draft-irtf-cfrg-cryptography-specification-00.txt | draft-irtf-cfrg-cryptography-specification-01.txt | |||
---|---|---|---|---|
Network Working Group N. Sullivan | Network Working Group N. Sullivan | |||
Internet-Draft C. A. Wood | Internet-Draft Cryptography Consulting LLC | |||
Intended status: Informational Cloudflare, Inc. | Intended status: Informational C. A. Wood | |||
Expires: 11 January 2024 10 July 2023 | Expires: 12 October 2024 Cloudflare, Inc. | |||
10 April 2024 | ||||
Guidelines for Writing Cryptography Specifications | Guidelines for Writing Cryptography Specifications | |||
draft-irtf-cfrg-cryptography-specification-00 | draft-irtf-cfrg-cryptography-specification-01 | |||
Abstract | Abstract | |||
This document provides guidelines and best practices for writing | This document provides guidelines and best practices for writing | |||
technical specifications for cryptography protocols and primitives, | technical specifications for cryptography protocols and primitives, | |||
targeting the needs of implementers, researchers, and protocol | targeting the needs of implementers, researchers, and protocol | |||
designers. It highlights the importance of technical specifications | designers. It highlights the importance of technical specifications | |||
and discusses strategies for creating high-quality specifications | and discusses strategies for creating high-quality specifications | |||
that cater to the needs of each community, including guidance on | that cater to the needs of each community, including guidance on | |||
representing mathematical operations, security definitions, and | representing mathematical operations, security definitions, and | |||
threat models. | threat models. | |||
Discussion Venues | Discussion Venues | |||
This note is to be removed before publishing as an RFC. | This note is to be removed before publishing as an RFC. | |||
Discussion of this document takes place on the Crypto Forum Research | ||||
Group mailing list (cfrg@ietf.org), which is archived at | ||||
https://mailarchive.ietf.org/arch/search/?email_list=cfrg. | ||||
Source for this draft and an issue tracker can be found at | Source for this draft and an issue tracker can be found at | |||
https://github.com/grittygrease/draft-sullivan-cryptography- | https://github.com/cfrg/draft-irtf-cfrg-cryptography-specification. | |||
specification. | ||||
Status of This Memo | Status of This Memo | |||
This Internet-Draft is submitted in full conformance with the | This Internet-Draft is submitted in full conformance with the | |||
provisions of BCP 78 and BCP 79. | provisions of BCP 78 and BCP 79. | |||
Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
Drafts is at https://datatracker.ietf.org/drafts/current/. | Drafts is at https://datatracker.ietf.org/drafts/current/. | |||
Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
This Internet-Draft will expire on 11 January 2024. | This Internet-Draft will expire on 12 October 2024. | |||
Copyright Notice | Copyright Notice | |||
Copyright (c) 2023 IETF Trust and the persons identified as the | Copyright (c) 2024 IETF Trust and the persons identified as the | |||
document authors. All rights reserved. | document authors. All rights reserved. | |||
This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
Provisions Relating to IETF Documents (https://trustee.ietf.org/ | Provisions Relating to IETF Documents (https://trustee.ietf.org/ | |||
license-info) in effect on the date of publication of this document. | license-info) in effect on the date of publication of this document. | |||
Please review these documents carefully, as they describe your rights | Please review these documents carefully, as they describe your rights | |||
and restrictions with respect to this document. | and restrictions with respect to this document. | |||
Table of Contents | Table of Contents | |||
skipping to change at page 2, line 30 ¶ | skipping to change at page 2, line 30 ¶ | |||
3. Guidelines for Cryptographic Specification Presentation . . . 5 | 3. Guidelines for Cryptographic Specification Presentation . . . 5 | |||
3.1. Simplicity . . . . . . . . . . . . . . . . . . . . . . . 5 | 3.1. Simplicity . . . . . . . . . . . . . . . . . . . . . . . 5 | |||
3.2. Precision . . . . . . . . . . . . . . . . . . . . . . . . 6 | 3.2. Precision . . . . . . . . . . . . . . . . . . . . . . . . 6 | |||
3.3. Consistency . . . . . . . . . . . . . . . . . . . . . . . 7 | 3.3. Consistency . . . . . . . . . . . . . . . . . . . . . . . 7 | |||
3.3.1. Representing Mathematical Operations . . . . . . . . 9 | 3.3.1. Representing Mathematical Operations . . . . . . . . 9 | |||
4. Guidelines for Cryptography Specification Content . . . . . . 10 | 4. Guidelines for Cryptography Specification Content . . . . . . 10 | |||
4.1. Reusability . . . . . . . . . . . . . . . . . . . . . . . 10 | 4.1. Reusability . . . . . . . . . . . . . . . . . . . . . . . 10 | |||
4.1.1. Build on Existing Specifications . . . . . . . . . . 11 | 4.1.1. Build on Existing Specifications . . . . . . . . . . 11 | |||
4.1.2. Modular Design . . . . . . . . . . . . . . . . . . . 11 | 4.1.2. Modular Design . . . . . . . . . . . . . . . . . . . 11 | |||
4.1.3. Clear Interfaces and Abstractions . . . . . . . . . . 11 | 4.1.3. Clear Interfaces and Abstractions . . . . . . . . . . 11 | |||
4.1.4. Documentation and Examples . . . . . . . . . . . . . 12 | 4.1.4. Completeness . . . . . . . . . . . . . . . . . . . . 12 | |||
4.1.5. Documentation and Examples . . . . . . . . . . . . . 12 | ||||
4.2. Defining Security Definitions and Threat Models . . . . . 12 | 4.2. Defining Security Definitions and Threat Models . . . . . 12 | |||
4.2.1. Defining Security Goals . . . . . . . . . . . . . . . 12 | 4.2.1. Defining Security Goals . . . . . . . . . . . . . . . 13 | |||
4.2.2. Formalizing Security Definitions . . . . . . . . . . 13 | 4.2.2. Formalizing Security Definitions . . . . . . . . . . 13 | |||
4.2.3. Describing the Threat Model . . . . . . . . . . . . . 13 | 4.2.3. Describing the Threat Model . . . . . . . . . . . . . 13 | |||
4.2.4. Addressing Known Vulnerabilities and Attacks . . . . 13 | 4.2.4. Addressing Known Vulnerabilities and Attacks . . . . 13 | |||
4.2.5. Providing Guidance on Secure Implementation and | 4.2.5. Providing Guidance on Secure Implementation and | |||
Deployment . . . . . . . . . . . . . . . . . . . . . 13 | Deployment . . . . . . . . . . . . . . . . . . . . . 14 | |||
5. Catering to Target Audiences . . . . . . . . . . . . . . . . 14 | 5. Catering to Target Audiences . . . . . . . . . . . . . . . . 14 | |||
5.1. Catering to Implementers . . . . . . . . . . . . . . . . 14 | 5.1. Catering to Implementers . . . . . . . . . . . . . . . . 14 | |||
5.1.1. Test vectors . . . . . . . . . . . . . . . . . . . . 14 | 5.1.1. Test vectors . . . . . . . . . . . . . . . . . . . . 15 | |||
5.2. Catering to Researchers . . . . . . . . . . . . . . . . . 15 | 5.2. Catering to Researchers . . . . . . . . . . . . . . . . . 16 | |||
5.3. Catering to Protocol Designers . . . . . . . . . . . . . 16 | 5.3. Catering to Protocol Designers . . . . . . . . . . . . . 16 | |||
6. General Recommendations . . . . . . . . . . . . . . . . . . . 17 | 6. General Recommendations . . . . . . . . . . . . . . . . . . . 17 | |||
6.1. Encourage Open Communication and Feedback . . . . . . . . 17 | 6.1. Encourage Open Communication and Feedback . . . . . . . . 18 | |||
6.2. Seek External Expertise . . . . . . . . . . . . . . . . . 17 | 6.2. Seek External Expertise . . . . . . . . . . . . . . . . . 18 | |||
6.3. Recognize and Address Conflicting Interests . . . . . . . 18 | 6.3. Recognize and Address Conflicting Interests . . . . . . . 18 | |||
7. Examples of Well-Written Specifications . . . . . . . . . . . 18 | 7. Examples of Well-Written Specifications . . . . . . . . . . . 18 | |||
7.1. ChaCha20 and Poly1305 for IETF Protocols (RFC 8439) . . . 18 | 7.1. ChaCha20 and Poly1305 for IETF Protocols (RFC 8439) . . . 18 | |||
7.1.1. Introduction and Overview . . . . . . . . . . . . . . 18 | 7.1.1. Introduction and Overview . . . . . . . . . . . . . . 19 | |||
7.1.2. Algorithm Descriptions . . . . . . . . . . . . . . . 18 | 7.1.2. Algorithm Descriptions . . . . . . . . . . . . . . . 19 | |||
7.1.3. Test Vectors . . . . . . . . . . . . . . . . . . . . 19 | 7.1.3. Test Vectors . . . . . . . . . . . . . . . . . . . . 19 | |||
7.1.4. Security Considerations . . . . . . . . . . . . . . . 19 | 7.1.4. Security Considerations . . . . . . . . . . . . . . . 19 | |||
7.1.5. IANA Considerations and References . . . . . . . . . 19 | 7.1.5. IANA Considerations and References . . . . . . . . . 19 | |||
7.1.6. Problematic Aspects . . . . . . . . . . . . . . . . . 19 | 7.1.6. Problematic Aspects . . . . . . . . . . . . . . . . . 20 | |||
8. Examples of Specifications That Could Be Improved . . . . . . 19 | 8. Examples of Specifications That Could Be Improved . . . . . . 20 | |||
8.1. Test Vectors . . . . . . . . . . . . . . . . . . . . . . 20 | 8.1. Test Vectors . . . . . . . . . . . . . . . . . . . . . . 20 | |||
8.2. Unnecessary Branching . . . . . . . . . . . . . . . . . . 20 | 8.2. Unnecessary Branching . . . . . . . . . . . . . . . . . . 20 | |||
8.3. Compatibility and Modularity . . . . . . . . . . . . . . 20 | 8.3. Compatibility and Modularity . . . . . . . . . . . . . . 21 | |||
9. Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . 20 | 9. Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . 21 | |||
10. Security Considerations . . . . . . . . . . . . . . . . . . . 21 | 10. Security Considerations . . . . . . . . . . . . . . . . . . . 21 | |||
11. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 21 | 11. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 22 | |||
12. References . . . . . . . . . . . . . . . . . . . . . . . . . 21 | 12. References . . . . . . . . . . . . . . . . . . . . . . . . . 22 | |||
12.1. Normative References . . . . . . . . . . . . . . . . . . 21 | 12.1. Normative References . . . . . . . . . . . . . . . . . . 22 | |||
12.2. Informative References . . . . . . . . . . . . . . . . . 21 | 12.2. Informative References . . . . . . . . . . . . . . . . . 22 | |||
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 22 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 22 | |||
1. Introduction | 1. Introduction | |||
High-quality cryptography specifications are critical for the for | High-quality cryptography specifications are critical for the for | |||
development and deployment of secure cryptographic protocols. This | development and deployment of secure cryptographic protocols. This | |||
document provides guidelines for specification writers to follow to | document provides guidelines for specification writers to follow to | |||
help ensure that their specifications are of high quality and are | help ensure that their specifications are of high quality and are | |||
useful for their intended audience. This document provides | useful for their intended audience. This document provides | |||
guidelines for writing clear, precise, and consistent specifications | guidelines for writing clear, precise, and consistent specifications | |||
skipping to change at page 12, line 5 ¶ | skipping to change at page 12, line 5 ¶ | |||
implementation. This approach allows for the replacement or | implementation. This approach allows for the replacement or | |||
modification of components with minimal impact on the overall system | modification of components with minimal impact on the overall system | |||
and encourages the development of interchangeable components that can | and encourages the development of interchangeable components that can | |||
be reused across different applications and within protocols. | be reused across different applications and within protocols. | |||
Cryptographic objects typically have a set of functions associated | Cryptographic objects typically have a set of functions associated | |||
with them that make up the interface. Structuring the functions to | with them that make up the interface. Structuring the functions to | |||
fit well-understood and existing abstractions help make the job of | fit well-understood and existing abstractions help make the job of | |||
using the object in higher-level algorithms easier and less prone to | using the object in higher-level algorithms easier and less prone to | |||
code duplication. | code duplication. | |||
4.1.4. Documentation and Examples | 4.1.4. Completeness | |||
The operations defined in a cryptography specification should be | ||||
complete, with defined behavior on all inputs. This includes error | ||||
handing, and edge cases which would otherwise not impact the | ||||
algorithm's cryptographic properties. In particular, when | ||||
deserializing a byte string, the behavior on all byte strings should | ||||
be defined, including cases which would not be valid outputs of the | ||||
corresponding serialization function. A complete specification help | ||||
avoids implementation variations. These variations can lead to | ||||
interoperability failures, gaps between formal analysis and real- | ||||
world practice, or security vulnerabilities. | ||||
Avoid defining multiple implementation behaviors as valid. Leaving | ||||
multiple options to implementators leads to compounding complexity: | ||||
downstream specifications may need to profile the algorithm to pick | ||||
the preferred option, and validation tools must be configurable to | ||||
assert either case. | ||||
4.1.5. Documentation and Examples | ||||
Thorough documentation and illustrative examples play a crucial role | Thorough documentation and illustrative examples play a crucial role | |||
in promoting reusability. By providing comprehensive explanations of | in promoting reusability. By providing comprehensive explanations of | |||
the specification's components, interfaces, and intended use cases, | the specification's components, interfaces, and intended use cases, | |||
specification authors make it easier for developers to understand and | specification authors make it easier for developers to understand and | |||
implement the specification correctly. Including examples of how | implement the specification correctly. Including examples of how | |||
components can be combined or applied in various scenarios further | components can be combined or applied in various scenarios further | |||
clarifies their usage and encourages their reuse in different | clarifies their usage and encourages their reuse in different | |||
contexts. | contexts. | |||
skipping to change at page 22, line 30 ¶ | skipping to change at page 22, line 49 ¶ | |||
Protocols", RFC 8439, DOI 10.17487/RFC8439, June 2018, | Protocols", RFC 8439, DOI 10.17487/RFC8439, June 2018, | |||
<https://www.rfc-editor.org/rfc/rfc8439>. | <https://www.rfc-editor.org/rfc/rfc8439>. | |||
[RFC8874] Thomson, M. and B. Stark, "Working Group GitHub Usage | [RFC8874] Thomson, M. and B. Stark, "Working Group GitHub Usage | |||
Guidance", RFC 8874, DOI 10.17487/RFC8874, August 2020, | Guidance", RFC 8874, DOI 10.17487/RFC8874, August 2020, | |||
<https://www.rfc-editor.org/rfc/rfc8874>. | <https://www.rfc-editor.org/rfc/rfc8874>. | |||
Authors' Addresses | Authors' Addresses | |||
Nick Sullivan | Nick Sullivan | |||
Cloudflare, Inc. | Cryptography Consulting LLC | |||
101 Townsend St | ||||
San Francisco, | San Francisco, | |||
United States of America | United States of America | |||
Email: nick@cloudflare.com | Email: nicholas.sullivan+ietf@gmail.com | |||
Christopher A. Wood | Christopher A. Wood | |||
Cloudflare, Inc. | Cloudflare, Inc. | |||
101 Townsend St | 101 Townsend St | |||
San Francisco, | San Francisco, | |||
United States of America | United States of America | |||
Email: caw@heapingbits.net | Email: caw@heapingbits.net | |||
End of changes. 18 change blocks. | ||||
30 lines changed or deleted | 52 lines changed or added | |||
This html diff was produced by rfcdiff 1.45. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ |