IETF Logo Mail Archive

Re: [Curdle] Genart last call review of draft-ietf-curdle-ssh-curves-09

Christer Holmberg <christer.holmberg@ericsson.com> Mon, 26 August 2019 18:34 UTC

Return-Path: <christer.holmberg@ericsson.com>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 48D5B120C4C; Mon, 26 Aug 2019 11:34:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DMnbaQuJUldO; Mon, 26 Aug 2019 11:34:12 -0700 (PDT)
Received: from EUR02-AM5-obe.outbound.protection.outlook.com (mail-eopbgr00072.outbound.protection.outlook.com [40.107.0.72]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A603E120C4A; Mon, 26 Aug 2019 11:34:09 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Fa5jrsVlJHbhy5jqAoKsfr/qYURyWgPCojjoo2Rnef5CqHGdZVV2BmyVEk4ZZNmnJBEIBb0FwDuFK8A4hKKNrkuENvGnjHyIG2mATPuICIdhThs2oeqHb28bfVoXf9br/DlRo8be1rmRG8JHXugHxaTg5pbMHZjRyS1ya3PVpTH2Vdmg5J1hGmvc9v845T43r/pfPezpbOQi676rkWjKVrITPtYIGxsQZZbQp8mb7cz8vvS/hlSJW43dLg/x8P8DlSK3fXNOc6uC2DjVogGwuJrHtQunAE1Si5xTejWTIYL7acwiqvxWjVqU5PAwFQf11DOsHzxTHXAzAzPF9Mplyw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=iK4UnNFCta9/kn2yb0gLwFTZAJl4WxEvdR/JQ4Mck18=; b=JD+VVSOlGUhiJvn3tV2dy7uGM5CQ+6mdpV1dsTdTXNoJfQk43GYrK7pZ5dL2CCa5HcY42uoAZLsbH/19rrCiGCsqL/bpZKDf1V83DwYANcjFmhYCt0BFH2QLiuMXXD+cHb6RMv/QPwWRUhJnHVTZrQjb10+Yg9Ju9DLJ1OjLKZEbLIeO9FM2Z9+2IxaV/ZoL+nl/+5Bt5ccJnWhiX+Oyyf7TU10LYgIQt4Slu/eiRplDUUaRb1fWP5E72zrSnmvBbsixeXkvWfOMGvHHWvVqTreDJPVTE1wsnoSX7iWECAXhSctfLdtCCGdscSetO/4YlqAJhRuE/+bBECIKbs2DNQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=iK4UnNFCta9/kn2yb0gLwFTZAJl4WxEvdR/JQ4Mck18=; b=jS4Zq9qDzEI5g0bWqRu/2hCuB/MG366HcAInbLQ7KXVd0N2sALfPqhuSE+YPrUjURZx/fhNboS7h/wdFJRwk+AmkOY01PP1ZK7aDCxrivf/9PDrmIq4HxyHgDJciAjZCDA4zxcYysngbAUoLAT8dMYK8mZwL6ktyQ9Slni9yecw=
Received: from HE1PR07MB3161.eurprd07.prod.outlook.com (10.170.245.23) by HE1PR07MB4313.eurprd07.prod.outlook.com (20.176.167.10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2199.11; Mon, 26 Aug 2019 18:34:07 +0000
Received: from HE1PR07MB3161.eurprd07.prod.outlook.com ([fe80::f0a1:2199:7816:ff8d]) by HE1PR07MB3161.eurprd07.prod.outlook.com ([fe80::f0a1:2199:7816:ff8d%6]) with mapi id 15.20.2220.013; Mon, 26 Aug 2019 18:34:07 +0000
From: Christer Holmberg <christer.holmberg@ericsson.com>
To: "Mark D. Baushke" <mdb@juniper.net>
CC: "gen-art@ietf.org" <gen-art@ietf.org>, "curdle@ietf.org" <curdle@ietf.org>, "ietf@ietf.org" <ietf@ietf.org>, "draft-ietf-curdle-ssh-curves.all@ietf.org" <draft-ietf-curdle-ssh-curves.all@ietf.org>
Thread-Topic: Genart last call review of draft-ietf-curdle-ssh-curves-09
Thread-Index: AQHVXCtcvr2YSg9UakaoGGnxJPuFPKcNqHWsgAAV3ACAAADEbQ==
Date: Mon, 26 Aug 2019 18:34:06 +0000
Message-ID: <HE1PR07MB3161966302E5C1AB1901874E93A10@HE1PR07MB3161.eurprd07.prod.outlook.com>
References: <156647523885.14827.16394888562228822662@ietfa.amsl.com>, <19556.1566836922@contrail-ubm16-mdb.svec1.juniper.net> <VI1PR07MB31676329164CD78688C193E393A10@VI1PR07MB3167.eurprd07.prod.outlook.com>, <22345.1566843796@contrail-ubm16-mdb.svec1.juniper.net>
In-Reply-To: <22345.1566843796@contrail-ubm16-mdb.svec1.juniper.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=christer.holmberg@ericsson.com;
x-originating-ip: [79.134.118.162]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: ecf40a91-f03d-4715-47e9-08d72a53fa99
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(5600166)(711020)(4605104)(1401327)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(7193020); SRVR:HE1PR07MB4313;
x-ms-traffictypediagnostic: HE1PR07MB4313:
x-microsoft-antispam-prvs: <HE1PR07MB431397B13A3726152176E52993A10@HE1PR07MB4313.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 01415BB535
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(136003)(366004)(376002)(39860400002)(346002)(396003)(189003)(199004)(476003)(14454004)(478600001)(66556008)(66066001)(76116006)(66946007)(66446008)(64756008)(54906003)(66476007)(44832011)(33656002)(19627405001)(99286004)(1941001)(71190400001)(71200400001)(316002)(486006)(229853002)(6506007)(7736002)(86362001)(6246003)(6436002)(8936002)(4326008)(105004)(81166006)(81156014)(8676002)(74316002)(5660300002)(25786009)(446003)(6916009)(186003)(26005)(2906002)(102836004)(6116002)(3846002)(11346002)(53936002)(7696005)(9686003)(54896002)(14444005)(52536014)(55016002)(76176011)(256004); DIR:OUT; SFP:1101; SCL:1; SRVR:HE1PR07MB4313; H:HE1PR07MB3161.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: C4iAqUKd9jVybrDaXrc2LYYSq6fvpmVKYxD9TwKkAog2BUoA0Rd5qQQAal/1pcf6Vbv2gAgIskacPq67ECmL+9Fsd7m/c9ji5IAoHDjdibORuxZcA9+cP2eY+y0BrBDgu4KS9Hq/bRgFVbXtFUXVco3u6ocSGoAxdvi2BkadKYPvhvH3h54Rx4ftVsF8DTcjLCxWPLGCUk6cSkupqTWEflDqFNGKhgUeV04aKdbNzRLRe5VNMQIvnzuUjZKkOLoZdEzlld0413bgQv5oKlEaWJq29NbgD18d2+TlFo9yId/TnhTCZ1a+0TTMOP9rcFapRSkIpIR2YmPJyxwZI8wWn79lalHdUsp2SFLUcJ204ytAx5wA6MpyFcsBrrBUAH8VzNaFKPrvevkFx4yRB3UlhC43LzOGKdo4Uq0fYEtbAp4=
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_HE1PR07MB3161966302E5C1AB1901874E93A10HE1PR07MB3161eurp_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-Network-Message-Id: ecf40a91-f03d-4715-47e9-08d72a53fa99
X-MS-Exchange-CrossTenant-originalarrivaltime: 26 Aug 2019 18:34:06.9257 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 0n8qGH+X96peq28NfjZ2H1KL762YKnEwVIPIx/4TSj91KWsgPz8dXx9uM2D3RO11L91ThuO33D/m0F9CvYuPjg284LsQVpFoTuqLlkHtDog=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR07MB4313
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/zRu2FAyqznyPOubXq6inpDu9n6Q>
Subject: Re: [Curdle] Genart last call review of draft-ietf-curdle-ssh-curves-09
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Aug 2019 18:34:18 -0000

Hi Mark,

Section 1:
-----------

>> Q1_1:
>>
...elided...
>>> RFC5656 covers three specific constructions:
>>>
>>>   a) Elliptic Curve Diffie-Hellman (ECDH),>
>>>   b) Elliptic Curve Menezes-Qu-Vanstone (ECMQV) key agreement, and
>>>   c) Elliptic Curve Digital Signature Algorithm (ECDSA).
>>>
>>> This draft does not cover the use of a digital signature algoirthm
>>> or apply the Curve25519 or Curve448 constructions to the use of
>>> ECMQV and focuses entirely on ECDH key exchange extensions for a
>>> different construction of elliptic curves.
>>
>> Would it be good to indicate that in a note?
>
> Possibly. I could add this as the final sentence to the first paragraph
> of the introduction:
>
>        Other parts of <xref target="RFC5656"/>, such as Elliptic Curve
>        Menezes-Qu-Vanstone (ECMQV) key agreement, and Elliptic Curve
>       Digital Signature Algorithm (ECDSA) are not considered in this
>        document.

Looks good.

...elided...

>>> It seems a bit detailed to me for an introduction. Let me know if
>>> you have any suggestions on a revision.
>>
>> I think the text looks good, and it is for sure a good clarification
>> for a non-security person like myself :)
>
> Okay, I will keep at as revised with the only other question being the
> addition of the sentence noted previously.

Ok.

...elided...

>> Personally I would use "describe", but my main issue is being
>> consistent - no matter what word is used :)
>
> I will retain the 'This document defines...' text.
>
> I believe that there is a difference between defines and describes. The
> former is normative text and the latter is more informative.

Sure, and if you think there are situations where you want to use both, that's fine. But, often people just use the word that comes to their mind when writing (or adding text written by someone else), and that causes the inconsistence in terminology.

---

Q1_5:

>>>> The text says:
>>>>
>>>>
>>>>    “This document provide Curve25519 as the preferred choice, but
>>>>     suggests that the fall back option Curve448 is implemented to provide
>>>>     an hedge against unforeseen analytical advances against Curve25519
>>>>     and SHA-256.”
>>>>
>>>> - Is the only reason why one should implement Curve448 that something
>>>>    MAY happen to Curve25519 in the future?
>>>
>>>No, the Curve448 also has a stronger cryptographic security strength. If
>>>it becomes a requirement to use a minimum of 128 bits of security
>>>strength, then Curve25519 may be rejected by some and thus the need to
>>> provide for something stronger.
>>
>> Wouldn't it be enough to say that, instead of talking about unforeseen
>> analytical advances etc? I noted that the sec-dir reviewer had some
>> comments on that too.
>>
>> Please see below for suggested modified text.
>>
>>> Let me know if you which to have me remove the entire paragraph or not.
>>
>> I think you could keep the paragraph, but instead say something like:
>>
>>           “This document provide Curve25519 as the preferred choice, but
>>            suggests that the Curve448 is implemented in order to provide
>>            128 bits of security strength, should that become a requirement.
>>
>>            At the time of writing this specification high-quality free
>>            implementations of Curve25519 had been in deployed use for
>>            several years, while Curve448 implementations were slowly
>>            appearing, so it was accepted that adoption of Curve448
>>            would be slower."
>>
>>> Should I upload my updated draft-ietf-curdle-ssh-curves-10.xml or
>>> do you have additional suggestions?
>
> I have adopted your two paragraphs to replace the one paragraph that was
> previously present.
>
>> I haven't seen the update draft yet, but if you are ok with my
>> suggestions you can go ahead to upload. If you are not ok with my
>> suggestions, then let me know :)
>
> Only one questions remains as the last sentence of the first paragarph
> of the introduction.

The text you suggested looks good.

So, as far as I'm concerned, go ahead and make the change and submit the -10 version 🙂

Regards,

Christer

v2.23.0 | Report a Bug | By Email