[Curdle] Roman Danyliw's No Objection on draft-ietf-curdle-ssh-curves-11: (with COMMENT)

Roman Danyliw via Datatracker <noreply@ietf.org> Wed, 04 September 2019 18:01 UTC

Return-Path: <noreply@ietf.org>
X-Original-To: curdle@ietf.org
Delivered-To: curdle@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 45DE812090D; Wed, 4 Sep 2019 11:01:00 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: Roman Danyliw via Datatracker <noreply@ietf.org>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-curdle-ssh-curves@ietf.org, Daniel Migault <daniel.migault@ericsson.com>, curdle-chairs@ietf.org, daniel.migault@ericsson.com, curdle@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.100.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Roman Danyliw <rdd@cert.org>
Message-ID: <156762006020.22702.1038136592868419822.idtracker@ietfa.amsl.com>
Date: Wed, 04 Sep 2019 11:01:00 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/Q3z9Th1KCuyopsYVQ0BepRE6eY8>
Subject: [Curdle] Roman Danyliw's No Objection on draft-ietf-curdle-ssh-curves-11: (with COMMENT)
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.29
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Sep 2019 18:01:01 -0000

Roman Danyliw has entered the following ballot position for
draft-ietf-curdle-ssh-curves-11: No Objection

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-curdle-ssh-curves/



----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

(1) Section 1.  Please provide informative reference to libssh and OpenSSH.

(2) Section 5. Per the second paragraph of this section, I would recommend
being clearer on the differences and similarities of both algorithms so
implementers understand the tradeoffs.  Specifically:

-- Curve25519 is “strong” (Section 1 says ~128 bits) and Curve448 “hasn’t
received the same cryptographic review” – these seem like unequal statements.

-- Curve 25519 makes the claims of being “efficient on a wide range of
architecture” and “better implementations properties compared to traditional
elliptical curves”.  Curve448 “is similar … and is slower”.  So is it
inefficient across architectures? Worst implementation properties?  Can
anything be said to qualify “slower”?

-- I recommend moving the guidance on what is recommend and why to be in this
section so the rational is in one place (rather than also being in Section 1,
“This document provide Curve25519 as the preferred choice, …”)

(3) Appendix A: As other ballots have noted, is this section needed?

(4) Editorial Nits:
-- Section 3.  s/chapter 4/section 4/g

-- Section 3.1.  The text “… passed to the ECDH code in SSH that …” reads like
a given implementation is being discussed.  Perhaps “passed to the ECDH
function” (or ECDH algorithm).

-- Section 1.  Per “The Curve448 key exchange method is similar but uses
SHA-512 [RFC6234] to further separate it from the Curve25519 alternative.”, I
recommend dropping the ending clause of “to further separate it from the
Curve22519 alternative”.  The subsequent text (in the Security Considerations)
appear to already cover that it is an alternative.