[Curdle] Roman Danyliw's No Objection on draft-ietf-curdle-ssh-curves-11: (with COMMENT)
Roman Danyliw via Datatracker <noreply@ietf.org> Wed, 04 September 2019 18:01 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: curdle@ietf.org
Delivered-To: curdle@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 45DE812090D; Wed, 4 Sep 2019 11:01:00 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: Roman Danyliw via Datatracker <noreply@ietf.org>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-curdle-ssh-curves@ietf.org, Daniel Migault <daniel.migault@ericsson.com>, curdle-chairs@ietf.org, daniel.migault@ericsson.com, curdle@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.100.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Roman Danyliw <rdd@cert.org>
Message-ID: <156762006020.22702.1038136592868419822.idtracker@ietfa.amsl.com>
Date: Wed, 04 Sep 2019 11:01:00 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/Q3z9Th1KCuyopsYVQ0BepRE6eY8>
Subject: [Curdle] Roman Danyliw's No Objection on draft-ietf-curdle-ssh-curves-11: (with COMMENT)
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.29
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Sep 2019 18:01:01 -0000
Roman Danyliw has entered the following ballot position for draft-ietf-curdle-ssh-curves-11: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-curdle-ssh-curves/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- (1) Section 1. Please provide informative reference to libssh and OpenSSH. (2) Section 5. Per the second paragraph of this section, I would recommend being clearer on the differences and similarities of both algorithms so implementers understand the tradeoffs. Specifically: -- Curve25519 is “strong” (Section 1 says ~128 bits) and Curve448 “hasn’t received the same cryptographic review” – these seem like unequal statements. -- Curve 25519 makes the claims of being “efficient on a wide range of architecture” and “better implementations properties compared to traditional elliptical curves”. Curve448 “is similar … and is slower”. So is it inefficient across architectures? Worst implementation properties? Can anything be said to qualify “slower”? -- I recommend moving the guidance on what is recommend and why to be in this section so the rational is in one place (rather than also being in Section 1, “This document provide Curve25519 as the preferred choice, …”) (3) Appendix A: As other ballots have noted, is this section needed? (4) Editorial Nits: -- Section 3. s/chapter 4/section 4/g -- Section 3.1. The text “… passed to the ECDH code in SSH that …” reads like a given implementation is being discussed. Perhaps “passed to the ECDH function” (or ECDH algorithm). -- Section 1. Per “The Curve448 key exchange method is similar but uses SHA-512 [RFC6234] to further separate it from the Curve25519 alternative.”, I recommend dropping the ending clause of “to further separate it from the Curve22519 alternative”. The subsequent text (in the Security Considerations) appear to already cover that it is an alternative.
- [Curdle] Roman Danyliw's No Objection on draft-ie… Roman Danyliw via Datatracker
- Re: [Curdle] Roman Danyliw's No Objection on draf… Mark D. Baushke
- Re: [Curdle] Roman Danyliw's No Objection on draf… Mark D. Baushke
- Re: [Curdle] Roman Danyliw's No Objection on draf… Roman Danyliw