Re: [Curdle] new-AD review comments on draft-ietf-curdle-gss-keyex-sha2-08
Benjamin Kaduk <kaduk@mit.edu> Fri, 07 June 2019 22:35 UTC
Return-Path: <kaduk@mit.edu>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BA07E1201B4; Fri, 7 Jun 2019 15:35:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id H2MODJd4JkhW; Fri, 7 Jun 2019 15:35:20 -0700 (PDT)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B876712018F; Fri, 7 Jun 2019 15:35:20 -0700 (PDT)
Received: from kduck.mit.edu ([24.16.140.251]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id x57MZGET002143 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 7 Jun 2019 18:35:18 -0400
Date: Fri, 07 Jun 2019 17:35:15 -0500
From: Benjamin Kaduk <kaduk@mit.edu>
To: Hubert Kario <hkario@redhat.com>
Cc: draft-ietf-curdle-gss-keyex-sha2@ietf.org, curdle@ietf.org
Message-ID: <20190607223515.GI83686@kduck.mit.edu>
References: <20190508150604.GB30884@kduck.mit.edu> <4446646.IAIBc4NGeb@pintsize.usersys.redhat.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <4446646.IAIBc4NGeb@pintsize.usersys.redhat.com>
User-Agent: Mutt/1.10.1 (2018-07-13)
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/dhdv9VhcWcRl46RkxJ9FFrXtQgw>
Subject: Re: [Curdle] new-AD review comments on draft-ietf-curdle-gss-keyex-sha2-08
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Jun 2019 22:35:23 -0000
Sorry for the slow reply -- it's been a busy month in my personal situation. On Thu, May 09, 2019 at 12:34:40PM +0200, Hubert Kario wrote: > On Wednesday, 8 May 2019 17:06:04 CEST Benjamin Kaduk wrote: > > Hi all, > > > > I'm almost ready to send draft-ietf-curdle-gss-keyex-sha2 to the IESG for > > evaluation, but would like to see a new revision posted first, mostly for > > the Abstract changes. In addition to the changes mentioned below, please > > also go ahead and make the editorial changes mentioned in the last > > call/directorate reviews. > > > > -Ben > > > > Abstract > > > > This document specifies additions and amendments to RFC4462. It > > defines a new key exchange method that uses SHA-2 for integrity and > > deprecates weak DH groups. The purpose of this specification is to > > > > I think we need to remove this statement about "deprecates weak DH groups"; > > I didn't see any further discussion of such deprecations in any revision of > > the document. > > > we've done that by not listing them, would you prefer to list them explicitly > in section 6 and Section 4 with a "MUST NOT" in "Implementation Support" and > "Implementation Recommendations"? Since we are only Update:ing 4462 and not Obsolete:ing it, we do need to explicitly say what is deprecated. The sections you list seem like fine places (note that since the IANA registry doesn't list the "implementation support" column, it seems that our request would just be to add this document as a reference for the affected entries). -Ben > > Section 2 > > > > Following the > > rationale of [RFC8268] only SHA-256 and SHA-512 hashes are used for > > DH groups. For NIST curves the same curve-to-hashing algorithm > > pairing used in [RFC5656] is adopted for consistency. > > > > 8268 doesn't provide a whole lot of rationale for using SHA-256, rather, > > the closest thing to guidance would be in Section 1 where it cites the NSA > > IAD FAQ that wants to *avoid* using SHA-256. So perhaps it's better to say > > that this just follows the practice of 8268, rather than the rationale from > > it, especially since we are just using a "consistency" argument for the > > NIST curves' hashes. > > yes, "practice" would work better in this context > > -- > Regards, > Hubert Kario > Senior Quality Engineer, QE BaseOS Security team > Web: www.cz.redhat.com > Red Hat Czech s.r.o., Purkyňova 115, 612 00 Brno, Czech Republic
- [Curdle] new-AD review comments on draft-ietf-cur… Benjamin Kaduk
- Re: [Curdle] new-AD review comments on draft-ietf… Mark D. Baushke
- Re: [Curdle] new-AD review comments on draft-ietf… Benjamin Kaduk
- Re: [Curdle] new-AD review comments on draft-ietf… Hubert Kario
- Re: [Curdle] new-AD review comments on draft-ietf… Simo Sorce
- Re: [Curdle] new-AD review comments on draft-ietf… Benjamin Kaduk
- Re: [Curdle] new-AD review comments on draft-ietf… Benjamin Kaduk