Re: [auth48] AUTH48: RFC-to-be 9367 <draft-smyshlyaev-tls13-gost-suites-08> for your review

[Sandy Ginoza <sginoza@amsl.com>]

Greetings all,

Thank you for your quick reviews and replies.  We have noted each of your approvals on the AUTH48 page <http://www.rfc-editor.org/auth48/rfc9367>.  We have received all of the needed approvals, so we will continue with publication shortly.

Thank you,
RFC Editor/sg

> On Feb 15, 2023, at 2:12 AM, Екатерина Сергеевна <griboedovaekaterina@gmail.com> wrote:
> 
> Dear Sandy,
> 
> I approve the document. 
> 
> Best regards,
> Griboedova Ekaterina,
> 
> Ср, 15 февр. 2023 г. в 12:50, Бабуева Александра Алексеевна <babueva@cryptopro.ru>:
> Dear Sandy,
> 
> I approve the document. 
> 
> Best regards,
> Alexandra Babueva,
> CryptoPro LLC
> 
> 
> -----Original Message-----
> From: Никифорова Лидия Олеговна <nikiforova@cryptopro.ru> 
> Sent: Wednesday, February 15, 2023 12:40 PM
> To: Sandy Ginoza <sginoza@amsl.com>
> Cc: RFC Editor <rfc-editor@rfc-editor.org>; Алексеев Евгений Константинович <alekseev@cryptopro.ru>; griboedova.e.s@gmail.com; Бабуева Александра Алексеевна <babueva@cryptopro.ru>; Rfc Ise <rfc-ise@rfc-editor.org>; auth48archive@rfc-editor.org; Смышляев Станислав Витальевич <svs@cryptopro.ru>; griboedovaekaterina@gmail.com
> Subject: RE: AUTH48: RFC-to-be 9367 <draft-smyshlyaev-tls13-gost-suites-08> for your review
> 
> Dear Sandy,
> 
> I approve the document. Thank you!
> 
> Best regards,
> Lidiia Nikiforova,
> CryptoPro LLC
> 
> -----Original Message-----
> From: Sandy Ginoza <sginoza@amsl.com>
> Sent: Tuesday, February 14, 2023 8:42 PM
> To: Смышляев Станислав Витальевич <svs=40cryptopro.ru@dmarc.ietf.org>
> Cc: RFC Editor <rfc-editor@rfc-editor.org>; Алексеев Евгений Константинович <alekseev@cryptopro.ru>; griboedova.e.s@gmail.com; Бабуева Александра Алексеевна <babueva@cryptopro.ru>; Никифорова Лидия Олеговна <nikiforova@cryptopro.ru>; Rfc Ise <rfc-ise@rfc-editor.org>; auth48archive@rfc-editor.org
> Subject: Re: AUTH48: RFC-to-be 9367 <draft-smyshlyaev-tls13-gost-suites-08> for your review
> 
> Hi again,
> 
> One additional note: please ignore the updated URLs in the references for the RFC entries.  This is an error with the citation library and will be reverted before publication.  We have filed a bug ticket; see https://github.com/ietf-tools/bibxml-service/issues/339.
> 
> Thank you,
> RFC Editor/sg
> 
> 
> > On Feb 14, 2023, at 9:37 AM, Sandy Ginoza <sginoza@amsl.com> wrote:
> > 
> > Hi Stanislav,
> > 
> > Thank you for your updated XML file and your replies to our questions.  The files are available here: 
> > 
> >   https://www.rfc-editor.org/authors/rfc9367.xml
> >   https://www.rfc-editor.org/authors/rfc9367.txt
> >   https://www.rfc-editor.org/authors/rfc9367.pdf
> >   https://www.rfc-editor.org/authors/rfc9367.html
> > 
> > AUTH48 diff: 
> >   https://www.rfc-editor.org/authors/rfc9367-auth48diff.html
> > 
> > Comprehensive diffs: 
> >   https://www.rfc-editor.org/authors/rfc9367-diff.html
> >   https://www.rfc-editor.org/authors/rfc9367-rfcdiff.html (side by
> > side)
> > 
> > 
> > Authors, please let us know if you approve the RFC for publication. We will wait to hear from you before continuing with the process.
> > 
> > Thank you,
> > RFC Editor/sg
> > 
> > 
> > 
> > 
> >> On Feb 8, 2023, at 4:07 AM, Смышляев Станислав Витальевич <svs=40cryptopro.ru@dmarc.ietf.org> wrote:
> >> 
> >> Dear RFC Editor Team,
> >> 
> >> Thank you so much for your careful reading of the draft and your valuable comments!
> >> We have addressed them. 
> >> Please find attached the updated XML file.
> >> 
> >> Best regards,
> >> Stanislav Smyshlyaev, Ph.D.
> >> Deputy CEO, CryptoPro LLC
> >> 
> >> 
> >> -----Original Message-----
> >> From: rfc-editor@rfc-editor.org <rfc-editor@rfc-editor.org>
> >> Sent: Tuesday, February 7, 2023 8:27 AM
> >> To: Смышляев Станислав Витальевич <svs@cryptopro.ru>; Алексеев 
> >> Евгений Константинович <alekseev@cryptopro.ru>; 
> >> griboedova.e.s@gmail.com; Бабуева Александра Алексеевна 
> >> <babueva@cryptopro.ru>; Никифорова Лидия Олеговна 
> >> <nikiforova@cryptopro.ru>
> >> Cc: rfc-editor@rfc-editor.org; rfc-ise@rfc-editor.org; 
> >> auth48archive@rfc-editor.org
> >> Subject: Re: AUTH48: RFC-to-be 9367
> >> <draft-smyshlyaev-tls13-gost-suites-08> for your review
> >> 
> >> Authors,
> >> 
> >> While reviewing this document during AUTH48, please resolve (as necessary) the following questions, which are also in the XML file.
> >> 
> >> 1) <!-- [rfced] Generally, authors use a single first initial with a surname in the header.  Is the use of two initials intentional?  If an update is necessary, please let us know the desired form.
> >> 
> >> Original (from the document header):
> >> S.V. Smyshlyaev, Ed.
> >> E.K. Alekseev
> >> E.S. Griboedova
> >> A.A. Babueva
> >> L.O. Nikiforova
> >> -->
> >> 
> >> 
> >> 2) <!-- [rfced] Please review whether any of the notes in this 
> >> document should be in the <aside> element. It is defined as "a 
> >> container for content that is semantically less important or 
> >> tangential to the content that surrounds it"
> >> (https://authors.ietf.org/en/rfcxml-vocabulary#aside). -->
> >> 
> >> 
> >> 3) <!-- [rfced] This sentence seems to be missing a verb. Would the following suggestion make the text more clear for readers?
> >> 
> >> Original: 
> >> Each cipher suite specifies a pair of a record protection algorithm (see Section 4.1) and a hash algorithm (Section 4.2).
> >> 
> >> Perhaps: 
> >> Each cipher suite specifies a pair consisting of a record protection 
> >> algorithm (see Section 4.1) and a hash algorithm (Section 4.2). -->
> >> 
> >> 
> >> 4) <!-- [rfced] We suggest rewording this sentence for easy comprehension. 
> >> Does the following suggestion retain your intended meaning?
> >> 
> >> Original: 
> >> In order to decrypt and verify a protected record with sequence number seqnum the algorithm takes as an input: sender_record_write_key, which is derived from sender_write_key, nonce, additional_data and the AEADEncrypted value.
> >> 
> >> Perhaps: 
> >> In order to decrypt and verify a protected record with sequence 
> >> number seqnum, the algorithm takes sender_record_write_key as an 
> >> input, which is derived from sender_write_key, nonce, 
> >> additional_data, and the AEADEncrypted value. -->
> >> 
> >> 
> >> 5) <!-- [rfced] Please review the "type" attribute of each sourcecode element in the XML file to ensure correctness. If the current list of preferred values for "type" 
> >> (https://www.rfc-editor.org/materials/sourcecode-types.txt) does not contain an applicable type, then feel free to let us know. Also, it is acceptable to leave the "type" attribute not set.
> >> 
> >> In addition, we have updated the <artwork> elements in this document 
> >> to sourcecode. Please let us know any objections. -->
> >> 
> >> 
> >> 6) <!-- [rfced] Some tables in this document do not have titles.
> >> Please review, and provide titles for untitled tables if desired. -->
> >> 
> >> 
> >> 7) <!-- [rfced] This sentence seems to be missing a verb. Would the 
> >> following suggestion make the text easier to understand for readers?
> >> 
> >> Original:
> >> Each signature scheme specifies a pair of the signature algorithm 
> >> (see Section 5.1) and the elliptic curve (see Section 5.2).
> >> 
> >> Perhaps:
> >> Each signature scheme specifies a pair consisting of the signature 
> >> algorithm (see Section 5.1) and the elliptic curve (see Section 5.2).
> >> -->
> >> 
> >> 
> >> 8) <!-- [rfced] Table 3: Is the space before the comma in the Signature Algorithm column intentional?  For example, should the following:
> >> 
> >> |gostr34102012_256a|GOST R 34.10-2012 , 32-byte key length|RFC 7091|
> >> 
> >> be updated as follows: 
> >> |gostr34102012_256a|GOST R 34.10-2012, 32-byte key length|RFC 7091|
> >> -->
> >> 
> >> 
> >> 9) <!-- [rfced] There seems to be a missing article in this sentence. 
> >> Would a rephrase be appropriate here?
> >> 
> >> Original: 
> >> Key exchange and authentication process in case of using the 
> >> TLS13_GOST profile is defined in Section 6.1, Section 6.2 and Section 6.3.
> >> 
> >> Perhaps: 
> >> The key exchange and authentication process for using the TLS13_GOST 
> >> profile is defined in Sections 6.1, 6.2, and 6.3. -->
> >> 
> >> 
> >> 10) <!-- [rfced] We have updated the usage of "which" to "that" for 
> >> the following items in this list since they appear to be restrictive clauses.
> >> Please let us know any objections.
> >> 
> >> Original: 
> >> * If server authentication via a certificate is required, the 
> >> extension_data field of the "signature_algorithms" extension MUST 
> >> contain the values defined in Section 5, which correspond to the GOST 
> >> R 34.10-2012 signature algorithm.
> >> 
> >> * If server authentication via a certificate is required and the 
> >> client uses optional "signature_algorithms_cert" extension, the 
> >> extension_data field of this extension SHOULD contain the values 
> >> defined in Section 5, which correspond to the GOST R 34.10-2012 signature algorithm.
> >> 
> >> Current: 
> >> * If server authentication via a certificate is required, the 
> >> extension_data field of the "signature_algorithms" extension MUST 
> >> contain the values defined in Section 5 that correspond to the GOST R
> >> 34.10-2012 signature algorithm.
> >> 
> >> * If server authentication via a certificate is required and the 
> >> client uses optional "signature_algorithms_cert" extension, the 
> >> extension_data field of this extension SHOULD contain the values 
> >> defined in Section 5 that correspond to the GOST R 34.10-2012 
> >> signature algorithm. -->
> >> 
> >> 
> >> 11) <!-- [rfced] Some author comments are present in the XML. Please 
> >> confirm that no updates related to these comments are outstanding.
> >> Note that the comments will be deleted prior to publication. -->
> >> 
> >> 
> >> 12) <!-- [rfced] Table 6: Note that we have closed the breaks in the 
> >> Description to avoid having multiple underscores following 256.
> >> However, this makes the table extend beyond the margins.  May we remove the Reference column and add text that each row references this RFC?  For example:
> >> 
> >>  IANA has added the following values to the "TLS Cipher Suites"
> >>  registry with a reference to this RFC: 
> >> 
> >>  +=====+=========================================+=======+===========+
> >>  |Value|Description                              |DTLS-OK|Recommended|
> >>  +=====+=========================================+=======+===========+
> >>  |0xC1,|TLS_GOSTR341112_256_WITH_KUZNYECHIK_MGM_L|N      |N          |
> >>  |0x03 |                                         |       |           |
> >>  ... 
> >> 
> >> 
> >> In addiiton, IANA lists the values with no space, for example, 
> >> 0x00,0x00, while this document includes a space after the comma.  We 
> >> do not believe any updates are required, but please review.
> >> -->
> >> 
> >> 
> >> 13) <!-- [rfced] We suggest rephrasing this sentence for easy comprehension. 
> >> Does the following suggestion retain your intended meaning?  In 
> >> addition, please confirm that the reference to table 5 is correct.
> >> 
> >> Original: 
> >> Due to historical reasons in addition to the curve identifier values 
> >> listed in Table 5 there exist some additional identifier values that 
> >> correspond to the signature schemes as follows.
> >> 
> >> Perhaps: 
> >> In addition to the curve identifier values listed in Table 5, there 
> >> are some additional identifier values that correspond to the 
> >> signature schemes for historical reasons.  They are as follows: -->
> >> 
> >> 
> >> 14) <!-- [rfced] Appendixes A.1.1 and A.2.1 start with the following sentence.  
> >> We are having trouble parsing this text.  Please clarify. 
> >> 
> >> Original:
> >>  Test examples are given for the following order of using the 
> >> TLS13_GOST
> >>  profile:
> >> 
> >> Perhaps A:
> >>  Test examples are given in the following order to use the TLS13_GOST
> >>  profile:
> >> 
> >> Perhaps B:
> >>  The following test examples are provided for using the TLS13_GOST profile:
> >> 
> >> -->
> >> 
> >> 
> >> 15) <!-- [rfced] For clarity, may we update this text as follows? 
> >> 
> >> Original:
> >>  3.  The server side only authentication is used.
> >> 
> >> Perhaps:
> >>  3.  Authentication is only used on the server side.
> >> -->
> >> 
> >> 
> >> 16) <!-- [rfced] May we update instances of "legasy_session_id" to 
> >> use "legacy" or is the use of "legasy" intentional?
> >> -->
> >> 
> >> 
> >> 17) <!-- [rfced] For clarity, may we update the text as follows? 
> >> 
> >> Original:
> >>  3.  The server and client sides authentication is used.
> >> 
> >> Perhaps:
> >>  3.  Authentication is used on the server and client sides.
> >> -->
> >> 
> >> 
> >> 18) <!-- [rfced] Throughout the text, the following terminology 
> >> appears to be used inconsistently. Please review these occurrences 
> >> and let us know if/how they may be made consistent. We will update 
> >> the document to use the forms on the left if there are no objections.
> >> 
> >> signature scheme vs. SignatureScheme
> >> hash algorithm vs. Hash algorithm -->
> >> 
> >> 
> >> 19) <!-- [rfced] Please review the "Inclusive Language" portion of 
> >> the online Style Guide 
> >> <https://www.rfc-editor.org/styleguide/part2/#inclusive_language>
> >> and let us know if any changes are needed. Note that our script did 
> >> not flag any words in particular, but this should still be reviewed 
> >> as a best practice. -->
> >> 
> >> 
> >> Thank you.
> >> 
> >> RFC Editor
> >> 
> >> 
> >> 
> >> On Feb 6, 2023, at 8:48 PM, rfc-editor@rfc-editor.org wrote:
> >> 
> >> *****IMPORTANT*****
> >> 
> >> Updated 2023/02/06
> >> 
> >> RFC Author(s):
> >> --------------
> >> 
> >> Instructions for Completing AUTH48
> >> 
> >> Your document has now entered AUTH48.  Once it has been reviewed and 
> >> approved by you and all coauthors, it will be published as an RFC.
> >> If an author is no longer available, there are several remedies 
> >> available as listed in the FAQ (https://www.rfc-editor.org/faq/).
> >> 
> >> You and you coauthors are responsible for engaging other parties 
> >> (e.g., Contributors or Working Group) as necessary before providing 
> >> your approval.
> >> 
> >> Planning your review
> >> ---------------------
> >> 
> >> Please review the following aspects of your document:
> >> 
> >> *  RFC Editor questions
> >> 
> >>  Please review and resolve any questions raised by the RFC Editor 
> >> that have been included in the XML file as comments marked as
> >>  follows:
> >> 
> >>  <!-- [rfced] ... -->
> >> 
> >>  These questions will also be sent in a subsequent email.
> >> 
> >> *  Changes submitted by coauthors
> >> 
> >>  Please ensure that you review any changes submitted by your 
> >> coauthors.  We assume that if you do not speak up that you  agree to 
> >> changes submitted by your coauthors.
> >> 
> >> *  Content
> >> 
> >>  Please review the full content of the document, as this cannot 
> >> change once the RFC is published.  Please pay particular attention to:
> >>  - IANA considerations updates (if applicable)
> >>  - contact information
> >>  - references
> >> 
> >> *  Copyright notices and legends
> >> 
> >>  Please review the copyright notice and legends as defined in  RFC
> >> 5378 and the Trust Legal Provisions  (TLP – 
> >> https://trustee.ietf.org/license-info/).
> >> 
> >> *  Semantic markup
> >> 
> >>  Please review the markup in the XML file to ensure that elements of 
> >> content are correctly tagged.  For example, ensure that <sourcecode> 
> >> and <artwork> are set correctly.  See details at 
> >> <https://authors.ietf.org/rfcxml-vocabulary>.
> >> 
> >> *  Formatted output
> >> 
> >>  Please review the PDF, HTML, and TXT files to ensure that the 
> >> formatted output, as generated from the markup in the XML file, is 
> >> reasonable.  Please note that the TXT will have formatting 
> >> limitations compared to the PDF and HTML.
> >> 
> >> 
> >> Submitting changes
> >> ------------------
> >> 
> >> To submit changes, please reply to this email using ‘REPLY ALL’ as 
> >> all the parties CCed on this message need to see your changes. The 
> >> parties
> >> include:
> >> 
> >>  *  your coauthors
> >> 
> >>  *  rfc-editor@rfc-editor.org (the RPC team)
> >> 
> >>  *  other document participants, depending on the stream (e.g., 
> >>     IETF Stream participants are your working group chairs, the 
> >>     responsible ADs, and the document shepherd).
> >> 
> >>  *  auth48archive@rfc-editor.org, which is a new archival mailing list 
> >>     to preserve AUTH48 conversations; it is not an active discussion 
> >>     list:
> >> 
> >>    *  More info:
> >>       
> >> https://mailarchive.ietf.org/arch/msg/ietf-announce/yb6lpIGh-4Q9l2USx
> >> IAe6P8O4Zc
> >> 
> >>    *  The archive itself:
> >>       https://mailarchive.ietf.org/arch/browse/auth48archive/
> >> 
> >>    *  Note: If only absolutely necessary, you may temporarily opt out 
> >>       of the archiving of messages (e.g., to discuss a sensitive matter).
> >>       If needed, please add a note at the top of the message that you 
> >>       have dropped the address. When the discussion is concluded, 
> >>       auth48archive@rfc-editor.org will be re-added to the CC list and 
> >>       its addition will be noted at the top of the message. 
> >> 
> >> You may submit your changes in one of two ways:
> >> 
> >> An update to the provided XML file
> >> — OR —
> >> An explicit list of changes in this format
> >> 
> >> Section # (or indicate Global)
> >> 
> >> OLD:
> >> old text
> >> 
> >> NEW:
> >> new text
> >> 
> >> You do not need to reply with both an updated XML file and an 
> >> explicit list of changes, as either form is sufficient.
> >> 
> >> We will ask a stream manager to review and approve any changes that 
> >> seem beyond editorial in nature, e.g., addition of new text, deletion 
> >> of text, and technical changes.  Information about stream managers 
> >> can be found in the FAQ.  Editorial changes do not require approval from a stream manager.
> >> 
> >> 
> >> Approving for publication
> >> --------------------------
> >> 
> >> To approve your RFC for publication, please reply to this email 
> >> stating that you approve this RFC for publication.  Please use ‘REPLY 
> >> ALL’, as all the parties CCed on this message need to see your approval.
> >> 
> >> 
> >> Files
> >> -----
> >> 
> >> The files are available here:
> >>  https://www.rfc-editor.org/authors/rfc9367.xml
> >>  https://www.rfc-editor.org/authors/rfc9367.html
> >>  https://www.rfc-editor.org/authors/rfc9367.pdf
> >>  https://www.rfc-editor.org/authors/rfc9367.txt
> >> 
> >> Diff file of the text:
> >>  https://www.rfc-editor.org/authors/rfc9367-diff.html
> >>  https://www.rfc-editor.org/authors/rfc9367-rfcdiff.html (side by
> >> side)
> >> 
> >> Diff of the XML: 
> >>  https://www.rfc-editor.org/authors/rfc9367-xmldiff1.html
> >> 
> >> The following files are provided to facilitate creation of your own 
> >> diff files of the XML.
> >> 
> >> Initial XMLv3 created using XMLv2 as input:
> >>  https://www.rfc-editor.org/authors/rfc9367.original.v2v3.xml
> >> 
> >> XMLv3 file that is a best effort to capture v3-related format updates
> >> only: 
> >>  https://www.rfc-editor.org/authors/rfc9367.form.xml
> >> 
> >> 
> >> Tracking progress
> >> -----------------
> >> 
> >> The details of the AUTH48 status of your document are here:
> >>  https://www.rfc-editor.org/auth48/rfc9367
> >> 
> >> Please let us know if you have any questions.  
> >> 
> >> Thank you for your cooperation,
> >> 
> >> RFC Editor
> >> 
> >> --------------------------------------
> >> RFC9367 (draft-smyshlyaev-tls13-gost-suites-08)
> >> 
> >> Title            : GOST Cipher Suites for Transport Layer Security (TLS) Protocol Version 1.3
> >> Author(s)        : S. Smyshlyaev, Ed., E. Alekseev, E. Griboedova, A. Babueva, L. Nikiforova
> >> WG Chair(s)      : 
> >> Area Director(s) : 
> >> 
> >> 
> >> 
> >> <rfc9367.xml>
> > 
> 
>