLXBh bmVsQGlydGYub3JnDQpodHRwczovL3d3dy5pcnRmLm9yZy9tYWlsbWFuL2xpc3RpbmZvL2NyeXB0 by1wYW5lbA0KX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18N CkNyeXB0by1wYW5lbCBtYWlsaW5nIGxpc3QNCkNyeXB0by1wYW5lbEBpcnRmLm9yZw0KaHR0cHM6 Ly93d3cuaXJ0Zi5vcmcvbWFpbG1hbi9saXN0aW5mby9jcnlwdG8tcGFuZWwNCg0K From nobody Fri Jan 28 05:48:51 2022 Return-Path: X-Original-To: crypto-panel@ietfa.amsl.com Delivered-To: crypto-panel@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 09F423A1425 for ; Fri, 28 Jan 2022 05:48:50 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.101 X-Spam-Level: X-Spam-Status: No, score=-2.101 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=nccgroup.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZSQQYUfrdJzZ for ; Fri, 28 Jan 2022 05:48:45 -0800 (PST) Received: from NAM11-DM6-obe.outbound.protection.outlook.com (mail-dm6nam11on2070.outbound.protection.outlook.com [40.107.223.70]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 259613A1427 for ; Fri, 28 Jan 2022 05:48:44 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ik44SHN8I7ARFbG/tk65843tnuildwMeT1/AP4xiX1++QoOU9X0rC/ojzn1pe0HU6RJhbfhIJnTrU1dQGT5319cO21XlGX9cS2tZNWtA+BcxxRxR9TYhkf25Ob53eSq+Lz1ZjinHquWIe+/bUITN9jMytFFu+cZbXmecqOK51UYUXtG2Ry8VQlRb7efKZfhJ8cIsK/p7LeY6ztq7ox1rTjWgKBixkr6RnOSgKjNzfsPRIKtQGEE/ibCaWwtqtE8DN+zV1MYzWVK5OhPiNHdDkvWGbl35yyKCehXxbeI3+sxRsKiDaGx4xdTzHz2EK+cxeXKyeO97NdrsbSwEp/4D9g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=0rm1dnppEIX15YFUzU7oPg8sXIjucgm7nIHGed5T5h0=; b=mENCYWlLSwkG7UBJke6tX0fMHu9KG3ik7tLpLApL/00efI+m88x/suIwbY1fEGa1QAoAhgQmpANy4FzJaDCRKFENIx7B4IeIzgLpOr3n3c8/ZDjZxPSdQ+JG856nPbePMRc+Hkt9DECLdrNuWkP7WL0C4hZ6rbDL5Id/NZGDcJPpMGolk2XjHZNOvI3v4xl5upqeKybV1dFMJkvBieSWVVB4yh2YHAK8PtR5e4NQEBoWFUR1SSKtMHRslJvKksCxCHQWf4Ln1aHOUYsMYDPR7ESoTAea4v4buyZ9sh/ai6PKJpwqwAFgsWwFhdtHf7/uSlyQ52ShFE3cNbXNcnYgqA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nccgroup.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=0rm1dnppEIX15YFUzU7oPg8sXIjucgm7nIHGed5T5h0=; b=elf436e93bOkIarXHvrk1ZqAk1519GlfYQk3Hz7TLklsSPe86H8vRpF7Q9ceYwu9mKa50+XIUAvRoq49TarRQBy7x3a0p0k2ZCsB78AZ+54K8xZrXvH/oKXg0KnV0n+Ct31Daw3GTPRlod2wdPGbNdKLPxdgkXFjKI1I6rg7rL4g97ZwZoUldlomYV/ZrjBsOfye/W2xnVOAOWbiKDCp4PC0VMjltZx3msWnvqshrLwq11Vahnpp2VMVW0UXu9wYnDFK+796HMdr7gBfgpIkBxJxVyscxVwFmhD9aTIzgRi6RBVrQteCyNDXad4667o2tMFoemspxIJcuk9yH6Yv6Q== Received: from DM6PR06MB6187.namprd06.prod.outlook.com (2603:10b6:5:126::28) by BYAPR06MB5415.namprd06.prod.outlook.com (2603:10b6:a03:dd::31) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4930.19; Fri, 28 Jan 2022 13:48:39 +0000 Received: from DM6PR06MB6187.namprd06.prod.outlook.com ([fe80::c878:f32b:41d3:e0f8]) by DM6PR06MB6187.namprd06.prod.outlook.com ([fe80::c878:f32b:41d3:e0f8%5]) with mapi id 15.20.4930.019; Fri, 28 Jan 2022 13:48:39 +0000 From: Thomas Pornin To: Thomas Pornin , "Stanislav V. Smyshlyaev" CC: Chloe Martindale , "crypto-panel@irtf.org" , "cfrg-chairs@ietf.org" Thread-Topic: [Crypto-panel] EXTERNAL: Re: Request for review of two erratas opened against RFC 8032 (EdDSA) Thread-Index: AQHYFET4aTMdsiQfCUyCGY7lXSensax4HXaAgAABrwA= Date: Fri, 28 Jan 2022 13:48:39 +0000 Message-ID: <83FC3CEC-7742-4356-9471-34826B05ACC7@nccgroup.com> References: In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=nccgroup.com; x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: f8f19cd4-1391-4309-4f1f-08d9e264e3d7 x-ms-traffictypediagnostic: BYAPR06MB5415:EE_ x-microsoft-antispam-prvs: campaign: C_Default signature: S_NoSignature disclaimer: D_NoDisclaimer x-ms-oob-tlc-oobclassifiers: OLM:10000; x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: 1TlXxTCubOP+KRaek5vUATdNDVvOWdkKB3EX2vdIGduHHAQ4sMaieK0+0qTusxEry7wpKrq0gvyJo66ayaLtzdGIGioHCgjw2580nm1DAJ4kcbwdkndF1QN2j7QUUpVN6RVXvzT7mzyG1C6nr10p7CMcjqzNX+RGMTWHIiKNg9PEvullOtONIPmZby1419TTgrRNQLFS+N0ozaTclK2Yt+7aRoe49uYVVr7dJHY7nb2bnOyGK4ksyIBZVvzL8rdFjMQ05HEWDvylMLE0gS/YmL0tqtCcVfGlKNU/nza+Z1eJR2UFhhz2mdcFlfNjIZaBqZFoa8JkL7GzNJnBiyWN0hm1eEEZgfQGsc90nLn+bGOfDi0BddVpj31t1vznKjBvG6uTJjm4tF4EgieMgK3pYDuIIHTFmw/55Ij5vznWd0uP+p7Tdc90IsRQLJuW6vKB2lSrEbc4FA96bbCIG47LyCUCk8tvEK9BosqoUKa3No71yd/iAE+FafB2vU4MMIY+CZOAxEtjOyupa/rEj1HxT/n6cBPVXb0ftZNx/2ZyqQGH4znkd7wwchsClp2vp7hxhHaIabRQJWe1mReWq6TZcW0mfHduyjCI16Ejig5TFJ8Uo4D8aK0K7u5Hd260WjhYhJNucZdrPDvV1yg337N2ZO9/lHBbKnpC9Gy/Ek53jJaCd08F6pomwPyTBALFbO+f2PocMD+cCvuYPGxvE5/kaND28UpcDKqb4zdWri31iZtd3sEQ9/wT4sgqw1o4WiZOSX0YiROBea8hihFLYDn8aJNutDzrbPBktIOCEeja04RIaX5aqdEpeTU7qO2NcXrj x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM6PR06MB6187.namprd06.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(4636009)(366004)(8676002)(66446008)(66556008)(66476007)(64756008)(8936002)(44832011)(66946007)(91956017)(36756003)(76116006)(54906003)(110136005)(38100700002)(316002)(4326008)(71200400001)(122000001)(33656002)(5660300002)(53546011)(2906002)(6506007)(6512007)(508600001)(83380400001)(86362001)(45080400002)(38070700005)(966005)(6486002)(2616005)(186003)(26005)(45980500001)(20210929001); DIR:OUT; SFP:1101; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?utf-8?B?MVl1akc0TVVLMVNBZjcxQ28xOUo2N3d4QThNc21STkJsZ0dlSFZ0SEkvcFFO?= =?utf-8?B?YnNOZ1AvQTEvbGgzTkNiNFZTcG9UODI1amdOZk81ZklGT1FNRHBhNVBJUnk3?= =?utf-8?B?ZFd3cWc3cGdMZU8yOHBTU1daaW9zMGs4bUZnVUtlOVZTUVExZXp0aFRBTjBi?= =?utf-8?B?d2FtcWpMYXpzYnR6bFAxTXFmOUZGRGZBcUJvaGlQU3drSGdKTVlPOENGTHBV?= =?utf-8?B?d3kvMFJ1RUpORUhHaHlESnRvL2g2SWw5UFRtRm0wZ2xuYmlyN3hxazZaM3RG?= =?utf-8?B?UXhjQUhVNXZMMUgrOGZ4WlNCWno4a280YVA5VWUvbU43RElwS2hFdHoxMm1N?= =?utf-8?B?dzROVnQ0ZVZYV2hXYjNWNnliRWNzMlJXRnhOSFZKdGpKSUlxUnlMUWo5UVpw?= =?utf-8?B?NUFnTGRPTUxFRlMveUI1VjVOQnA0WE91VnhUZEYzVUM5TWlMWGhka0VXNm1Y?= =?utf-8?B?dUpWRFBjWVVVQ05ZY2JpazVObzdvYmVxaCtuVDN1M2tPK3pNWmVRZ1R2Tjdz?= =?utf-8?B?dWlTK2RFVm1tR2Y1ZThmS3k4eW96dHZaVUpmQStPbk4zRnlvUDB3RjVpemZO?= =?utf-8?B?Ylk4N2NIRVpkZUc0eWlPekxwZ01yVlJmWlVEcWptK0Q1ajkxMlVjMElSVDhT?= =?utf-8?B?dkJtbTIyc2RxNFB5M2hpdlVHNFRnQnFaR2l0OXdiSzZ2dlRxRklVUXNsbk8z?= =?utf-8?B?QmIzOHgvYlhXQzdWL3JzQXZPeGFFMyszRFNyM1pEVHJqSHN3MFZxZ1cwYjlv?= =?utf-8?B?WjU0VFBiWHpJQTZDL0I1aTkrZDBvZjlaWWozcWhDdExHODdGNWVjMWhUM0x1?= =?utf-8?B?SGlreGxoTWVRNGpIUXZJcWE3OC9pbkI5a2loZFVjVjhyZ3YyVXBXa0FMREh2?= =?utf-8?B?cjhmd1NkY2pVZ0Z1eWM5Wno4Y2dEV0R4SUJ3ZTlGUUkzaDJxTmZxVkZVZ3lD?= =?utf-8?B?dklaYkNZNUJMKy9ZeTFzWkxOc01QZFc4UU8vdWxoc29GcjRmcVFDVG5JcS9Q?= =?utf-8?B?bkVvYWpVWkkrMnpIY3NmZldBQVB1bTMyckpNcjJYOWQ5NUVyYWpTNHBmS2VT?= =?utf-8?B?bks1Vk01d3FXN0ZxaTVSUWNMczgxL2tGOWpyZTd5SE9MVC8vK2x4RGlRT0Vs?= =?utf-8?B?cW1qS3RkUWo5dFQyUWlHRkZlM2p6cjFzL09YQkxjOCt2L25NNVQ3K2x2RmNK?= =?utf-8?B?UG9sa1psOC93NHpETXFWWW50YUpORldCZk0vUHlhTnZ2RGU3NjBPNmVLS3NN?= =?utf-8?B?V1BEMXFXZEttME9tNm9IVjZiQmpYTkEvV1hCeTRUdlFCQndSNnFPSDAzZFdN?= =?utf-8?B?NDJwS2VLU1A3dWF3Q3RGVjR5RmhvQlVTalVaeTFHNlpmcHUyODdQbXk4VE9l?= =?utf-8?B?ZTM4cXJ1ZHpTdjJvdnFtMGkxSXFVVm56NVhxMURGdVFnbnJ0RVliSGs2dWtI?= =?utf-8?B?Z0VlRlJKYlB5dGVHT3B5d3hlbFVuMGI3blBHWVRUNHpRRytaakFRMWEyRWJt?= =?utf-8?B?SytSa1o3WTRTaVdGTjB5djFMeGR0aXVvZmgrWEt5bFhyVHI4dUwwbjJmaXZQ?= =?utf-8?B?bXIxaVNGcXRZdC9jazZZajlNb2xnRkdTZnNVY3R2MElSZ1lRTGdXMUhVMVhS?= =?utf-8?B?TnFjcWYyQnBoUVdvd3hOZ04xSDZmandGNGtBYlRwdE1NbGtQSWhucE5jcTIx?= =?utf-8?B?a3BlbmRkS2lnZ24vMkF3KzNLakF0VFRlSzEzRXRlR1pJM2ZIUlRHajJIa05k?= =?utf-8?B?eEh1czdnZHlQeklaOHozaDNUQ1JtbEpvR3lxWWNldWFCSURhQlhXQmU0aU0z?= =?utf-8?B?MldNM20yVitVUG5hNUxWQlNzZlR1eVdUUzN3WG1saTN3bVQ4NVNxY2NyMEcv?= =?utf-8?B?aHhsNXdNc3NIUnZxTzRzKzMwV1RpWUZBbUV4MmcxR0MwbGZDcmNqRDhWZHFi?= =?utf-8?B?UUk4VnRycXJTZ0YybUZyQzJMTnhPMCtsT0NNcDFTUWYzVzQzYzM4RC96RmZX?= =?utf-8?B?Z2tRdlhGZFBnRXNaOGZRMlBwa0hwUWlrRkZPRmxoUWI4aVViUmt1Qm12UitW?= =?utf-8?B?TllGUmlrUXUrcXQ3VElzWXJOalByTWxIMEYyL1d5TWx2Z3ZKSTMvUk9BRUVm?= =?utf-8?B?MmhaNWdRRkMyenY1dW0xV0xWUDRmVnpDc3daZHJqZC8waFYvMUZvcEhNUlc1?= =?utf-8?B?bzlkMFJLZ1FweGE5SXVWcG05V3J5aU5FNmtySTlQWHNPeTRoN3BxT0Q4U3Rl?= =?utf-8?Q?ZrLiTlAYVOFnXDr6294I4oD2nFjhK2Pz0hM8tMKYQA=3D?= Content-Type: text/plain; charset="utf-8" Content-ID: Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-OriginatorOrg: nccgroup.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: DM6PR06MB6187.namprd06.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: f8f19cd4-1391-4309-4f1f-08d9e264e3d7 X-MS-Exchange-CrossTenant-originalarrivaltime: 28 Jan 2022 13:48:39.5375 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: a41111be-486b-45f6-8bd0-ee01a62f368e X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: KqCabkijqzUcbG0UuF1MqrQW9djhuMbsOsg2uRUgbXZ2VxioW+7rNcx+pYyuB/1FOftbFQgC80hQSvSv84tZ7x1tgaCqohEgiLqdjD0TKMo= X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR06MB5415 Archived-At: Subject: Re: [Crypto-panel] EXTERNAL: Re: Request for review of two erratas opened against RFC 8032 (EdDSA) X-BeenThere: crypto-panel@irtf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 28 Jan 2022 13:48:50 -0000 QXMgZm9yIGVmZmljaWVuY3ksIHRoZSBnYWluIGlzIHNsaWdodC4gVGhlIG1vZHVsYXIgZXhwb25l bnRpYXRpb24gKHdpdGggZXhwb25lbnQgKHAtNSkvOCkgY29zdHMgYXQgbGVhc3QgMjUwIHNxdWFy aW5ncywgYW5kIGFuIGV4dHJhIGRvemVuIG11bHRpcGxpY2F0aW9ucy4gVGhlIHByb3Bvc2VkIGZv cm11bGEgc2F2ZXMgdHdvIHNxdWFyaW5ncyBhbmQgdGhyZWUgbXVsdGlwbGljYXRpb25zLCBpLmUu IHdlIGFyZSB0YWxraW5nIGFib3V0IGFuIGltcHJvdmVtZW50IG9mIGxlc3MgdGhhbiAyJS4gTm90 aGluZyBncm91bmQtYnJlYWtpbmcgaGVyZS4NCg0KVGhvbWFzDQoNCu+7v09uIDIwMjItMDEtMjgs IDA4OjQ0LCAiQ3J5cHRvLXBhbmVsIG9uIGJlaGFsZiBvZiBUaG9tYXMgUG9ybmluIiA8Y3J5cHRv LXBhbmVsLWJvdW5jZXNAaXJ0Zi5vcmcgb24gYmVoYWxmIG9mIHRob21hcy5wb3JuaW49NDBuY2Nn cm91cC5jb21AZG1hcmMuaWV0Zi5vcmc+IHdyb3RlOg0KDQogICAgT0ssIHRoZSBwcm9wb3NlZCBm b3JtdWxhcyBhcmUgY29ycmVjdC4gVGhlIG9yaWdpbmFsIGZvcm11bGFzIHdlcmUgY29ycmVjdCwg dG9vLg0KDQogICAgRm9yIHAgPSAyXjI1NS0xOTogZ2l2ZW4gdSBhbmQgdiBpbiB0aGUgZmllbGQs IHRoZW46DQogICAgdip4XjIgPSB2Kih1Kih1KnYpXigocC01KS84KSleMiA9IHYqKHVeMikqKHVe KChwLTUpLzQpKSoodl4oKHAtNSkvNCkpID0gdSAqICh1XigocC0xKS80KSAqIHZeKChwLTEpLzQp KQ0KICAgIElmIHUvdiBpcyBhIHNxdWFyZSAoYW5kIHUgIT0gMCwgdiAhPSAwKSB0aGVuIHVeKChw LTEpLzIpICogdl4oKHAtMSkvMikgPSAxIChpLmUuIGJvdGggdSBhbmQgdiBhcmUgc3F1YXJlcywg b3IgYm90aCB1IGFuZCB2IGFyZSBub24tc3F1YXJlcykuDQogICAgKHVeKChwLTEpLzQpICogdl4o KHAtMSkvNCkpIGlzIGEgc3F1YXJlIHJvb3Qgb2YgKHVeKChwLTEpLzIpICogdl4oKHAtMSkvMikp LCBzbyBpdHMgdmFsdWUgY2FuIG9ubHkgYmUgMSBvciAtMSwgdGhlcmVmb3JlIHYqeF4yID0gdSBv ciAtdS4gSW4gYm90aCBjYXNlcywgdGhpcyBsZWFkcyB0byBhIHNxdWFyZSByb290IG9mICh1L3Yp IGJ5IGFwcGx5aW5nIHN0ZXAgMyBvZiBSRkMgODAzMiBzZWN0aW9uIDUuMS4zOiBpZiB3ZSBnb3Qg eCBzdWNoIHRoYXQgdip4XjIgPSB1LCB0aGVuIHggaXMgYSBzcXVhcmUgcm9vdCBvZiB1L3Y7IGlm IHggaXMgc3VjaCB0aGF0IHYqeF4yID0gLXUsIHRoZW4geCppIGlzIGEgc3F1YXJlIHJvb3Qgb2Yg dS92LCB1c2luZyBpID0gc3FydCgtMSkgKGluIHRoZSBSRkMsIGl0J3MgZ2l2ZW4gYXMgMl4oKHAt MSkvNCksIGFuZCBpdCBpcyBpbmRlZWQgYSBzcXVhcmUgcm9vdCBvZiAtMSkuDQogICAgVGh1cywg dGhlIHByb3Bvc2VkIGZvcm11bGEsIGluc2VydGVkIGluIHRoZSBSRkMgdGV4dCwgaW5kZWVkIHlp ZWxkcyBhIHNxdWFyZSByb290IG9mIHUvdiBpZiBpdCBleGlzdHMuIEl0IGRvZXMgbm90IG5lY2Vz c2FyaWx5IHlpZWxkIHRoZSBzYW1lIHNxdWFyZSByb290IGFzIHRoZSBvcmlnaW5hbCBmb3JtdWxh LCBidXQgdGhhdCBkb2VzIG5vdCBtYXR0ZXIgc2luY2Ugc3RlcCA0IG9mIHRoZSBkZWNvZGluZyBw cm9jZXNzIG5vcm1hbGl6ZXMgdGhlIHNvbHV0aW9uIHVzaW5nIHRoZSBsZWFzdCBzaWduaWZpY2Fu dCBiaXQuDQogICAgTm90ZSB0aGF0IHN0ZXAgMyBvZiBzZWN0aW9uIDUuMS4zIGluY2x1ZGVzIGV4 cGxpY2l0bHkgY2hlY2tpbmcgdGhhdCB2KnheMiA9IHUgb3IgLXUsIGFuZCBpZiB1L3YgaXMgbm90 IGEgc3F1YXJlIHRoZW4gdGhlcmUgY2Fubm90IGJlIGEgeCB2YWx1ZSB0aGF0IG1hdGNoZXMgdGhh dCB0ZXN0OyB0aHVzLCB0aGUgbmV3IGZvcm11bGEgZG9lcyBub3QgaW5jb3JyZWN0bHkgcmV0dXJu IGEgdmFsdWUgZm9yIGEgbm9uLXNxdWFyZSB1L3YuDQoNCiAgICBGb3IgcCA9IDJeNDQ4IC0gMl4y MjQgLSAxLCBpdCBpcyBzbGlnaHRseSBzaW1wbGVyOg0KICAgIHYqeF4yID0gdioodSoodSp2KV4o KHAtMykvNCkpXjIgPSB1ICogKHVeKChwLTEpLzIpICogdl4oKHAtMSkvMikNCiAgICBJZiB1L3Yg aXMgYSBzcXVhcmUgdGhlbiB1XigocC0xKS8yKSAqIHZeKChwLTEpLzIpID0gMSAoc2VlIGFib3Zl KSwgaGVuY2Ugdip4XjIgPSB1IGFuZCB4IGlzIG5lY2Vzc2FyaWx5IGEgc29sdXRpb24uIEFnYWlu LCB0aGlzIGlzIHRlc3RlZCBleHBsaWNpdGx5IChzdGVwIDMgb2Ygc2VjdGlvbiA1LjIuMykgc28g dGhlcmUgaXMgbm8gcmlzayBvZiBpbmNvcnJlY3RseSBhY2NlcHRpbmcgYSBub24tc3F1YXJlLg0K DQogICAgQXMgbm90ZWQgYWJvdmUsIHRoZSBub3JtYWxpemluZyBzdGVwIG1lYW5zIHRoYXQgaXQg bWFrZXMgbm8gZGlmZmVyZW5jZSB3aGljaCBvZiB0aGUgdHdvIHNxdWFyZSByb290cyB5b3UgZ2V0 LCBhdCBsZWFzdCBpbiB0aGUgY29udGV4dCBvZiBSRkMgODAzMi4gSSB0aGluayBpdCBoYXMgc29t ZSBzbGlnaHQgaW1wYWN0IGluIGFub3RoZXIgY29udGV4dCwgd2hlcmUgdGhlIGV4YWN0IGNob2lj ZSBvZiB0aGUgc3F1YXJlIHJvb3QgY2FuIGhlbHAgc2ltcGxpZnkgYSBmb3JtdWxhLCBidXQgbXkg bWVtb3J5IGlzIGEgYml0IGhhenkgaGVyZS4gVGhpcyBtYXkgYmUgcmVsYXRlZCB0byB0aGUgZmFj dCB0aGF0LCB3aXRoIHAgPSAyXjQ0OCAtIDJeMjI0IC0gMSwgZXhhY3RseSBvbmUgb2YgdGhlIHR3 byBzcXVhcmUgcm9vdHMgb2YgdS92IGlzIGl0c2VsZiBhIHNxdWFyZSwgYW5kIHRoZSBvcmlnaW5h bCBSRkMgZm9ybXVsYSBhbHdheXMgcmV0dXJucyB0aGF0IG9uZSwgd2hpbGUgdGhlIHByb3Bvc2Vk IGZvcm11bGEgbWF5IHJldHVybiB0aGUgc3F1YXJlIHJvb3Qgd2hpY2ggaXMgYSBub24tc3F1YXJl OyBhZ2FpbiwgdGhpcyBkb2VzIG5vdCBtYXR0ZXIgaW4gdGhlIGNhc2Ugb2YgUkZDIDgwMzIuDQoN CiAgICBUaG9tYXMNCg0KICAgIEZyb206IENyeXB0by1wYW5lbCA8Y3J5cHRvLXBhbmVsLWJvdW5j ZXNAaXJ0Zi5vcmc+IG9uIGJlaGFsZiBvZiAiU3RhbmlzbGF2IFYuIFNteXNobHlhZXYiIDxzbXlz aHN2QGdtYWlsLmNvbT4NCiAgICBEYXRlOiBGcmlkYXksIEphbnVhcnkgMjgsIDIwMjIgYXQgMDc6 NDUNCiAgICBUbzogVGhvbWFzIFBvcm5pbiA8dGhvbWFzLnBvcm5pbj00MG5jY2dyb3VwLmNvbUBk bWFyYy5pZXRmLm9yZz4NCiAgICBDYzogQ2hsb2UgTWFydGluZGFsZSA8Y2hsb2VtYXJ0aW5kYWxl QGdtYWlsLmNvbT4sICJjcnlwdG8tcGFuZWxAaXJ0Zi5vcmciIDxjcnlwdG8tcGFuZWxAaXJ0Zi5v cmc+LCAiY2ZyZy1jaGFpcnNAaWV0Zi5vcmciIDxjZnJnLWNoYWlyc0BpZXRmLm9yZz4NCiAgICBT dWJqZWN0OiBSZTogW0NyeXB0by1wYW5lbF0gRVhURVJOQUw6IFJlOiBSZXF1ZXN0IGZvciByZXZp ZXcgb2YgdHdvIGVycmF0YXMgb3BlbmVkIGFnYWluc3QgUkZDIDgwMzIgKEVkRFNBKQ0KDQogICAg VGhhbmsgeW91LCBUaG9tYXMhDQoNCiAgICBSZWdhcmRzLA0KICAgIFN0YW5pc2xhdg0KDQogICAg T24gRnJpLCAyOCBKYW4gMjAyMiBhdCAxNTo0MywgVGhvbWFzIFBvcm5pbiA8dGhvbWFzLnBvcm5p bj00MG5jY2dyb3VwLmNvbUBkbWFyYy5pZXRmLm9yZz4gd3JvdGU6DQogICAgSSB3aWxsIGhhdmUg YSBsb29rIHRvby4gVGhpcyBsb29rcyB3ZWlyZC4NCg0KICAgIFRob21hcw0KDQogICAgRnJvbTog Q3J5cHRvLXBhbmVsIDxjcnlwdG8tcGFuZWwtYm91bmNlc0BpcnRmLm9yZz4gb24gYmVoYWxmIG9m IENobG9lIE1hcnRpbmRhbGUgPGNobG9lbWFydGluZGFsZUBnbWFpbC5jb20+DQogICAgRGF0ZTog RnJpZGF5LCBKYW51YXJ5IDI4LCAyMDIyIGF0IDA2OjI0DQogICAgVG86ICJTdGFuaXNsYXYgVi4g U215c2hseWFldiIgPHNteXNoc3ZAZ21haWwuY29tPg0KICAgIENjOiAiY3J5cHRvLXBhbmVsQGly dGYub3JnIiA8Y3J5cHRvLXBhbmVsQGlydGYub3JnPiwgImNmcmctY2hhaXJzQGlldGYub3JnIiA8 Y2ZyZy1jaGFpcnNAaWV0Zi5vcmc+DQogICAgU3ViamVjdDogRVhURVJOQUw6IFJlOiBbQ3J5cHRv LXBhbmVsXSBSZXF1ZXN0IGZvciByZXZpZXcgb2YgdHdvIGVycmF0YXMgb3BlbmVkIGFnYWluc3Qg UkZDIDgwMzIgKEVkRFNBKQ0KDQogICAgSGkgYWxsLA0KDQogICAgSSBjYW4gdGFrZSBhIGxvb2sg YXQgdGhpcy4NCg0KICAgIEFsbCB0aGUgYmVzdCwNCiAgICBDaGxvZQ0KDQogICAgT24gRnJpLCAy OCBKYW4gMjAyMiBhdCAwNjoyMCwgU3RhbmlzbGF2IFYuIFNteXNobHlhZXYgPHNteXNoc3ZAZ21h aWwuY29tPiB3cm90ZToNCiAgICBEZWFyIENyeXB0byBSZXZpZXcgUGFuZWwgZXhwZXJ0cywNCg0K ICAgIFdlJ3ZlIHJlY2VpdmVkIGEgcmVxdWVzdCB0byBoYXZlIGEgY2xvc2VyIGxvb2sgYXQgdHdv IGVycmF0YSBvcGVuZWQgYWdhaW5zdCBSRkMgODAzMjogaHR0cHM6Ly9nYnIwMS5zYWZlbGlua3Mu cHJvdGVjdGlvbi5vdXRsb29rLmNvbS8/dXJsPWh0dHBzJTNBJTJGJTJGd3d3LnJmYy1lZGl0b3Iu b3JnJTJGZXJyYXRhJTJGZWlkNTc1OCZhbXA7ZGF0YT0wNCU3QzAxJTdDdGhvbWFzLnBvcm5pbiU0 MG5jY2dyb3VwLmNvbSU3QzM5NTg4ZmNkNmIzYTRlYjJhMmU0MDhkOWUyNjQxNmFmJTdDYTQxMTEx YmU0ODZiNDVmNjhiZDBlZTAxYTYyZjM2OGUlN0MwJTdDMCU3QzYzNzc4OTc0MjY4NzM4NjMwMyU3 Q1Vua25vd24lN0NUV0ZwYkdac2IzZDhleUpXSWpvaU1DNHdMakF3TURBaUxDSlFJam9pVjJsdU16 SWlMQ0pCVGlJNklrMWhhV3dpTENKWFZDSTZNbjAlM0QlN0MzMDAwJmFtcDtzZGF0YT1rNDlHcjJX dVlJUm1KdGJQTWtMOHk4dWhVenR2QWd0SE9nWk5Xbzl5T1V3JTNEJmFtcDtyZXNlcnZlZD0wLCBo dHRwczovL2dicjAxLnNhZmVsaW5rcy5wcm90ZWN0aW9uLm91dGxvb2suY29tLz91cmw9aHR0cHMl M0ElMkYlMkZ3d3cucmZjLWVkaXRvci5vcmclMkZlcnJhdGElMkZlaWQ1NzU5JmFtcDtkYXRhPTA0 JTdDMDElN0N0aG9tYXMucG9ybmluJTQwbmNjZ3JvdXAuY29tJTdDMzk1ODhmY2Q2YjNhNGViMmEy ZTQwOGQ5ZTI2NDE2YWYlN0NhNDExMTFiZTQ4NmI0NWY2OGJkMGVlMDFhNjJmMzY4ZSU3QzAlN0Mw JTdDNjM3Nzg5NzQyNjg3NTQyNTU1JTdDVW5rbm93biU3Q1RXRnBiR1pzYjNkOGV5SldJam9pTUM0 d0xqQXdNREFpTENKUUlqb2lWMmx1TXpJaUxDSkJUaUk2SWsxaGFXd2lMQ0pYVkNJNk1uMCUzRCU3 QzMwMDAmYW1wO3NkYXRhPUI2UVI1WjUwckIwVnozWGtnRkV0dGVCU0xMTDdpVjFxRmppUld1OEx5 ZkUlM0QmYW1wO3Jlc2VydmVkPTAuIA0KDQogICAgUHJldmlvdXNseSB0aGVzZSB0d28gZXJyYXRh IHdlcmUgcmVqZWN0ZWQgc2luY2Ugbm8gbWlzdGFrZXMgaW4gdGhlIGN1cnJlbnQgdGV4dCBvZiB0 aGUgZHJhZnQgaGFkIGJlZW4gZm91bmQuIEF0IHRoZSBzYW1lIHRpbWUsIHRoZSB0d28gZXJyYXRh IG1pZ2h0IHByb3ZpZGUgbW9yZSBlZmZlY3RpdmUgd2F5cyBmb3Igc3F1YXJlLXJvb3RzLW1vZC1w LiANCg0KICAgIFdlIHdvdWxkIGxpa2UgdG8gYXNrIGEgQ3J5cHRvIFBhbmVsIGV4cGVydCAob3Ig dHdvIGV4cGVydHMpIHRvIGNoZWNrIHRoZSBwcm9wb3NlZCBmb3JtdWxhcywgaS5lLiwgdG8gdmVy aWZ5IHRoYXQgdGhleSBhcmUgY29ycmVjdCBhbmQgbW9yZSBlZmZlY3RpdmUgKGFsd2F5cyBvciBp biBhIHZhc3QgbWFqb3JpdHkgb2YgY2FzZXMpLg0KDQogICAgQW55IHZvbHVudGVlcnM/DQoNCiAg ICBCZXN0IHJlZ2FyZHMsDQogICAgU3RhbmlzbGF2IChmb3IgY2hhaXJzKQ0KICAgIF9fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fDQogICAgQ3J5cHRvLXBhbmVs IG1haWxpbmcgbGlzdA0KICAgIENyeXB0by1wYW5lbEBpcnRmLm9yZw0KICAgIGh0dHBzOi8vZ2Jy MDEuc2FmZWxpbmtzLnByb3RlY3Rpb24ub3V0bG9vay5jb20vP3VybD1odHRwcyUzQSUyRiUyRnd3 dy5pcnRmLm9yZyUyRm1haWxtYW4lMkZsaXN0aW5mbyUyRmNyeXB0by1wYW5lbCZhbXA7ZGF0YT0w NCU3QzAxJTdDdGhvbWFzLnBvcm5pbiU0MG5jY2dyb3VwLmNvbSU3QzM5NTg4ZmNkNmIzYTRlYjJh MmU0MDhkOWUyNjQxNmFmJTdDYTQxMTExYmU0ODZiNDVmNjhiZDBlZTAxYTYyZjM2OGUlN0MwJTdD MCU3QzYzNzc4OTc0MjY4NzU0MjU1NSU3Q1Vua25vd24lN0NUV0ZwYkdac2IzZDhleUpXSWpvaU1D NHdMakF3TURBaUxDSlFJam9pVjJsdU16SWlMQ0pCVGlJNklrMWhhV3dpTENKWFZDSTZNbjAlM0Ql N0MzMDAwJmFtcDtzZGF0YT1HRUtGTWFWanVJU3FFZEtQa3RpWG5rTXdrODdGdHdyZ05JeGRZVHFh MGdBJTNEJmFtcDtyZXNlcnZlZD0wDQogICAgX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX18NCiAgICBDcnlwdG8tcGFuZWwgbWFpbGluZyBsaXN0DQogICAgQ3J5 cHRvLXBhbmVsQGlydGYub3JnDQogICAgaHR0cHM6Ly9nYnIwMS5zYWZlbGlua3MucHJvdGVjdGlv bi5vdXRsb29rLmNvbS8/dXJsPWh0dHBzJTNBJTJGJTJGd3d3LmlydGYub3JnJTJGbWFpbG1hbiUy Rmxpc3RpbmZvJTJGY3J5cHRvLXBhbmVsJmFtcDtkYXRhPTA0JTdDMDElN0N0aG9tYXMucG9ybmlu JTQwbmNjZ3JvdXAuY29tJTdDMzk1ODhmY2Q2YjNhNGViMmEyZTQwOGQ5ZTI2NDE2YWYlN0NhNDEx MTFiZTQ4NmI0NWY2OGJkMGVlMDFhNjJmMzY4ZSU3QzAlN0MwJTdDNjM3Nzg5NzQyNjg3NTQyNTU1 JTdDVW5rbm93biU3Q1RXRnBiR1pzYjNkOGV5SldJam9pTUM0d0xqQXdNREFpTENKUUlqb2lWMmx1 TXpJaUxDSkJUaUk2SWsxaGFXd2lMQ0pYVkNJNk1uMCUzRCU3QzMwMDAmYW1wO3NkYXRhPUdFS0ZN YVZqdUlTcUVkS1BrdGlYbmtNd2s4N0Z0d3JnTkl4ZFlUcWEwZ0ElM0QmYW1wO3Jlc2VydmVkPTAN Cg0KICAgIF9fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fDQog ICAgQ3J5cHRvLXBhbmVsIG1haWxpbmcgbGlzdA0KICAgIENyeXB0by1wYW5lbEBpcnRmLm9yZw0K ICAgIGh0dHBzOi8vZ2JyMDEuc2FmZWxpbmtzLnByb3RlY3Rpb24ub3V0bG9vay5jb20vP3VybD1o dHRwcyUzQSUyRiUyRnd3dy5pcnRmLm9yZyUyRm1haWxtYW4lMkZsaXN0aW5mbyUyRmNyeXB0by1w YW5lbCZhbXA7ZGF0YT0wNCU3QzAxJTdDdGhvbWFzLnBvcm5pbiU0MG5jY2dyb3VwLmNvbSU3QzM5 NTg4ZmNkNmIzYTRlYjJhMmU0MDhkOWUyNjQxNmFmJTdDYTQxMTExYmU0ODZiNDVmNjhiZDBlZTAx YTYyZjM2OGUlN0MwJTdDMCU3QzYzNzc4OTc0MjY4NzU0MjU1NSU3Q1Vua25vd24lN0NUV0ZwYkda c2IzZDhleUpXSWpvaU1DNHdMakF3TURBaUxDSlFJam9pVjJsdU16SWlMQ0pCVGlJNklrMWhhV3dp TENKWFZDSTZNbjAlM0QlN0MzMDAwJmFtcDtzZGF0YT1HRUtGTWFWanVJU3FFZEtQa3RpWG5rTXdr ODdGdHdyZ05JeGRZVHFhMGdBJTNEJmFtcDtyZXNlcnZlZD0wDQoNCg==