IETF Logo Mail Archive

Re: [Curdle] Review of draft-ietf-curdle-cms-ecdh-new-curves-02

Russ Housley <housley@vigilsec.com> Mon, 10 April 2017 15:16 UTC

Return-Path: <housley@vigilsec.com>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7024E1242F7 for <curdle@ietfa.amsl.com>; Mon, 10 Apr 2017 08:16:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fDdGkyTEL1U7 for <curdle@ietfa.amsl.com>; Mon, 10 Apr 2017 08:16:27 -0700 (PDT)
Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EC9FC129534 for <curdle@ietf.org>; Mon, 10 Apr 2017 08:16:16 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id 5174D3004E6 for <curdle@ietf.org>; Mon, 10 Apr 2017 11:16:16 -0400 (EDT)
X-Virus-Scanned: amavisd-new at mail.smeinc.net
Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id 0XIwhKfrlKMu for <curdle@ietf.org>; Mon, 10 Apr 2017 11:16:13 -0400 (EDT)
Received: from new-host-5.home (pool-108-45-101-150.washdc.fios.verizon.net [108.45.101.150]) by mail.smeinc.net (Postfix) with ESMTPSA id 5E3E63002D0; Mon, 10 Apr 2017 11:16:13 -0400 (EDT)
From: Russ Housley <housley@vigilsec.com>
Message-Id: <2D94CE32-695A-40D5-AA47-38A239A3425E@vigilsec.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_F5BB2AC9-D22A-40CD-A53C-F635497F81D6"
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
Date: Mon, 10 Apr 2017 11:16:12 -0400
In-Reply-To: <2DD56D786E600F45AC6BDE7DA4E8A8C118BC8A8E@eusaamb107.ericsson.se>
Cc: Jim Schaad <ietf@augustcellars.com>, curdle <curdle@ietf.org>
To: Daniel Migault <daniel.migault@ericsson.com>
References: <059001d2a8a0$da207680$8e616380$@augustcellars.com> <96562891-0B33-448B-9E07-92775A4B2A88@vigilsec.com> <05d701d2a8b6$d1895bc0$749c1340$@augustcellars.com> <CADZyTk=BsoThAkfVVuvVjL2-ObDON9yEHb=PLJ68AmFe_v8x3Q@mail.gmail.com> <78AB16BB-A362-4283-9A16-24278435BCC1@vigilsec.com> <2DD56D786E600F45AC6BDE7DA4E8A8C118BC8A8E@eusaamb107.ericsson.se>
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/5dyD9Ou0lYX6MoexVU8GViA3tBc>
Subject: Re: [Curdle] Review of draft-ietf-curdle-cms-ecdh-new-curves-02
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Apr 2017 15:16:29 -0000

I have had one person talk to me about implementation, but I do not know if they have started coding yet or not.

Russ


> On Apr 10, 2017, at 11:06 AM, Daniel Migault <daniel.migault@ericsson.com> wrote:
> 
> Thanks for the registries clarification. One more question, are you aware of any implementation of the drafts?
> Yours,
> Daniel
>  
> From: Russ Housley [mailto:housley@vigilsec.com <mailto:housley@vigilsec.com>] 
> Sent: Monday, April 10, 2017 11:03 AM
> To: Daniel Migault <daniel.migault@ericsson.com <mailto:daniel.migault@ericsson.com>>
> Cc: Jim Schaad <ietf@augustcellars.com <mailto:ietf@augustcellars.com>>; curdle <curdle@ietf.org <mailto:curdle@ietf.org>>
> Subject: Re: [Curdle] Review of draft-ietf-curdle-cms-ecdh-new-curves-02
>  
> Daniel:
>  
> Thanks for the review.
>  
> 1) nits tool
> the nits tools returns the following additional error:
> 
> == The "Author's Address" (or "Authors' Addresses") section title is
>      misspelled.
>  
> Fixed.
> 
> 
> 2) section 2.1 defining KEK
>  
> OLD:
> To generate a key-encryption key, generates one or more KM blocks,
> 
> NEW:
> To generate a key-encryption key (KEK), KDF generates one or more KM blocks,
>  
> Okay.  I made that change.
>  
> 3) section 2.2 defining HKDF
>  
> OLD:
> The HKDF key derivation function is a robust construct based on a one-way hash function described in RFC 5869 [HKDF].
> 
> NEW:
> The HMAC-based Extract-and-Expand Key Derivation Function (HKDF) is a robust construct based on a one-way hash function described in RFC 5869 [HKDF].
>  
> Okay.  I made that change.
> 
> 
> 4) IANA section: 
>  
> * Wouldn't it be appropriated to mention RFC7107 section 3.3 and section 3.6 for each allocation.
>  
> RFC 7107 created the registries.  I do not see any reason to point to that document for the assignment in the registries.
> 
> 
> * I have been recommended to ask to add the IANA link hosting the registries as an informational reference. In that case, that would be the following one: http://www.iana.org/assignments/smi-numbers/smi-numbers.xhtml#security-smime-3 <http://www.iana.org/assignments/smi-numbers/smi-numbers.xhtml#security-smime-3>
>  
> Okay.  I handed a reference for the module arc and a reference for the algorithm arc.
> 
> 
> * The presentation in the IANA section differs from  the one of RFC7107 which uses a table with Decimal , Description, Reference rather than using the OID presentation.
>  
> I used the decimal presentation because that is used in the header of the registry by IANA.
> 
> 
> * I am wondering whether the current draft does not update RFC7107, in which case it should be mentioned in the header, abstract and introduction. What do you think ?
>  
> No.  RFC 7107 established the registry.  It does not need to be updated for every assignment that takes place in those registries.
>  
> Russ

v2.23.0 | Report a Bug | By Email