IETF Logo Mail Archive

Re: [Curdle] new AD review comments on draft-ietf-curdle-ssh-ed25519-ed448-08

Benjamin Kaduk <kaduk@mit.edu> Fri, 07 June 2019 22:26 UTC

Return-Path: <kaduk@mit.edu>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2EF5D120161; Fri, 7 Jun 2019 15:26:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.199
X-Spam-Level:
X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id t-S9KLn6bdec; Fri, 7 Jun 2019 15:26:28 -0700 (PDT)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 698571200BA; Fri, 7 Jun 2019 15:26:27 -0700 (PDT)
Received: from kduck.mit.edu ([24.16.140.251]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id x57MQBhD032328 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 7 Jun 2019 18:26:14 -0400
Date: Fri, 07 Jun 2019 17:26:11 -0500
From: Benjamin Kaduk <kaduk@mit.edu>
To: Daniel Migault <daniel.migault@ericsson.com>, bjh21@bjh21.me.uk
Cc: Loganaden Velvindron <loganaden@gmail.com>, "draft-ietf-curdle-ssh-ed25519-ed448.all@ietf.org" <draft-ietf-curdle-ssh-ed25519-ed448.all@ietf.org>, "curdle@ietf.org" <curdle@ietf.org>
Message-ID: <20190607222610.GH83686@kduck.mit.edu>
References: <20190604174029.GC8678@prolepsis.kaduk.org> <DM6PR15MB3531AACEA6B575BBACAFD413E3160@DM6PR15MB3531.namprd15.prod.outlook.com> <CAOp4FwTKAW+vkEbsYTPUVUSB6ve2=uTGiTKwQUB0trZ981MTWw@mail.gmail.com> <DM6PR15MB3531792B7CB48B7E08D67E2CE3170@DM6PR15MB3531.namprd15.prod.outlook.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <DM6PR15MB3531792B7CB48B7E08D67E2CE3170@DM6PR15MB3531.namprd15.prod.outlook.com>
User-Agent: Mutt/1.10.1 (2018-07-13)
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/WdHaRY0r8D0z6Sk4Og7WqmpK3Yo>
Subject: Re: [Curdle] new AD review comments on draft-ietf-curdle-ssh-ed25519-ed448-08
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Jun 2019 22:26:31 -0000

On Thu, Jun 06, 2019 at 02:56:46PM +0000, Daniel Migault wrote:
> This is correct, for some reasons I reviewed version 07. So version 08 is solving the opsdir issue. I will close the thread on the mailing list.

Ah, thank you.  Thanks also to Loganaden for the updates in the -08, and
sorry for not having confirmed that they did address the opsdir review
comment.

> The SSHF Record includes the algorithm used for the public key, the type of the fingerprint. The current draft only adds a registry for the algorithm. I believe the confusion might be that the current text  seems to indicate some additional changes for example in the generation of the finger print.  Maybe the text below around the following lines clarifies the purpose of the changes.

That seems likely.

> If so, the only remaining point is the IPR declaration.

[adding Ben to the To: list to try to answer this question.]

-Ben

> OLD:
> The generation of SSHFP resource records for "ssh-ed25519" keys is
>    described in [RFC7479].
> 
>    The generation of SSHFP resource records for "ssh-ed448" keys is
>    described as follows.
> 
>    the SSHFP Resource Record for the Ed448 public key with SHA-256
>    fingerprint would be example be:
> 
>    example.com.  IN SSHFP TBD 2 ( a87f1b687ac0e57d2a081a2f2826723
>    34d90ed316d2b818ca9580ea384d924 01 )
> 
>    The 2 here indicates SHA-256 [RFC6594].
> 
> NEW:
> 
> The generation of SSHFP resource records for "ssh-ed25519" keys is
>    described in [RFC7479].
> 
> The SSHFP resource records for "ssh-ed448" keys is generated similarly,
> with the algorithm field indicating a Ed448 public key.
> 
> The SSHFP Resource Record for the Ed448 public key with SHA-256
> fingerprint would be example be:
> 
> example.com.  IN SSHFP TBD 2 ( a87f1b687ac0e57d2a081a2f2826723
> 34d90ed316d2b818ca9580ea384d924 01 )
> 
> The 2 here indicates SHA-256 [RFC6594].
> 
> From: Loganaden Velvindron <loganaden@gmail.com>
> Sent: Thursday, June 06, 2019 3:02 AM
> To: Daniel Migault <daniel.migault@ericsson.com>
> Cc: Benjamin Kaduk <kaduk@mit.edu>; draft-ietf-curdle-ssh-ed25519-ed448.all@ietf.org; curdle@ietf.org
> Subject: Re: new AD review comments on draft-ietf-curdle-ssh-ed25519-ed448-08
> 
> I already published rev08 to address those issues:
> https://tools.ietf.org/rfcdiff?difftype=--hwdiff&url2=draft-ietf-curdle-ssh-ed25519-ed448-08.txt
> 
> On Wed, Jun 5, 2019 at 5:52 PM Daniel Migault <daniel.migault@ericsson.com<mailto:daniel.migault@ericsson.com>> wrote:
> Thanks Ben for the follow-up, please see my responses inline for (2) and (4). I believe a version 08 is needed to address (1) and (2).
> Yours,
> Daniel
> 
> -----Original Message-----
> From: Benjamin Kaduk <kaduk@mit.edu<mailto:kaduk@mit.edu>>
> Sent: Tuesday, June 04, 2019 1:41 PM
> To: draft-ietf-curdle-ssh-ed25519-ed448.all@ietf.org<mailto:draft-ietf-curdle-ssh-ed25519-ed448.all@ietf.org>
> Cc: curdle@ietf.org<mailto:curdle@ietf.org>
> Subject: new AD review comments on draft-ietf-curdle-ssh-ed25519-ed448-08
> 
> Hi all,
> 
> I'm just about ready to send this to the IESG, but there seems to be a few things to fix, first:
> 
> (1) In Section 8 we say "The generation of SSHFP resource records for "ssh-ed448" keys is described as follows." but then give only an example and not a description of what to do.  We need to say more about this procedure
> 
> (2) I'm not sure if the chain on the opsdir review got fully resolved; see https://mailarchive.ietf.org/arch/msg/curdle/DZc2Sr19zJ71nnC3pSIF0uPhaCk
> <mglt>
> The current version has not accordingly been updated.
> </mglt>
> 
> (3) The shepherd writeup says that Ben did not confirm IPR (non)disclosure per BCPs 78 and 79 -- Ben, can you please do so now?
> 
> (4) Daniel, can you please update the shepherd writeup to reflect the discussions with the directorate reviewers about document status?  I'm sure that some IESG members will ask "why not Informational?" if we don't forestall them.
> 
> <mglt>
> I have update the shepherd as follows:
> 
> (1) What type of RFC is being requested (BCP, Proposed Standard,
> Internet Standard, Informational, Experimental, or Historic)?  Why
> is this the proper type of RFC?  Is this type of RFC indicated in the
> title page header?
> 
> The requested status is Standard Track. This is necessary for
> inter-operability  and as such the Standard Track seems the
> most appropriated status.
> 
> The OPS Directorate wondered why version 07 was a Standard Track
> document and not an informational document as no normative 2119 words.
> 
> The reason for being a standard track is that we expect the implementation
> that implement SSH to follow these recommendations. The consensus was
> to explicitly mention it in the document around the lines:
> 
> "Standard implementations of SSH SHOULD implement these signature algorithms."
> </mglt>
> Thanks,
> 
> Ben

v2.23.0 | Report a Bug | By Email