[Gen-art] gen-art review of draft-ietf-msec-mikey-rsa-r-04.txt
Scott W Brim <sbrim@cisco.com> Thu, 18 May 2006 20:53 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1FgpUs-0006dl-Dv; Thu, 18 May 2006 16:53:26 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FgpUr-0006dg-Fh for gen-art@ietf.org; Thu, 18 May 2006 16:53:25 -0400
Received: from sj-iport-5.cisco.com ([171.68.10.87]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FgpUp-0005dD-Lc for gen-art@ietf.org; Thu, 18 May 2006 16:53:25 -0400
Received: from sj-dkim-6.cisco.com ([171.68.10.81]) by sj-iport-5.cisco.com with ESMTP; 18 May 2006 13:53:07 -0700
X-IronPort-AV: i="4.05,142,1146466800"; d="scan'208"; a="279178305:sNHT4018862272"
Received: from sj-core-3.cisco.com (sj-core-3.cisco.com [171.68.223.137]) by sj-dkim-6.cisco.com (8.12.11/8.12.11) with ESMTP id k4IKr64k007429; Thu, 18 May 2006 13:53:06 -0700
Received: from xbh-rtp-211.amer.cisco.com (xbh-rtp-211.cisco.com [64.102.31.102]) by sj-core-3.cisco.com (8.12.10/8.12.6) with ESMTP id k4IKr5Jj001285; Thu, 18 May 2006 13:53:05 -0700 (PDT)
Received: from xfe-rtp-202.amer.cisco.com ([64.102.31.21]) by xbh-rtp-211.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.211); Thu, 18 May 2006 16:53:05 -0400
Received: from cisco.com ([10.86.242.157]) by xfe-rtp-202.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.211); Thu, 18 May 2006 16:53:05 -0400
Date: Thu, 18 May 2006 16:52:23 -0400
From: Scott W Brim <sbrim@cisco.com>
To: dignjatic@polycom.com, ldondeti@qualcomm.com, audet@nortel.com, linping@nortel.com, housley@vigilsec.com, hartmans-ietf@mit.edu, canetti@watson.ibm.com, msec@securemulticast.org, gen-art@ietf.org
Message-ID: <20060518205223.GA4520@sbrim-wxp01>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
User-Agent: Mutt/1.4.2.1i
X-OriginalArrivalTime: 18 May 2006 20:53:05.0149 (UTC) FILETIME=[0F584AD0:01C67ABD]
DKIM-Signature: a=rsa-sha1; q=dns; l=4292; t=1147985586; x=1148849586; c=relaxed/simple; s=sjdkim6001; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=sbrim@cisco.com; z=From:Scott=20W=20Brim=20<sbrim@cisco.com> |Subject:gen-art=20review=20of=20draft-ietf-msec-mikey-rsa-r-04.txt; X=v=3Dcisco.com=3B=20h=3DjRbCEx+5O6V/BPEPzXtwVzCfwqs=3D; b=sRRoCQ/zVI+8mnzEsihNFdfYaO6oq0NVIAaOl2U2ap9elpf9aEVcKDDEssILOAXApMsfRw2D 8qI5sJBk4ZXiWFRerrJogUiTFYQS4Q/KM799V1piyuvA8HuJRvKLiKmj;
Authentication-Results: sj-dkim-6.cisco.com; header.From=sbrim@cisco.com; dkim=pass ( sig from cisco.com verified; );
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 6e922792024732fb1bb6f346e63517e4
Cc:
Subject: [Gen-art] gen-art review of draft-ietf-msec-mikey-rsa-r-04.txt
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/gen-art>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
Errors-To: gen-art-bounces@ietf.org
I am the assigned Gen-ART reviewer for
draft-ietf-msec-mikey-rsa-r-04.txt.
For background on Gen-ART, please see the FAQ at
<http://www.alvestrand.no/ietf/gen/art/gen-art-FAQ.html>.
Please resolve these comments along with any other
Last Call comments you may receive.
This draft is basically ready for publication, but has nits that
should be fixed before publication.
Here is my review:
Just before I went through this draft we had been having a discussion
of SHOULD, MUST, etc., and thus I was more aware than usual of their
usage. I found several uses of SHOULD which I believe should be
improved, to make the document clearer for implementors.
RFC2119 says
3. SHOULD This word, or the adjective "RECOMMENDED", mean that
there may exist valid reasons in particular circumstances
to ignore a particular item, but the full implications must
be understood and carefully weighed before choosing a
different course.
To help implementors "understand and carefully weigh" their decision,
SHOULDs actually require more supporting text than MUSTs.
The draft says:
The RAND payload SHOULD be included in the I_MESSAGE when
MIKEY-RSA-R mode is used for unicast communication. It SHOULD be
omitted when this mode is used to establish group keys. The reason
for the inclusion of the RAND payload in unicast scenarios is to
allow for the Initiator to contribute entropy to the key derivation
process (in addition to the CSB_ID).
There are two SHOULDs here. For the first one, under what conditions
would a Initiator not contribute entropy? Should this SHOULD be a
MAY? A MUST? If it should be a SHOULD, please explain the
exceptions.
For the second one ("SHOULD be omitted"), are there any conditions
under which it might be legitimate to include the RAND payload for
group keys? If so those conditions should be listed. If not, it
should be a MUST.
There is some discussion down in 5.1 but it doesn't seem to answer
these questions. If 5.1 is meant to do so, then please put more
explicit information there and have these SHOULDs refer to it.
Similarly, if I could find the exceptions in rfc3830 somewhere, could
you give a more specific reference to where?
(One also wonders about the threat model where more entropy is needed
for unicast keys than group keys.)
Here is a related SHOULD issue:
o If a RAND payload is present in the I_MESSAGE, both sides use
that RAND payload as the RAND value in the MIKEY key
computation. In case of multicast, if a RAND payload is present
in the I_MESSAGE, the Responder SHOULD ignore the payload. In
any case, the R_MESSAGE for multicast communication MUST contain
a RAND payload and that RAND payload is used for key
computation.
So the sender should omit the RAND payload in the multicast case
stated above), and if sent, the receiver SHOULD ignore it. Under what
conditions is it appropriate for the receiver NOT to ignore it?
Should this be a MUST?
... and then two more, unrelated:
The Initiator MAY also send security policy (SP) payload(s)
containing all the security policies that it supports. If the
Responder does not support any of the policies included, it SHOULD
reply with an Error message of type "Invalid SPpar" (Error no. 10).
Under what conditions would the Responder not reply with that error
message? Is this a MAY?
When used in group scenarios with bi-directional media, the
Responder SHOULD include two TGKs or TEKs in the KEMAC payload.
The first TGK or TEK SHOULD be used for receiving media on the
Initiator's side and the second one to encrypt/authenticate media
originating on the Initiator's side. This allows all the multicast
traffic to be encrypted/authenticated by the same group key, while
keys used for unicast streams from all the group members can still
be independent.
Again ... when is it appropriate not to include two TGKs or TEKs?
When is it appropriate for the Initiator not to use the first key for
receiving and the second for sending? Should these two SHOULDs be
MUSTs? If not, please make the exceptions clear.
Thanks.
swb
_______________________________________________
Gen-art mailing list
Gen-art@ietf.org
https://www1.ietf.org/mailman/listinfo/gen-art
- [Gen-art] gen-art review of draft-ietf-msec-mikey… Scott W Brim
- [Gen-art] Re: gen-art review of draft-ietf-msec-m… Lakshminath Dondeti
- [Gen-art] Re: [MSEC] Re: gen-art review of draft-… Lakshminath Dondeti
- Re: [Gen-art] Re: [MSEC] Re: gen-art review of dr… Scott W Brim