[Curdle] comments on draft-ietf-curdle-ssh-kex-sha2-09
Daniel Migault <daniel.migault@ericsson.com> Tue, 19 December 2017 21:11 UTC
Return-Path: <mglt.ietf@gmail.com>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 784BC124239; Tue, 19 Dec 2017 13:11:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.25, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.25, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wqyTFDdC-RTH; Tue, 19 Dec 2017 13:10:59 -0800 (PST)
Received: from mail-lf0-x232.google.com (mail-lf0-x232.google.com [IPv6:2a00:1450:4010:c07::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 875781200FC; Tue, 19 Dec 2017 13:10:58 -0800 (PST)
Received: by mail-lf0-x232.google.com with SMTP id x204so21679133lfa.11; Tue, 19 Dec 2017 13:10:58 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:from:date:message-id:subject:to:cc; bh=q/1LVIyjRLzotL4uM94ki1buEoAut2+qhWwjL7Gxipk=; b=b5QONCadhMoQ+AoxRXkfnfJsr3JnCtb+6Egj93Pt0o48pGESn3R1jdhWT0rprRhMCy xFUiHg1anSQ6nv7S/UWk8mk+NW8qeXqTxlxOBzOGfz4lB805X+1dJj6qqP0fu5yZJ7ZI BeWpw1mYOzT5bjvjlolcHgfgaOgCZNujyMXOuqSTUBLpttUE7uYLvO+Pf6dgPm5Q3GeW m9NAP3+n50m2yDAL/8lrdeJqCWhN+KrhQexP2SLeX9i3Skwzzb1iifNLNHb5dWnJLR3D 2RN1JDJlTknrQB2SZ8RD+1YkR6LvakrKRDoSqtB+I+qhfU1+rrCElQbQeaqCjBgEV/V2 5C1w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:from:date:message-id:subject :to:cc; bh=q/1LVIyjRLzotL4uM94ki1buEoAut2+qhWwjL7Gxipk=; b=I8HfJ1sGXK8AMzucF96+kgnI8jjzJRaWDEZ7iCRLVpqP5Mc6JJoqPRKFXN4CeP9hrw Wx6W8NWUwSKDlSACdTvF0rlWKQFC4HYSIFxK2ZYKdp7oKn+LYmk6AYBPcHGROa3okbSt 76Pd1YF/X+2V7bBG7N/iDGx7VrluQn0jAA3AaomvGapqyJT5ZQsWt598p3H6hqG3dL/R LvtseP5kTPZJLQL+/mF0XF5mPtlThGZQreo6hBupZ7mNiUwf45LxxYL9ZG7kiiaUVhYo 6/Jg7nbjof0KJ8qn5fIn3AF1J13VyV0A5kS7LxFA9vU5DeAyZb0MFSxlJh14gJrn6toG ug8g==
X-Gm-Message-State: AKGB3mI3I4JMgydgOZAVFHjXUo07kGiVgSqArnED6vj7xBSe33fLDCtC 8U463+VBBm+BH333CAalGNcOB35TzPg1+sQ02ct5lw==
X-Google-Smtp-Source: ACJfBov5lpONkJ/pm/TFHEKVxb3gl6qROueIrh9SWcFfwW8EQ0ddxm64QKbREOHsxySEUV1HD/7h5vu8yohqlZ4PvJc=
X-Received: by 10.46.15.25 with SMTP id 25mr3048268ljp.119.1513717856537; Tue, 19 Dec 2017 13:10:56 -0800 (PST)
MIME-Version: 1.0
Sender: mglt.ietf@gmail.com
Received: by 10.46.80.17 with HTTP; Tue, 19 Dec 2017 13:10:55 -0800 (PST)
From: Daniel Migault <daniel.migault@ericsson.com>
Date: Tue, 19 Dec 2017 16:10:55 -0500
X-Google-Sender-Auth: qdKoPPY6tB2qTKpMJeAcF56rWp0
Message-ID: <CADZyTkksHDXEDX4rq8oW9Koi2TXc5yYxhwE3UJo3tGx_E27J7A@mail.gmail.com>
To: curdle <curdle@ietf.org>
Cc: curdle-chairs <curdle-chairs@ietf.org>
Content-Type: multipart/alternative; boundary="94eb2c1ce7a02119b70560b7e786"
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/f34VdBIO-w1VVVkk1_m6kJSBMIc>
Subject: [Curdle] comments on draft-ietf-curdle-ssh-kex-sha2-09
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Dec 2017 21:11:01 -0000
Hi, Please find the shepherd write-up [1] for draft-ietf-curdle-ssh-kex-sha2 [2] as well as my comments regarding the current version below: Unless some raises any concerns, the draft will be sent to the IESG as soon as the current version is updated. Yours, Daniel [1] https://datatracker.ietf.org/doc/draft-ietf-curdle-ssh-kex-sha2/shepherdwriteup/ [2] https://tools.ietf.org/html/draft-ietf-curdle-ssh-kex-sha2-09 section 1 maybe the sentence below should be removed. [TO BE REMOVED: Please send comments on this draft to curdle@ietf.org.] reference I-D.ietf-curdle-ssh-modp-dh-sha2 is now rfc8268, so references should be updated and moved from informational to normative. section 3.1 Curve25519 and SHA-256 may point to references such as RFC8031 RFC6234. It might be also good to have a reference to the code point curves25519-sha256 with draft-ietf-curdle-ssh-curves. section 3.2 Curve448 and curve448-256 may also point to references RFC8031 and draft-ietf-curdle-ssh-curves section 3.3 I think the sentence below repeats itself and should be changed: "" It is recommended that these key exchange groups NOT be used. This key exchange SHOULD NOT be used. """ section 3.5 diffiehellman-group1-sha1 should be referenced by RFC4253 section 3.6 - 3.11 The code points should refer to rfc8268. section 3.7 It is surprising DH is defined so deep in the document ;-) section 3.12 -3.14 The code points should should refer rfc5656 section 3.15 - 3.17 The code points should refer rfc4462 section 3.18 - 3.27 The code points should refer draft-ietf-curdle-gss-keyex-sha2 section 3.28 - 3.29 The code points should mention rfc 4432 In section 3.29 I think that more text should be added to justify the MAY. rsa2048-sha256 matches all reasons rsa1024-sha1 's status is MUST NOT. section 4 ""Of course, use of SHA384""" may be """Of course, the use of SHA384""" I might be wrong as well. section 5 new-modp should be replaced by rfc8268 section 8 rsa1024-sha1 is the only code point to be updated by IANA in that case, it may be easier to mention it rather than referring to the table. The nits provides the following output. idnits 2.15.00 tmp/draft-ietf-curdle-ssh-kex-sha2-09.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- (Using the creation date from RFC4250, updated by this document, for RFC5378 checks: 2005-03-16) -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (July 30, 2017) is 142 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Outdated reference: A later version (-03) exists of draft-ietf-curdle-gss-keyex-sha2-02 == Outdated reference: A later version (-06) exists of draft-ietf-curdle-ssh-curves-05 == Outdated reference: draft-ietf-curdle-ssh-dh-group-exchange has been published as RFC 8270 == Outdated reference: draft-ietf-curdle-ssh-modp-dh-sha2 has been published as RFC 8268 Summary: 0 errors (**), 0 flaws (~~), 4 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above.
- [Curdle] comments on draft-ietf-curdle-ssh-kex-sh… Daniel Migault
- Re: [Curdle] comments on draft-ietf-curdle-ssh-ke… Mark Baushke