[Curdle] Warren Kumari's No Objection on draft-ietf-curdle-des-des-des-die-die-die-04: (with COMMENT)
Warren Kumari <warren@kumari.net> Mon, 11 September 2017 19:45 UTC
Return-Path: <warren@kumari.net>
X-Original-To: curdle@ietf.org
Delivered-To: curdle@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id E196F132339; Mon, 11 Sep 2017 12:45:05 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Warren Kumari <warren@kumari.net>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-curdle-des-des-des-die-die-die@ietf.org, Daniel Migault <daniel.migault@ericsson.com>, curdle-chairs@ietf.org, daniel.migault@ericsson.com, curdle@ietf.org, joelja@bogus.com
X-Test-IDTracker: no
X-IETF-IDTracker: 6.60.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <150515910592.9770.2709380152256609564.idtracker@ietfa.amsl.com>
Date: Mon, 11 Sep 2017 12:45:05 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/Ic3mfHUxKEVhdwCRiZsdMzR4CDI>
Subject: [Curdle] Warren Kumari's No Objection on draft-ietf-curdle-des-des-des-die-die-die-04: (with COMMENT)
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.22
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Sep 2017 19:45:06 -0000
Warren Kumari has entered the following ballot position for draft-ietf-curdle-des-des-des-die-die-die-04: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-curdle-des-des-des-die-die-die/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Thanks to Joel for his OpsDir review. I have a few comments / readability suggestions: 1: Section 5.1. Statistical Biases "These attacks seem to rely on repeated encryptions of thousands of copies of the same plaintext; " -- for a document which deprecates rc4-hmac the "seem to rely on" feels very weak. I'd suggest s/seem// or "At least some of these attacks rely on..." or similar. 2: Section 6. 3DES Weakness "Additionally, the 3DES encryption types were never implemented in all Kerberos implementations..." s/never/not/ 3: Section 6.3. Interoperability "The triple-DES encryption types were implemented by MIT Kerberos early in its development (ca. 1999) and present in the 1.2 release, but encryption types 17 and 18 (AES) were implemented by 2003 and present in the 1.3 release." I'm a bit confused by the "but" - should this be "and"? Otherwise it sounds like it it trying to contrast something.
- [Curdle] Warren Kumari's No Objection on draft-ie… Warren Kumari
- Re: [Curdle] Warren Kumari's No Objection on draf… Benjamin Kaduk