[Gen-art] Re: Gen art review: draft-maino-fcsp-02.txt (resend)
Elwyn Davies <elwynd@dial.pipex.com> Wed, 28 September 2005 16:50 UTC
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EKf8P-0004qf-Pp; Wed, 28 Sep 2005 12:50:21 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EKf8O-0004nF-Al for gen-art@megatron.ietf.org; Wed, 28 Sep 2005 12:50:20 -0400
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA19454 for <gen-art@ietf.org>; Wed, 28 Sep 2005 12:50:17 -0400 (EDT)
Received: from a.painless.aaisp.net.uk ([81.187.81.51] helo=smtp.aaisp.net.uk) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1EKfFl-0002HQ-0s for gen-art@ietf.org; Wed, 28 Sep 2005 12:58:04 -0400
Received: from [81.187.254.247] (helo=[127.0.0.1]) by smtp.aaisp.net.uk with esmtps (TLSv1:AES256-SHA:256) (Exim 4.43) id 1EKf7p-0003ue-1L; Wed, 28 Sep 2005 17:49:45 +0100
Message-ID: <433AC9FD.8070000@dial.pipex.com>
Date: Wed, 28 Sep 2005 17:51:09 +0100
From: Elwyn Davies <elwynd@dial.pipex.com>
User-Agent: Mozilla Thunderbird 1.0.2 (Windows/20050317)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Black_David@emc.com
References: <F222151D3323874393F83102D614E0557A6EC0@CORPUSMX20A.corp.emc.com>
In-Reply-To: <F222151D3323874393F83102D614E0557A6EC0@CORPUSMX20A.corp.emc.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Spam-Score: 1.3 (+)
X-Scan-Signature: 0e9ebc0cbd700a87c0637ad0e2c91610
Content-Transfer-Encoding: 7bit
Cc: fmaino@cisco.com, gen-art@ietf.org, housley@vigilsec.com
Subject: [Gen-art] Re: Gen art review: draft-maino-fcsp-02.txt (resend)
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/gen-art>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
Sender: gen-art-bounces@ietf.org
Errors-To: gen-art-bounces@ietf.org
Resending as David said he got an empty message. Regards, Elwyn ==================================== Hi, David. In this case, the review *really* was my pleasure! It wasn't totally obvious that FC-SP is going to specify the list of current algorithms. A comment added to each of 4.1 and 4.2 to the effect that 'The recommended and required algorithms are specified in [FC-SP], and [FC-SP] allows for additional future transforms to be standardized and used.' would certainly cover my concerns. The ESP draft/RFC ref (the old one if you are in a hurry I guess) is a nice to have. In 4.2 s/defined/defined initially/. I guess Russ could get RFC Editor instructions for the changes to keep things moving along. Regards, Elwyn Black_David@emc.com wrote: >Elwyn, > >Thanks for the review. I don't think any significant changes are >needed: > > > >>s4.1, last para: It might be good to cite >>RFC2402RFC2406/draft-ietf-ipsec-esp-ah-algorithms-02.txt to cover all >>the 'standard' algorithms rather than one specific algorithm >>(RFC3602). >> >> > >Not exactly. RFC 3602 is correctly cited as an example in a sentence >saying that all algorithms for ESP are applicable. It would be wrong >to cite anything related to AH, as there will be no support for any form >of AH in Fibre Channel. A reference to the ESP RFC would be reasonable >to add. > >The recommended and required algorithms for ESP in FC will be specified >in the FC-SP standard, and a number of existing IPsec algorithms are >likely to be required. OTOH, it would be wrong to reference even the >ESP portion of the algorithms draft, as the FC algorithm requirements >are likely to be different (e.g., FC has a strong interest in AES-GCM). > > > >>s4.2, last para: Nothing is said here about alternative future integrity >>algorithms. Given recent discussion about attacks on MD5 and SHA1, and >>general views about the need for security algorithms to be replaceable >>limiting integrity protection to just two current algorithms is not a >>good idea. >> >> > >The "attacks on MD5 and SHA1" do not work on the keyed HMAC-based >integrity algorithms used here. The integrity algorithms are replaceable, >as the SAID functions similarly to an IPsec SPI in selecting the algorithms >to apply and I could see adding a sentence to say that. In fact one of >the reasons for having IANA allocate values for these algorithms is >to make it easier to replace them, and I could see adding a sentence >to say that. > >The suggested reclassifications of references are reasonable, although >the IANA allocations that result from this draft becoming an RFC are >necessary to complete the FC-SP standard. > >The editorial suggestions can be handled between the RFC Editor and >Authors 48 hours. > >Thanks, >--David >---------------------------------------------------- >David L. Black, Senior Technologist >EMC Corporation, 176 South St., Hopkinton, MA 01748 >+1 (508) 293-7953 FAX: +1 (508) 293-7786 >black_david@emc.com Mobile: +1 (978) 394-7754 >---------------------------------------------------- > > >>-----Original Message----- >>From: Elwyn Davies [mailto:elwynd@dial.pipex.com] >>Sent: Tuesday, September 27, 2005 4:29 AM >>To: gen-art@ietf.org; Mary Barnes; Russ Hously; >>fmaino@cisco.com; Black, David >>Subject: Gen art review: draft-maino-fcsp-02.txt >> >>Background for those on the CC list, who may be unaware of GenART: >>GenART is the Area Review Team for the General Area of the IETF. We >>advise the General Area Director (i.e. the IETF/IESG chair) by providing >>more in depth reviews than he could do himself of documents that come up >>for final decision in IESG telechat. I was selected as the GenART >>member to review this document. Below is my review, which was written >>specifically with an eye to the GenART process, but since I believe that >>it will be useful to have these comments more widely distributed, others >>outside the GenART group are being copied. >> >>Document: draft-maino-fcsp-02.txt >>Intended Status: Informational (individual submission via AD) >>Shepherding AD: Russ Housley >>Review Trigger: IESG Telechat 29/9/05 >> >>Summary: >>An excellent document IMO - easy to read and with excellent balance >>between motivation, explanation and technical detail! Kudos to the >>authors. Given this document is informing the IETF about what Fibre >>Channel is doing, there is no obligation to fix up the couple of issues >>relating to extensibility/future proofing but given IETF experience, it >>might be appropriate to consider remedying them. There are also some >>editorial nits. >> >>Review: >>Generally an excellent document. Given recent IETF experience and the >>general degradation over time of the value of security algorithms, I >>think it would be appropriate to provide very explicitly for algorithm >>replacement, especially as regards the integrity algrithms which are (as >>I read the document) currently fixed. The first two issues give the >>details: >> >>s4.1, last para: It might be good to cite >>RFC2402RFC2406/draft-ietf-ipsec-esp-ah-algorithms-02.txt to cover all >>the 'standard' algorithms rather than one specific algorithm (RFC3602). >>Also it would probably be good to make it crystal clear that any future >>transforms that might be invented to go with ESP would be available for >>use for Fibre Channel. >> >>s4.2, last para: Nothing is said here about alternative future integrity >>algorithms. Given recent discussion about attacks on MD5 and SHA1, and >>general views about the need for security algorithms to be replaceable >>limiting integrity protection to just two current algorithms is not a >>good idea. >> >>s8.1: I would consider refs FC-FS, FC-GS and FC-SP as normative. >> >>s8.2: I think RFCs 2625, 3643 and 3821 are informative as the various >>payloads are not IP encapsulated. >> >>Editorial nits: >>s4, para 3: s/Preambol/Preamble/ >> >>s4, last para: s/Security Association for/Security Associations for/ >> >>s4.1: Fields are 'normalized before computation': presumably this is >>clear to somebody skilled in the Fibre Channel arts but a ref to the >>appropriate piece of specification or an inline description >>would help >>for the unenlightened. >> >>s4.1, Figure 1: Technically the 'Auth' coverage should be 'Integrity' >>coverage (and this would match with the corresponding figure in >>draft-ietf-ipsec-esp-v3-10.txt). >> >> s5.2, para 2: s/protocol ID/protocol IDs/ >> >>s5.4, para 5 (next to last): s/he function/the function/ >> >>s5.4, last para: s/Associaton/Association/ >> >>s6, para 2: s/then there are no theoretical limitations/so that there >>are no a priori limitations/ (the previous phrase gives the >>theoretical >>limit of 4GB!) >> >>s8.2: Should be entitled Normative References >> >> >> _______________________________________________ Gen-art mailing list Gen-art@ietf.org https://www1.ietf.org/mailman/listinfo/gen-art
- [Gen-art] Gen art review: draft-maino-fcsp-02.txt Elwyn Davies
- [Gen-art] RE: Gen art review: draft-maino-fcsp-02… Black_David
- [Gen-art] Re: Gen art review: draft-maino-fcsp-02… Elwyn Davies
- [Gen-art] Re: Gen art review: draft-maino-fcsp-02… Elwyn Davies