[Curdle] AD review of draft-ietf-curdle-cms-chacha20-poly1305-03
Stephen Farrell <stephen.farrell@cs.tcd.ie> Thu, 24 November 2016 12:54 UTC
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E97A71298C4 for <curdle@ietfa.amsl.com>; Thu, 24 Nov 2016 04:54:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.798
X-Spam-Level:
X-Spam-Status: No, score=-5.798 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-1.497, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cZyU60qmGpOs for <curdle@ietfa.amsl.com>; Thu, 24 Nov 2016 04:54:10 -0800 (PST)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0994212950E for <curdle@ietf.org>; Thu, 24 Nov 2016 04:54:09 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 2F021BE6F for <curdle@ietf.org>; Thu, 24 Nov 2016 12:54:07 +0000 (GMT)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uWoRSt5N2Aqa for <curdle@ietf.org>; Thu, 24 Nov 2016 12:54:05 +0000 (GMT)
Received: from [10.87.48.210] (95-45-153-252-dynamic.agg2.phb.bdt-fng.eircom.net [95.45.153.252]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 7E583BE64 for <curdle@ietf.org>; Thu, 24 Nov 2016 12:54:04 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1479992044; bh=bavfMuRYYpQ1+L54gu7Je9bFgJIxhAvdrlq+XxSL6Mc=; h=To:From:Subject:Date:From; b=PnNVwNS4SfwTM+dwiZG0eOKNCKDITq2qwHjHxhyquLyV/AeEJf87q52grhqqzL67z CMsYJf1WVyqMBnoq08BLWY0ZF8vy2Ibv1DglXFqIciFlBaCLxk9qeCSbswHAM3XCmH 3aygQLZbBtwldbSOdvMzFMzBNKSO/5T3Z+B31+zc=
To: "curdle@ietf.org" <curdle@ietf.org>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Openpgp: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url=
Message-ID: <b27e8b77-5025-23f0-e71f-9c10af0b2265@cs.tcd.ie>
Date: Thu, 24 Nov 2016 12:54:04 +0000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.4.0
MIME-Version: 1.0
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="------------ms070006010709090209050705"
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/dPZ1t5Hk_LnT1FdSDLs_XclgEz4>
Subject: [Curdle] AD review of draft-ietf-curdle-cms-chacha20-poly1305-03
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Nov 2016 12:54:17 -0000
Hiya, My AD review of this draft is below. I think a revised I-D is needed before IETF LC for at least section 4, but please argue with me if I'm wrong about that. Cheers, S. (1) section 2: Is it correct to say that BCP107 is a MUST the way you do? I think you need to say that implementations MUST support some form(s) of AKM, but I don't think you can say "MUST use" as I can't see how that could be enforced at this level of the code. If it can't be enforced, then it's not worth the MUST you have here. (2) section 3: What does "content authenticated encryption" mean exactly? You use that phrase a lot, and I don't know what it means and it does not occur in [CMS]. Do we need a better term? (Apologies if I'm forgetting the WG discussing that.) (3) section 4: this is clearly not ready for publication - why not allocate the OID? But you at least need to write the text or get rid of the section. (4) I hope I remember to add the downref to the IETF LC:-) nits... - Is 1.1 really useful to have here? That text is basically part of [1] which is what an implementer would need to read anyway. So it may be better to omit 1.1 and just point at [1]. [1] https://tools.ietf.org/html/rfc7539#section-2.8 - section 2: "...destroys the security guarantees." That would be better with a reference to some paper that describes the issues. - typo: "I can be extremely..." - typo: "There is one algorithm identifiers..." - section 3: I'm not clear what is done with the "AuthEnvelopedData mac field" here. Given we've an AEAD, there's no real need for a separate MAC, so I find the text confusing. Can you explain? - section 6: This says "When using AEAD_CHACHA20_POLY1305, the resulting ciphertext is always the same size as the original plaintext. " What about the extra 128 bit authentication tag?
- [Curdle] AD review of draft-ietf-curdle-cms-chach… Stephen Farrell
- Re: [Curdle] AD review of draft-ietf-curdle-cms-c… Russ Housley
- Re: [Curdle] AD review of draft-ietf-curdle-cms-c… Stephen Farrell
- Re: [Curdle] AD review of draft-ietf-curdle-cms-c… Russ Housley
- Re: [Curdle] AD review of draft-ietf-curdle-cms-c… Russ Housley
- Re: [Curdle] AD review of draft-ietf-curdle-cms-c… Stephen Farrell