[Curdle] comments on draft-ietf-curdle-gss-keyex-sha2-03
Daniel Migault <daniel.migault@ericsson.com> Wed, 20 December 2017 00:16 UTC
Return-Path: <mglt.ietf@gmail.com>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 16E8912D953 for <curdle@ietfa.amsl.com>; Tue, 19 Dec 2017 16:16:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.25, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.25, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lsu5QlR6-DWw for <curdle@ietfa.amsl.com>; Tue, 19 Dec 2017 16:16:38 -0800 (PST)
Received: from mail-lf0-x22f.google.com (mail-lf0-x22f.google.com [IPv6:2a00:1450:4010:c07::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C6B62126B7F for <curdle@ietf.org>; Tue, 19 Dec 2017 16:16:37 -0800 (PST)
Received: by mail-lf0-x22f.google.com with SMTP id y78so16431370lfd.1 for <curdle@ietf.org>; Tue, 19 Dec 2017 16:16:37 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:from:date:message-id:subject:to; bh=n5Far1u9ebN+Q3GShi2vqDfqBsRk1KKSFwpkcEvhjis=; b=n35Nxf6Vu82VKqrT0kb/vB2kxi/q8f3GUxxYxIBaiUtANQeeSXfQ9s9Uyh2KfGA9H3 hxXvttGEFWCVlylHCKTQeZXZhaM+ilz7WlAd2h7WJ0jI1xyNSZJQFFWCYX+Bp9t9UqHo iRG5of2Lg8uxFoRLAtTIg3Ud3A8F5SYy034vc4EIBcD+TtaJ9jcHTrGZ0U1VurkCLKTY wyyjlqQemH4cktVYHwXKol9JxrbqeydBOAchSV3sB+yiSajLbVe3lYlvgwtLH8KkP/Tu YMQBeCEg7nhbtqsGt3Lno7Mtgoh2fAiNYOAZR0m3R8dUHxqUbkdmbSR1BNWp3WD+mY5l gcPQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:from:date:message-id:subject :to; bh=n5Far1u9ebN+Q3GShi2vqDfqBsRk1KKSFwpkcEvhjis=; b=DLcaI8H9nxCYx4M5xYQC+7bKGZiKtxH+ISaXmGvHdTW2200datBjSpwOzZH28/kmwa ED4mWw1mAxeg8dhOL402BoqGIJ5fM7xmwv2r3X8EyxEu0xd3SwGLaLTjDpyNc+I5qsUc 6cATjWSrpNN7UMyilA4Er2OkGR95m7ZiMNCN/G3SB3O5g43fiE8+LB++IVg5nUU47lOi qaLR9gQ0cNXPtZiwyNqBabAHE3HVSf/nbqfNkbX/MQua0kBTesG9ccQaD6uo7oTOoK4H L+yfa3izXGKQmy1d0NylL5lgF1+Hn2oB3uBf/tZwxacuQAYIHX2w20y0iy/NFbVbFcNs iquQ==
X-Gm-Message-State: AKGB3mKk5gIQZ/a6pFkXD7xZ8FUb21DMOsul/UPDUQtNL3+f4F/2fy3u 24zz3kq1cX6Y7mDedhOTWiPVaRFQ2+W45skwh7ktPA==
X-Google-Smtp-Source: ACJfBouhNqS7JT2xyPNY+l7CBuBbHqRNBsQd8Lq9WumyxNtPGmYxXNIekL4UU/cMk7ZMeaFEwLoVGJU6ncedPbbq+F0=
X-Received: by 10.25.80.93 with SMTP id z29mr1916008lfj.9.1513728995825; Tue, 19 Dec 2017 16:16:35 -0800 (PST)
MIME-Version: 1.0
Sender: mglt.ietf@gmail.com
Received: by 10.46.80.17 with HTTP; Tue, 19 Dec 2017 16:16:35 -0800 (PST)
From: Daniel Migault <daniel.migault@ericsson.com>
Date: Tue, 19 Dec 2017 19:16:35 -0500
X-Google-Sender-Auth: D9JnB8gAj_D4KKLYtovHT8NRUnk
Message-ID: <CADZyTkkB_QjzM=Cc_FOhugJfbRva39RZVKn5dzm7nOkZYxy-5w@mail.gmail.com>
To: curdle <curdle@ietf.org>
Content-Type: multipart/alternative; boundary="94eb2c1cd624151bbf0560ba7f4d"
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/NKckfz2tLf_Op0EJGQXJphDmga0>
Subject: [Curdle] comments on draft-ietf-curdle-gss-keyex-sha2-03
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Dec 2017 00:16:41 -0000
Hi, Please find my review for draft-ietf-curdle-gss-keyex-sha2-03 [1]. The corresponding shepherd write-up can be found here[2]. Feel free to comment as well. [1] https://tools.ietf.org/html/draft-ietf-curdle-gss-keyex-sha2-03 [2] https://datatracker.ietf.org/doc/draft-ietf-curdle-gss-keyex-sha2/shepherdwriteup/ section 4, 5.2 I believe that "RECOMMENDED" and "OPTIONAL" can be removed and are redundant with SHOULD / MAY. References: [FIPS-180-4] is referenced, but not mentioned in the text. 'NIST-SP-800-131Ar1' should be moved as informative references in my opinion. The reference is provided to justify the rational, not to describe the protocol. ISO-IEC-8825-1 is a reference for ASN1. It seems to me that informational is the right place. [I-D.ietf-curdle-ssh-modp-dh-sha2] is now an RFC, I believe it should be an informational document rather than a normative document as it is only cited as an example to move from SHA1 to sha2. RFC6194] Polk, T., Chen, L., Turner, S., and P. Hoffman, "Security Considerations for the SHA-0 and SHA-1 Message-Digest Algorithms" should be in my opinion an informational reference. It would be good to add a link to the IANA in the IANA section registry and have it as an informational reference. The draft mentions the SSH algorithm registry, but I am not sure that is the correct registry. instead, the Key Exchange Method Names registry might be more appropriated. here is the output of the nits: idnits 2.15.00 tmp/draft-ietf-curdle-gss-keyex-sha2-03.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The abstract seems to contain references ([RFC4462]), which it shouldn't. Please replace those with straight textual mentions of the documents in question. -- The draft header indicates that this document updates RFC4462, but the abstract doesn't seem to directly say this. It does mention RFC4462 though, so this could be OK. Miscellaneous warnings: ---------------------------------------------------------------------------- == Line 412 has weird spacing: '... string out...' == Line 418 has weird spacing: '... string ser...' == Line 430 has weird spacing: '... string out...' == Line 443 has weird spacing: '... string out...' == Line 457 has weird spacing: '... string mic...' == (2 more instances...) (Using the creation date from RFC4462, updated by this document, for RFC5378 checks: 2005-08-23) -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (December 12, 2017) is 7 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Unused Reference: 'FIPS-180-4' is defined on line 637, but no explicit reference was found in the text -- Possible downref: Non-RFC (?) normative reference: ref. 'ANSI-X9-62-2005' -- Possible downref: Non-RFC (?) normative reference: ref. 'FIPS-180-4' == Outdated reference: A later version (-06) exists of draft-ietf-curdle-ssh-curves-04 == Outdated reference: draft-ietf-curdle-ssh-modp-dh-sha2 has been published as RFC 8268 -- Possible downref: Non-RFC (?) normative reference: ref. 'ISO-IEC-8825-1' -- Possible downref: Non-RFC (?) normative reference: ref. 'NIST-SP-800-131Ar1' ** Downref: Normative reference to an Informational RFC: RFC 1321 ** Downref: Normative reference to an Informational RFC: RFC 6194 ** Downref: Normative reference to an Informational RFC: RFC 7546 ** Downref: Normative reference to an Informational RFC: RFC 7748 -- Possible downref: Non-RFC (?) normative reference: ref. 'SEC2v2' Summary: 5 errors (**), 0 flaws (~~), 9 warnings (==), 8 comments (--). Run idnits with the --verbose option for more detailed information about the items above.
- [Curdle] comments on draft-ietf-curdle-gss-keyex-… Daniel Migault
- Re: [Curdle] comments on draft-ietf-curdle-gss-ke… Simo Sorce