IETF Logo Mail Archive

Re: [Curdle] Warren Kumari's No Objection on draft-ietf-curdle-des-des-des-die-die-die-04: (with COMMENT)

Benjamin Kaduk <kaduk@mit.edu> Tue, 12 September 2017 22:52 UTC

Return-Path: <kaduk@mit.edu>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 16DAE13316E; Tue, 12 Sep 2017 15:52:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id H2BfZC5j9yIG; Tue, 12 Sep 2017 15:52:21 -0700 (PDT)
Received: from dmz-mailsec-scanner-7.mit.edu (dmz-mailsec-scanner-7.mit.edu [18.7.68.36]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 187B1132969; Tue, 12 Sep 2017 15:52:17 -0700 (PDT)
X-AuditID: 12074424-f97ff70000001016-94-59b8651f4668
Received: from mailhub-auth-2.mit.edu ( [18.7.62.36]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-7.mit.edu (Symantec Messaging Gateway) with SMTP id 84.E3.04118.F1568B95; Tue, 12 Sep 2017 18:52:15 -0400 (EDT)
Received: from outgoing.mit.edu (OUTGOING-AUTH-1.MIT.EDU [18.9.28.11]) by mailhub-auth-2.mit.edu (8.13.8/8.9.2) with ESMTP id v8CMqEaK026459; Tue, 12 Sep 2017 18:52:15 -0400
Received: from kduck.kaduk.org (24-107-191-124.dhcp.stls.mo.charter.com [24.107.191.124]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id v8CMq80u006019 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Tue, 12 Sep 2017 18:52:11 -0400
Date: Tue, 12 Sep 2017 17:52:08 -0500
From: Benjamin Kaduk <kaduk@mit.edu>
To: Warren Kumari <warren@kumari.net>
Cc: The IESG <iesg@ietf.org>, draft-ietf-curdle-des-des-des-die-die-die@ietf.org, Daniel Migault <daniel.migault@ericsson.com>, curdle-chairs@ietf.org, curdle@ietf.org, joelja@bogus.com
Message-ID: <20170912225208.GE96685@kduck.kaduk.org>
References: <150515910592.9770.2709380152256609564.idtracker@ietfa.amsl.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <150515910592.9770.2709380152256609564.idtracker@ietfa.amsl.com>
User-Agent: Mutt/1.8.3 (2017-05-23)
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFupnleLIzCtJLcpLzFFi42IRYrdT0ZVP3RFpsG6vjcXMng3MFlsXzmK2 mDJ9D5vF064jTBYz/kxktnh1ag2jxeFjl5kc2D3OHlnA6PHr61U2jyVLfjJ53L7xhz2AJYrL JiU1J7MstUjfLoEr48KiRraCpbwVsyaeYm5gfMLVxcjJISFgInHyxSOmLkYuDiGBxUwSpxd9 YYZwNjJKPOxrYIRwrjJJTPz+gRWkhUVAVeLtp1lgNpuAikRD92VmEFsEKN64YD87SAOzwBVG icVvWthBEsIC2RLbd29hAbF5gfad33ecCcQWEvCReHN8AhtEXFDi5MwnYDXMAloSN/69BKrh ALKlJZb/4wAJcwr4SnzYeQysVVRAWWLevlVsExgFZiHpnoWkexZC9wJG5lWMsim5Vbq5iZk5 xanJusXJiXl5qUW65nq5mSV6qSmlmxjB4e6isoOxu8f7EKMAB6MSD++KO9sjhVgTy4orcw8x SnIwKYnyZivuiBTiS8pPqcxILM6ILyrNSS0+xCjBwawkwusUA5TjTUmsrEotyodJSXOwKInz ims0RggJpCeWpGanphakFsFkZTg4lCR4zyQDNQoWpaanVqRl5pQgpJk4OEGG8wANdwGp4S0u SMwtzkyHyJ9iVJQS560ASQiAJDJK8+B6QelIInt/zStGcaBXhHnFUoCqeICpDK77FdBgJqDB PJe2gAwuSURISTUwlrixe8pcPpGxhrWw4POKzhLh6WKn4m3WCizZa+5b3lIyJ3bxqmCFb3rM GZdM9O8ftew40PH4qZPpSwebp8pNEw//Yl1UVbCtmc/MnsO90P53hy6ntq6Iku77V0bdHTIn TK9lc9UbMEf8vH+xSfaL4kuZC1mJdmcX1/+JMqkJvPfvW89N5zIlluKMREMt5qLiRAD17FRy IgMAAA==
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/p7bgFr_UNqT2CKZueYddqvatijg>
Subject: Re: [Curdle] Warren Kumari's No Objection on draft-ietf-curdle-des-des-des-die-die-die-04: (with COMMENT)
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Sep 2017 22:52:23 -0000

Hi Warren,

On Mon, Sep 11, 2017 at 12:45:05PM -0700, Warren Kumari wrote:
> Warren Kumari has entered the following ballot position for
> draft-ietf-curdle-des-des-des-die-die-die-04: No Objection
> 
> The document, along with other ballot positions, can be found here:
> https://datatracker.ietf.org/doc/draft-ietf-curdle-des-des-des-die-die-die/
> 
> 
> 
> ----------------------------------------------------------------------
> COMMENT:
> ----------------------------------------------------------------------
> 
> Thanks to Joel for his OpsDir review.
> 
> I have a few comments / readability suggestions:
> 1: Section 5.1.  Statistical Biases
> "These attacks seem to rely on repeated encryptions of thousands of copies of
> the same plaintext; " -- for a document which deprecates rc4-hmac the "seem to
> rely on" feels very weak. I'd suggest s/seem// or "At least some of these
> attacks rely on..." or similar.

Sure, accepted.

> 2: Section 6.  3DES Weakness
> "Additionally, the 3DES encryption types were never implemented in all Kerberos
> implementations..." s/never/not/

Accepted.

> 3:  Section 6.3.  Interoperability
> "The triple-DES encryption types were implemented by MIT Kerberos
>    early in its development (ca. 1999) and present in the 1.2 release,
>    but encryption types 17 and 18 (AES) were implemented by 2003 and
>    present in the 1.3 release."
> I'm a bit confused by the "but" - should this be "and"? Otherwise it sounds
> like it it trying to contrast something.

The intent is more along the lines of "but they were superseded when",
so I'll make that change in my working copy.

Thanks for the suggestions!

-Ben

v2.23.0 | Report a Bug | By Email