[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Informational RFC to be: draft-nakajima-camellia-02.txt

To: "Steven M. Bellovin" <smb@research.att.com>
Subject: Re: Informational RFC to be: draft-nakajima-camellia-02.txt
From: Shiho MORIAI <shiho@sucaba.isl.ntt.co.jp>
Date: Tue, 04 Mar 2003 11:14:09 JST
Cc: iesg@ietf.org, june15@iss.isl.melco.co.jp, shiho@isl.ntt.co.jp, camellia@isl.ntt.co.jp, misty@isl.melco.co.jp, akato@po.ntts.co.jp
In-reply-to: Your message of "Mon, 16 Dec 2002 15:02:57 JST." <200212160602.PAA19701@sucaba.isl.ntt.co.jp>

Dear Steven, 

It is my pleasure to inform you that our encryption algorithm Camellia
has been selected by both the EU NESSIE and Japan CRYPTREC projects.
We hope that these endorsements will support publication of
Camellia-related documents as standards track RFCs, as you suggested
below.

Thank you very much for waiting for the outcome of the NESSIE and
CRYPTREC processes before proceeding. 

Best regards,
Shiho

* EU NESSIE project *
On February 27, the NESSIE project published a press release on the
announcement of the final selection of crypto algorithms.  Camellia
was selected as a 128-bit block cipher in the NESSIE portfolio of
recommended cryptographic.  For the category of block ciphers, they
selected MISTY1 and Camellia out of 16 submissions and also
recommended the AES. Further information is available at:
http://www.cryptonessie.org.

* Japan CRYPTREC project * 
Camellia was included in the list of cryptographic techniques for the
use of Japanese e-Government systems, which was published by Ministry
of Public Management, Home Affairs, Posts and Telecommunications
(MPHPT) and Ministry of Economy, Trade and Industry (METI) on February
20, 2003.  The cryptographic techniques on the said list were selected
based on the evaluation results by the Cryptography Research and
Evaluation Committees (CRYPTREC).

Unfortunately, the press release and the list are published in
Japanese only.
http://www.meti.go.jp/feedback/data/i30220cj.html
http://www.meti.go.jp/feedback/downloadfiles/i30220ej.pdf


>Dear Steven, 
>
>>There are several parts to the answer.  First, there is no IETF policy 
>>against patented technology; we simply require an IPR statmeent.  Even 
>>that is only required for standards-track documents.  In addition, RC2 
>>was used with S/MIME, a non-IETF protocol that was widely deployed 
>>before it was turned over to the IETF (see Appendix C of RFC 2311).
>
>>With regard to your main question:  before the AES process, there was a 
>>strong need for a cipher with a 128-bit key.  There were no good 
>>candidates.  As a result, it made more sense to publish various 
>>algorithms.  It was unclear if any would gain market share or be 
>>endorsed by the cryptographic community.  Thus, it made perfect sense 
>>to publish RC5 and CAST-128, and even CAST-256 -- it was approved for
>>publication by the IESG in March, 1999.
>>
>>MISTY1 was originally submitted as an Internet Draft in December, 1997, 
>>before the AES process even started.  Its approval (September, 2000) is 
>>rather late, given the criteria I have outlined.
>>
>>It was after Round I of the AES process concluded, in April 1999, that 
>>the Security Area -- then led by Jeff Schiller and Marcus Leech, 
>>and with agreement from me -- started to discourage any IETF 
>>standardization of other ciphers.  
>
>I've understood the IETF standardization policy change about other
>ciphers after Round I of the AES process. 
>
>
>>>2. Camellia is under final consideration within several bodies
>>>qualified to evaluate cryptographic algorithms: the NESSIE project
>>>(http://www.cryptonessie.org) and the CRYPTREC project
>>>(http://www.ipa.go.jp/security/enc/CRYPTREC/index-e.html). The NESSIE
>>>project will publish a selected list of cryptographic algorithms in
>>>February 2003.
>>
>>My understanding is that CRYPTREC is a project of the Japanese 
>>government, and of MITI in particular.  Is that correct?  I know more 
>>about NESSIE.
>
>Yes, CRYPTREC is a project of the Japanese government, and of METI
>(Ministry of Economy, Trade and Industry) and Ministry of Public
>Management, Home Affairs, Posts and Telecommunications in FY2001.
>They have evaluated the cryptographic techniques which are submitted
>to this project and/or widely-used and will publish a list of
>cryptographic techniques for Japanese e-Government systems in April
>2003.
>
>>>If the NESSIE project and/or the CRYPTRECE project select Camellia for
>>>inclusion in their standards, can you accept the draft to be published
>>>as an Informational RFC without the following notice?
>>
>>Absolutely.  If one of those groups endorsed it, we would also be 
>>willing to publish applications of Camellia as standards track RFCs, 
>>though again, that decision is up to the working groups.  Do you want 
>>to wait for the outcome of the NESSIE and CRYPTREC processes before 
>>proceeding?
>
>Yes, we can wait for the NESSIE and CRYPTREC processes to determine
>their final lists. I'll let you know ASAP we receive the notice.

>FYI, on November 28, the CRYPTREC project published the draft of the
>final list to call for public comments, on which Camellia is selected. 
>http://www.ipa.go.jp/security/enc/CRYPTREC/fy14/cryptrec20021128_status.html
>(Unfortunately, Japanese only...)
>
>Best regards,
>Shiho
>
>Shiho Moriai
>Information Security Project
>NTT Laboratories  
>TEL: +81-468-59-2007  FAX: +81-468-59-3858   


Shiho Moriai
Information Security Project
NTT Laboratories  
TEL: +81-468-59-2007  FAX: +81-468-59-3858

Follow-Ups:
- Re: Informational RFC to be: draft-nakajima-camellia-02.txt
  - From: "Steven M. Bellovin" <smb@research.att.com>

Prev by Date: RE: Has there been any discussion of a WG chair social in SF?
Next by Date: Re: Informational RFC to be: draft-nakajima-camellia-02.txt
Previous by thread: 56th IETF Meeting
Next by thread: Re: Informational RFC to be: draft-nakajima-camellia-02.txt
Index(es):
- Date
- Thread