Re: [Curdle] Éric Vyncke's Discuss on draft-ietf-curdle-ssh-curves-10: (with DISCUSS and COMMENT)
"Eric Vyncke (evyncke)" <evyncke@cisco.com> Wed, 04 September 2019 16:47 UTC
Return-Path: <evyncke@cisco.com>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 95ADD120A1E; Wed, 4 Sep 2019 09:47:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.5
X-Spam-Level:
X-Spam-Status: No, score=-14.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=QxVU7voU; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=djKufBr3
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NAbRTzbqIp3X; Wed, 4 Sep 2019 09:47:15 -0700 (PDT)
Received: from alln-iport-1.cisco.com (alln-iport-1.cisco.com [173.37.142.88]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CC5541209EA; Wed, 4 Sep 2019 09:47:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=6172; q=dns/txt; s=iport; t=1567615634; x=1568825234; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=oz5URb9iFOGB9cKziWsjr3LeMqWJNN7A5j4PezV7grA=; b=QxVU7voUGhOV5zEwXyqdAYDx2xWTd3Ll9kv+oSi9pne8CvfYSaC7nJaa ANIdGFgTh5o+RZseJ0gIrzE7sDOpqTiErICVwHX/TBPIzd07VSQ2N9ESc 3bQ1/jiJdU+DpA82mYzPh4f0TlcVIEyv+F7JDsdrSSxm2W4bgiFY8xzfT s=;
IronPort-PHdr: 9a23:Dts49BWOVPF9Wvb4NWAPQuQKz6TV8LGuZFwc94YnhrRSc6+q45XlOgnF6O5wiEPSA92J8OpK3uzRta2oGXcN55qMqjgjSNRNTFdE7KdehAk8GIiAAEz/IuTtank3AtVEX1xo13q6KkNSXs35Yg6arw==
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0CTBQBL6m9d/5ldJa1mHAEBAQQBAQcEAQGBZ4FFUANtViAECyqEIYNHA4p0glyXbIFCgRADVAkBAQEMAQEjCgIBAYQ/AheCGyM4EwIDCAEBBAEBAQIBBgRthS4MhUsBAQECARIREQwBASQFDgEPAgEIGgImAgICMBUFCwIEDgUigwABgWoDDg8BAgyffQKBOIhhc4EygnwBAQWBRkGDDRiCFgMGgQwoilqBHhiBQD+BEScfgXxQPoJhAgMBgSoBEgEHGBeCdDKCJoxTgiszjhIdjkgKgh+Gdolzg3gbgjSHNoQegg+IVI0liEuQVgIEAgQFAg4BAQWBZyFncXAVZQGCQYJCDBcVgzqFFIU/c4EpjA2CRQEB
X-IronPort-AV: E=Sophos;i="5.64,467,1559520000"; d="scan'208";a="319833964"
Received: from rcdn-core-2.cisco.com ([173.37.93.153]) by alln-iport-1.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 04 Sep 2019 16:47:13 +0000
Received: from XCH-ALN-011.cisco.com (xch-aln-011.cisco.com [173.36.7.21]) by rcdn-core-2.cisco.com (8.15.2/8.15.2) with ESMTPS id x84GlDkv011437 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 4 Sep 2019 16:47:13 GMT
Received: from xhs-aln-002.cisco.com (173.37.135.119) by XCH-ALN-011.cisco.com (173.36.7.21) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Wed, 4 Sep 2019 11:47:13 -0500
Received: from xhs-rcd-001.cisco.com (173.37.227.246) by xhs-aln-002.cisco.com (173.37.135.119) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Wed, 4 Sep 2019 11:47:12 -0500
Received: from NAM02-SN1-obe.outbound.protection.outlook.com (72.163.14.9) by xhs-rcd-001.cisco.com (173.37.227.246) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Wed, 4 Sep 2019 11:47:12 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=O2f4/sJP69HHBRxU2rB/rZADeIsAWo+lykKv0IEhLzGS76aEaxrroMBF83C1j3tngO4rKjKS75xcJCgJoiVf3fmKtfkykqdY59BG1UERatSvSacecF9RbHYCS8R+pwNrBfTCF5KUxaVLQbLopFJaw+PZ75oqwJCPlw7UdT+14Bk6Ml9uN+CrnLdKGPdn9Xvfe0YEDmDGer7FgDCJxBslfZVGQ6zcVk8+Y7608AO2miewqX2mV6UqWZb+sthqvdnI0HTp8WxkmPUhJGzxhI/wwvXTqxUQ159ay56DkhorxKfLaYMdqiYLDGpJteQYOzkbLhrZmZjxhcZG1fhzlSvLeg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=oz5URb9iFOGB9cKziWsjr3LeMqWJNN7A5j4PezV7grA=; b=BlEHW5EM0HOFP5tgQ/RrS/nIdbd37iD/YmckO6x9QtVuCp9N1KonhKq5NKiHlWM4KHdJVoObhnfLgLgbaZ/Rn2aSVHAeagQGh4b4Xsqypt9OFFkIArm+trx7P5CE7XRba1I5n8Wo9APwCJhCTbnH5+6AHU95EwswAZRmZbsFa+ZItyth+mpja+vN8Qkf//ab0zUkXGR5RhNa26K9FpjCtmSEXshhs+W4kgqJ7cLnc5XAsOcngI2JKCtmyauGuF0z/TJrNszbFLdFqltKG8Nvk0QFYHIk2k3J1KRnStYge33rcTbBqPgssrMo6ubAOOlmDfVAdJbLv0utl1o9OrbZrA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=oz5URb9iFOGB9cKziWsjr3LeMqWJNN7A5j4PezV7grA=; b=djKufBr3uvDvmnyLRl/HJ0SndOFnIW6wtVo+HQAifuYUofwp9PBuEv9I1N0xTsmbAqonCC2MTLkDHe/E6Y4/ppdSI6zfv45fKGiHL3j56Vu2UhEFSCgw5pioapd3Yb1SWX0p/FpHutVpJ1a+a/+8hqXod6HM9RtrDDPDaHoV6lw=
Received: from MN2PR11MB4144.namprd11.prod.outlook.com (20.179.150.210) by MN2PR11MB4447.namprd11.prod.outlook.com (52.135.39.217) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2220.21; Wed, 4 Sep 2019 16:47:10 +0000
Received: from MN2PR11MB4144.namprd11.prod.outlook.com ([fe80::d5c4:be39:66cb:449b]) by MN2PR11MB4144.namprd11.prod.outlook.com ([fe80::d5c4:be39:66cb:449b%6]) with mapi id 15.20.2220.020; Wed, 4 Sep 2019 16:47:10 +0000
From: "Eric Vyncke (evyncke)" <evyncke@cisco.com>
To: "Mark D. Baushke" <mdb@juniper.net>
CC: The IESG <iesg@ietf.org>, "daniel.migault@ericsson.com" <daniel.migault@ericsson.com>, "draft-ietf-curdle-ssh-curves@ietf.org" <draft-ietf-curdle-ssh-curves@ietf.org>, "curdle-chairs@ietf.org" <curdle-chairs@ietf.org>, "curdle@ietf.org" <curdle@ietf.org>
Thread-Topic: [Curdle] Éric Vyncke's Discuss on draft-ietf-curdle-ssh-curves-10: (with DISCUSS and COMMENT)
Thread-Index: AQHVYg0/6XJrqiDOPkOyC6w5HA6qi6cb3jWA
Date: Wed, 04 Sep 2019 16:47:10 +0000
Message-ID: <D9F83D0A-A834-4C4C-B2D1-0F27BA6F7B24@cisco.com>
References: <156741598969.12899.17772144244382628268.idtracker@ietfa.amsl.com> <14394.1567483702@contrail-ubm16-mdb.svec1.juniper.net>
In-Reply-To: <14394.1567483702@contrail-ubm16-mdb.svec1.juniper.net>
Accept-Language: fr-BE, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.1c.0.190812
authentication-results: spf=none (sender IP is ) smtp.mailfrom=evyncke@cisco.com;
x-originating-ip: [2001:420:c0c1:36:dddd:960:a05c:9f22]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 48d88149-5e75-48ac-4aa5-08d7315787f7
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600166)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:MN2PR11MB4447;
x-ms-traffictypediagnostic: MN2PR11MB4447:
x-ms-exchange-purlcount: 2
x-microsoft-antispam-prvs: <MN2PR11MB444794387B0E6D92CB42322CA9B80@MN2PR11MB4447.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:6430;
x-forefront-prvs: 0150F3F97D
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(39860400002)(366004)(346002)(136003)(376002)(396003)(189003)(199004)(316002)(25786009)(4326008)(486006)(36756003)(11346002)(256004)(446003)(1941001)(14444005)(46003)(6486002)(58126008)(6512007)(6306002)(102836004)(54906003)(2616005)(6506007)(6436002)(14454004)(476003)(6246003)(76176011)(99286004)(224303003)(478600001)(71200400001)(71190400001)(966005)(76116006)(8936002)(6916009)(66556008)(64756008)(5660300002)(66946007)(81156014)(81166006)(6116002)(7736002)(186003)(229853002)(305945005)(86362001)(2906002)(33656002)(91956017)(66476007)(66446008)(53936002); DIR:OUT; SFP:1101; SCL:1; SRVR:MN2PR11MB4447; H:MN2PR11MB4144.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: KOGYRTxnarTmHDc4Uz4s8mr6bW3ZInJPPHrT9/YtDAj2c9ETG+N5PatAfqLEO7LTRdzqt7M5RWmbkLc6T9Fc3QAZHoz8BbDHq5j2xubZK/HVrt7dDHAoT9DbNZuMsa4XQZe2XxnSo2bhG06zr9Z09DCxqZVl8TmxGT7hyAcGoDD1Y0bUj55mudQPkWju7mo4QyGOtAdDEYbCYJkt8iTPDAUphMTgvkpf38p4tHc0hRR6+6Zo2uHecsMUvnkIAUEH8OCEYyjfP+9wisvVHRyfS1holF7tP+k00IRxvBbRSc8xDHu+5jbEUGp3WRyhPTP+yW2bHnRPdIRHiuzaxiYKoqwXCZQFt88ZL4Y7AjVL0Js6vf6eq+RzUc7sppNXkbeBktaDDrvG9JG2Jfbnu4q/WACoU4NRkaYv2pD5qQsTpc8=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <16B446B929BA52449E50AEE6AF4E7D6B@namprd11.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 48d88149-5e75-48ac-4aa5-08d7315787f7
X-MS-Exchange-CrossTenant-originalarrivaltime: 04 Sep 2019 16:47:10.6682 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: kRuy18xG68I/hiEDlUj4rdm+C0UmQHiSei8AHQ5WsDw3wfd5X8sNc7JUlrfFRnqmtqZX18Enfm2mpw9VxoEgEA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR11MB4447
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.21, xch-aln-011.cisco.com
X-Outbound-Node: rcdn-core-2.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/oe7j98iOlDYcWzRDF1vJMRzLyGQ>
Subject: Re: [Curdle] Éric Vyncke's Discuss on draft-ietf-curdle-ssh-curves-10: (with DISCUSS and COMMENT)
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Sep 2019 16:47:18 -0000
Thank you Mark for your reaction. I am clearing my DISCUSS -éric On 03/09/2019, 06:08, "Mark D. Baushke" <mdb@juniper.net> wrote: Hi Eric, My comments are in-line. Look for MDB: Éric Vyncke via Datatracker <noreply@ietf.org> writes: > Éric Vyncke has entered the following ballot position for > draft-ietf-curdle-ssh-curves-10: Discuss > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to https://www.ietf.org/blog/discuss-criteria-iesg-review/ > for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-curdle-ssh-curves/ > > > > ---------------------------------------------------------------------- > DISCUSS: > ---------------------------------------------------------------------- > > Thank you for the hard work put into this document. MDB: Thank you for taking the time to review it and provide actionable comments. > Please note that I second Mirja's discuss about the 'copying' text. I understand the issue. I have no problems with removing that text, but I am not the sole author of the document and did not add it in the first place. > And, please find below an easy-to-fix DISCUSS and some COMMENTs. > > Regards, > > -éric > > == DISCUSS == > > -- Abstract -- > > For a standard track document, I find it weird to write 'conventions' rather > than specification. Easy to fix. MDB: Okay. The abstract now reads: This document describes the specification for using Curve25519 and Curve448 key exchange methods in the Secure Shell (SSH) protocol. > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > == COMMENTS == > > -- Section 1 -- > " At the time of writing this specification" will look strange in a couple of > years, please state 2019. MDB: This paragraph hs been rerwritten as This document provide Curve25519 as the preferred choice, but suggests that the Curve448 is implemented to provide more than 128 bits of security strength should that become a requirement. > > -- Section 3 -- > I am not a SSH expert, but, can you add a reference to X25519 (in RFC > 7748?) if not obvious for SSH experts ? I am not sure I understand what you want changed. The text here: Key-agreement schemes "curve25519-sha256" and "curve448-sha512" perform the Diffie-Hellman protocol using the functions X25519 and X448, respectively. Implementations SHOULD compute these functions using the algorithms described in [RFC7748]. seems pretty clear to me that X25519 and X448 are described in RFC7748. Did you need to have me change '... described in [RFC7748].' to read '... described in section 5 of [RFC7748].' Or, something else? > == NITS == > > -- Section 1 -- > s/This document provide Curve25519/This document provides Curve25519/ Fixed. > s/Curve25519 has been/Curve25519 have been/ The paragraph containing that phrase has been removed from the document entirely. > From now on, I am stopping to review for nits, typos and grammar > errors. Please run a spell checker. I have used a spell checker. ther than proper names, code point names, and abbreviaions, the only the word Acknowledgements (with two e charcters) vs Acknowledgments (with one e) is flagged. The former is favored outside of the US and Canada while the latter is favored inside. As the primary co-author, Aris Adamantiadis, I have no problem using the word favored outside of the United States. If this is an issue, the IETF publishers may change the spelling. -- Mark
- [Curdle] Éric Vyncke's Discuss on draft-ietf-curd… Éric Vyncke via Datatracker
- Re: [Curdle] Éric Vyncke's Discuss on draft-ietf-… Mark D. Baushke
- Re: [Curdle] Éric Vyncke's Discuss on draft-ietf-… Eric Vyncke (evyncke)