IETF Logo Mail Archive

[Gen-art] Gen art review: draft-maino-fcsp-02.txt

Elwyn Davies <elwynd@dial.pipex.com> Tue, 27 September 2005 08:27 UTC

Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EKAob-0007Um-BG; Tue, 27 Sep 2005 04:27:53 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EKAoZ-0007Uc-0V for gen-art@megatron.ietf.org; Tue, 27 Sep 2005 04:27:51 -0400
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id EAA22864 for <gen-art@ietf.org>; Tue, 27 Sep 2005 04:27:49 -0400 (EDT)
Received: from b.painless.aaisp.net.uk ([81.187.81.52] helo=smtp.aaisp.net.uk) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1EKAvf-0005py-SH for gen-art@ietf.org; Tue, 27 Sep 2005 04:35:18 -0400
Received: from [81.187.254.247] (helo=[127.0.0.1]) by smtp.aaisp.net.uk with esmtps (TLSv1:AES256-SHA:256) (Exim 4.43) id 1EKAo2-00068u-3X; Tue, 27 Sep 2005 09:27:18 +0100
Message-ID: <433902BB.5020608@dial.pipex.com>
Date: Tue, 27 Sep 2005 09:28:43 +0100
From: Elwyn Davies <elwynd@dial.pipex.com>
User-Agent: Mozilla Thunderbird 1.0.2 (Windows/20050317)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: gen-art@ietf.org, Mary Barnes <mary.barnes@nortel.com>, Russ Hously <housley@vigilsec.com>, fmaino@cisco.com, black_david@emc.com
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Spam-Score: 1.3 (+)
X-Scan-Signature: d8ae4fd88fcaf47c1a71c804d04f413d
Content-Transfer-Encoding: 7bit
Cc:
Subject: [Gen-art] Gen art review: draft-maino-fcsp-02.txt
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/gen-art>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
Sender: gen-art-bounces@ietf.org
Errors-To: gen-art-bounces@ietf.org

Background for those on the CC list, who may be unaware of GenART:
GenART is the Area Review Team for the General Area of the IETF.  We
advise the General Area Director (i.e. the IETF/IESG chair) by providing
more in depth reviews than he could do himself of documents that come up
for final decision in IESG telechat.  I was selected as the GenART
member to review this document.  Below is my review, which was written
specifically with an eye to the GenART process, but since I believe that
it will be useful to have these comments more widely distributed, others
outside the GenART group are being copied.

Document: draft-maino-fcsp-02.txt
Intended Status: Informational (individual submission via AD)
Shepherding AD: Russ Housley
Review Trigger: IESG Telechat 29/9/05

Summary:
An excellent document IMO - easy to read and with excellent balance 
between motivation, explanation and technical detail! Kudos to the 
authors.  Given this document is informing the IETF about what Fibre 
Channel is doing, there is no obligation to fix up the couple of issues 
relating to extensibility/future proofing but given IETF experience, it 
might be appropriate to consider remedying them.  There are also some 
editorial nits.

Review:
Generally an excellent document.  Given recent IETF experience and the 
general degradation over time of the value of security algorithms, I 
think it would be appropriate to provide very explicitly for algorithm 
replacement, especially as regards the integrity algrithms which are (as 
I read the document) currently fixed.  The first two issues give the 
details:

s4.1, last para: It might be good to cite 
RFC2402RFC2406/draft-ietf-ipsec-esp-ah-algorithms-02.txt to cover all 
the 'standard' algorithms rather than one specific algorithm (RFC3602).  
Also it would probably be good to make it crystal clear that any future 
transforms that might be invented to go with ESP would be available for 
use for Fibre Channel.

s4.2, last para: Nothing is said here about alternative future integrity 
algorithms.  Given recent discussion about attacks on MD5 and SHA1, and 
general views about the need for security algorithms to be replaceable 
limiting integrity protection to just two current algorithms is not a 
good idea.

s8.1: I would consider refs FC-FS, FC-GS and FC-SP as normative.

s8.2: I think RFCs 2625, 3643 and 3821 are informative as the various 
payloads are not IP encapsulated.

Editorial nits:
s4, para 3: s/Preambol/Preamble/

s4, last para: s/Security Association for/Security Associations for/

s4.1: Fields are 'normalized before computation': presumably this is 
clear to somebody skilled in the Fibre Channel arts but a ref to the 
appropriate piece of specification or an inline description would help 
for the unenlightened.

s4.1, Figure 1: Technically the 'Auth' coverage should be 'Integrity' 
coverage (and this would match with the corresponding figure in 
draft-ietf-ipsec-esp-v3-10.txt).

 s5.2, para 2: s/protocol ID/protocol IDs/

s5.4, para 5 (next to last): s/he function/the function/

s5.4, last para: s/Associaton/Association/

s6, para 2: s/then there are no theoretical limitations/so that there 
are no a priori limitations/ (the previous phrase gives the theoretical 
limit of 4GB!)

s8.2: Should be entitled Normative References

_______________________________________________
Gen-art mailing list
Gen-art@ietf.org
https://www1.ietf.org/mailman/listinfo/gen-art

v2.23.0 | Report a Bug | By Email