Re: [Curdle] Roman Danyliw's No Objection on draft-ietf-curdle-gss-keyex-sha2-09: (with COMMENT)
Simo Sorce <simo@redhat.com> Mon, 01 July 2019 17:31 UTC
Return-Path: <simo@redhat.com>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B91C8120657; Mon, 1 Jul 2019 10:31:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.901
X-Spam-Level:
X-Spam-Status: No, score=-6.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Xgh5mlfUotbY; Mon, 1 Jul 2019 10:31:02 -0700 (PDT)
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3E615120401; Mon, 1 Jul 2019 10:30:55 -0700 (PDT)
Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 92C433DE0E; Mon, 1 Jul 2019 17:30:53 +0000 (UTC)
Received: from ovpn-116-72.phx2.redhat.com (ovpn-116-72.phx2.redhat.com [10.3.116.72]) by smtp.corp.redhat.com (Postfix) with ESMTPS id ED1BD7A4C4; Mon, 1 Jul 2019 17:30:50 +0000 (UTC)
Message-ID: <f9ba688b00d55e95081668c8f46e211313966bca.camel@redhat.com>
From: Simo Sorce <simo@redhat.com>
To: Roman Danyliw <rdd@cert.org>, The IESG <iesg@ietf.org>
Cc: draft-ietf-curdle-gss-keyex-sha2@ietf.org, daniel.migault@ericsson.com, curdle-chairs@ietf.org, curdle@ietf.org
Date: Mon, 01 Jul 2019 13:30:49 -0400
In-Reply-To: <156138713666.17510.11504200727464931225.idtracker@ietfa.amsl.com>
References: <156138713666.17510.11504200727464931225.idtracker@ietfa.amsl.com>
Organization: Red Hat, Inc.
Content-Type: text/plain; charset="UTF-8"
Mime-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.29]); Mon, 01 Jul 2019 17:30:54 +0000 (UTC)
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/vUip-Mfby8QMXwgHkTZ397WMZ6A>
Subject: Re: [Curdle] Roman Danyliw's No Objection on draft-ietf-curdle-gss-keyex-sha2-09: (with COMMENT)
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Jul 2019 17:31:04 -0000
On Mon, 2019-06-24 at 07:38 -0700, Roman Danyliw via Datatracker wrote: > ** Section 5.1, Per “The exchange hash SHOULD be kept secret”, when should it > not be (i.e., why isn’t this a MUST?)? This is the same text that appears in both 4253 and 4462, it is a SHOULD because revealing the exchange hash may help an attacker to gain some information about the exchange but it is not in itself a problem if it happens. Simo. -- Simo Sorce RHEL Crypto Team Red Hat, Inc
- [Curdle] Roman Danyliw's No Objection on draft-ie… Roman Danyliw via Datatracker
- Re: [Curdle] Roman Danyliw's No Objection on draf… Hubert Kario
- Re: [Curdle] Roman Danyliw's No Objection on draf… Simo Sorce
- Re: [Curdle] Roman Danyliw's No Objection on draf… Simo Sorce