Re: [Curdle] Review of draft-kaduk-kitten-des-des-des-die-die-die-01
Benjamin Kaduk <kaduk@mit.edu> Fri, 26 May 2017 04:49 UTC
Return-Path: <kaduk@mit.edu>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 96E8D126B71 for <curdle@ietfa.amsl.com>; Thu, 25 May 2017 21:49:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.222
X-Spam-Level:
X-Spam-Status: No, score=-4.222 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pZjAOAsLPSmM for <curdle@ietfa.amsl.com>; Thu, 25 May 2017 21:49:15 -0700 (PDT)
Received: from dmz-mailsec-scanner-3.mit.edu (dmz-mailsec-scanner-3.mit.edu [18.9.25.14]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BB4E4126D74 for <curdle@ietf.org>; Thu, 25 May 2017 21:49:14 -0700 (PDT)
X-AuditID: 1209190e-51bff700000074e2-9e-5927b3c9d1a3
Received: from mailhub-auth-4.mit.edu ( [18.7.62.39]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-3.mit.edu (Symantec Messaging Gateway) with SMTP id 57.34.29922.9C3B7295; Fri, 26 May 2017 00:49:13 -0400 (EDT)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by mailhub-auth-4.mit.edu (8.13.8/8.9.2) with ESMTP id v4Q4nC2v030543; Fri, 26 May 2017 00:49:12 -0400
Received: from kduck.kaduk.org (24-107-191-124.dhcp.stls.mo.charter.com [24.107.191.124]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id v4Q4n8xS022979 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Fri, 26 May 2017 00:49:11 -0400
Date: Thu, 25 May 2017 23:49:08 -0500
From: Benjamin Kaduk <kaduk@mit.edu>
To: Greg Hudson <ghudson@mit.edu>
Cc: curdle@ietf.org
Message-ID: <20170526044907.GC39245@kduck.kaduk.org>
References: <x7dzieb1ntw.fsf@equal-rites.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <x7dzieb1ntw.fsf@equal-rites.mit.edu>
User-Agent: Mutt/1.7.1 (2016-10-04)
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFrrPIsWRmVeSWpSXmKPExsUixG6nrntys3qkQfMKDYutC2cxOzB6LFny kymAMYrLJiU1J7MstUjfLoEr4+yPl6wF3cIVe4/fZ29gnMPfxcjBISFgIrF4PVcXIxeHkMBi JokzvXtYIZyNjBJz9x5gg3CuMkm8aDjD1MXIycEioCoxcd0RNhCbTUBFoqH7MjOILSKgKPFs 1VwWEJtZQFji3+dWsHphAV+Jbe9us4PYvEDbdn3ewAiyWUjAUOLDCRGIsKDEyZlPoFq1JG78 e8kEUsIsIC2x/B8HSJhTwEji2KFzrCC2qICyxN/D91gmMArMQtI9C0n3LITuBYzMqxhlU3Kr dHMTM3OKU5N1i5MT8/JSi3SN9XIzS/RSU0o3MYLCkVOSbwfjpAbvQ4wCHIxKPLwb7qlFCrEm lhVX5h5ilORgUhLlnb5OPVKILyk/pTIjsTgjvqg0J7X4EKMEB7OSCO/OlUA53pTEyqrUonyY lDQHi5I4r7hGY4SQQHpiSWp2ampBahFMVoaDQ0mCd+cmoEbBotT01Iq0zJwShDQTByfIcB6g 4ftBaniLCxJzizPTIfKnGBWlxHnfbARKCIAkMkrz4HpB6UIie3/NK0ZxoFeEeQ+AtPMAUw1c 9yugwUxAg13vKoMMLklESEk1ME4JidD0zOkteiJ7eRVb83XFftlbj830ND7arfbgCWXbdyNS 7jvrPYl7+3dP6q0xjXqxQ3Fex5ss1p8B7mzCfXM26TWekykzbtZ+2zxDyUqqh3mJQPAG97iV vIpvn16/FuwsNPtZrdwkxzuuRqr7vggsfJO8sqVLkuurpkxM3U57+7rfy52uK7EUZyQaajEX FScCANleBNryAgAA
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/LOlWzCOu_JJes8izeYo1PwH-m_o>
Subject: Re: [Curdle] Review of draft-kaduk-kitten-des-des-des-die-die-die-01
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 26 May 2017 04:49:19 -0000
On Wed, May 17, 2017 at 11:54:03AM -0400, Greg Hudson wrote: > I have reviewed this draft and have no blocking objections. Some > non-blocking, editorial notes: > > Interoperability concerns are listed last for RC4, but second out of > three subsections for DES3. To some extent the section structure for the two ciphers are completely different, but I do see some argument for putting interop concerns last in both cases; I'll make that change. > Section 5.2, "Modern encryption types such as [...] use" should have a > comma before "such as" and before "use". I think this is technically a stylistic matter, but my normal tendency is to overuse commas (so that I have to consciously correct for it); I'm happy to put them back. > Section 5.2, "It is also best practice when [...], to" should have a > comma before "when". Also, "it is also best practice" doesn't seem > right. Sure, these commas need to come in pairs. Is dropping to just "it is best practice" enough of an improvement to make you happy? (There's not really a preceeding instance that would make the "also" useful.) > Section 5.3, "Because [...], this means that these application servers > also possess" should omit "this means that". I would also remove the > parenthetical for that sentence. Done. > Section 5.4, "cross-realm situations" should perhaps be "cross-realm > deployments". Sure. > Section 6, in "ample justification for deprecating their use", "their" > appears to refer back to "The flaws", which doesn't seem quite right. I think "their" was trying to be representing the plural "triple-DES based encryption types". That's rather clunky, so I'll just go for "deprecating its use", which I think is sufficiently unambiguous. > Section 6, "blocksize" should be "block size". Yup. > Section 6.1, "[nfold] is known not to provide effective mixing of the > input bits" is not backed up by a reference. (I don't know of a > reference.) I don't know of a reference, either. I don't really want to drop down to a weaker statement like "not expected to provide effective mixing", as I have a vague memory of someone telling me that (e.g.) it was hard to get things with the high bit set when an ASCII password is used. If the lack of reference becomes problematic for IETF/IESG review we can certainly revisit the question (and try to get something closer to primary data). -Ben
- [Curdle] Review of draft-kaduk-kitten-des-des-des… Greg Hudson
- Re: [Curdle] Review of draft-kaduk-kitten-des-des… Benjamin Kaduk
- Re: [Curdle] Review of draft-kaduk-kitten-des-des… Greg Hudson
- Re: [Curdle] Review of draft-kaduk-kitten-des-des… Benjamin Kaduk
- Re: [Curdle] Review of draft-kaduk-kitten-des-des… Benjamin Kaduk
- Re: [Curdle] Review of draft-kaduk-kitten-des-des… Greg Hudson