Re: [Curdle] AD Review of draft-ietf-curdle-gss-keyex-sha2-05

Simo Sorce <ssorce@redhat.com> Wed, 30 May 2018 12:35 UTC

Return-Path: <ssorce@redhat.com>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CB88812DA4D for <curdle@ietfa.amsl.com>; Wed, 30 May 2018 05:35:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.901
X-Spam-Level:
X-Spam-Status: No, score=-6.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wB5fTRmuD8Y5 for <curdle@ietfa.amsl.com>; Wed, 30 May 2018 05:35:14 -0700 (PDT)
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CF4BA12DA21 for <curdle@ietf.org>; Wed, 30 May 2018 05:35:14 -0700 (PDT)
Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 319F5126F2F; Wed, 30 May 2018 12:35:14 +0000 (UTC)
Received: from ovpn-117-5.phx2.redhat.com (ovpn-117-5.phx2.redhat.com [10.3.117.5]) by smtp.corp.redhat.com (Postfix) with ESMTP id 7A8AB5C20C; Wed, 30 May 2018 12:35:13 +0000 (UTC)
Message-ID: <1527683712.25240.42.camel@redhat.com>
From: Simo Sorce <ssorce@redhat.com>
To: Hubert Kario <hkario@redhat.com>, Eric Rescorla <ekr@rtfm.com>
Cc: curdle <curdle@ietf.org>
Date: Wed, 30 May 2018 08:35:12 -0400
In-Reply-To: <34725207.E0R9U7BB6Z@pintsize.usersys.redhat.com>
References: <CABcZeBNCUSpGihHz6bPBSALS4-34Tm7W36BCZ_Ev8OQz3KtVag@mail.gmail.com> <1526923646.10011.43.camel@redhat.com> <CABcZeBO9fhkjcfqomnmyY8YJw93u9t7B=QC05aDGBwGgAOpd_w@mail.gmail.com> <34725207.E0R9U7BB6Z@pintsize.usersys.redhat.com>
Content-Type: text/plain; charset="UTF-8"
Mime-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.38]); Wed, 30 May 2018 12:35:14 +0000 (UTC)
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/5IyTlcaUsxlwEfQa9oRj3C4G1A4>
Subject: Re: [Curdle] AD Review of draft-ietf-curdle-gss-keyex-sha2-05
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 May 2018 12:35:17 -0000

On Wed, 2018-05-30 at 12:25 +0200, Hubert Kario wrote:
> On Tuesday, 29 May 2018 21:27:34 CEST Eric Rescorla wrote:
> > On Mon, May 21, 2018 at 10:27 AM, Simo Sorce <ssorce@redhat.com> wrote:
> > > On Fri, 2018-05-18 at 14:12 -0700, Eric Rescorla wrote:
> > > > These changes look fine, though they only address some of my comments.
> > > 
> > > Just for clarity, is the change to describe the whole DH exchange in
> > > one place what you see missing ? Is that a deal breaker ?
> > > Anything else ?
> > 
> > That and the repeated text that is the same for each group.
> 
> the fix for repeated text about groups is already merged to master, for ECDHE: 
> https://github.com/simo5/ietf/blob/eb03480d5c49e7340302e4974435f382ba26a911/
> draft-ietf-curdle-gss-keyex-sha2.xml#L537-L553
> and for FFDHE:
> https://github.com/simo5/ietf/blob/eb03480d5c49e7340302e4974435f382ba26a911/
> draft-ietf-curdle-gss-keyex-sha2.xml#L148-L164

Thanks Hubert.

Eric,
it be nice if you could give guidance on how you would like to see the
DH exchange explanation changed, assuming that's the only thing of
concern left for you, feel free to point out anything else as well.

If you prefer to have a new draft submitted, with the changes above, as
a baseline for further discussion, I can submit one.

Simo.