Re: [Gen-art] Gen-Art Last Call Review: draft-burgin-ipsec-suiteb-profile-00
Alexey Melnikov <alexey.melnikov@isode.com> Mon, 04 July 2011 20:28 UTC
Return-Path: <alexey.melnikov@isode.com>
X-Original-To: gen-art@ietfa.amsl.com
Delivered-To: gen-art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1F6EB21F87B5; Mon, 4 Jul 2011 13:28:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pR1OeHPpRGDD; Mon, 4 Jul 2011 13:28:15 -0700 (PDT)
Received: from rufus.isode.com (rufus.isode.com [62.3.217.251]) by ietfa.amsl.com (Postfix) with ESMTP id 8F4C021F879E; Mon, 4 Jul 2011 13:28:14 -0700 (PDT)
Received: from [188.28.235.57] (188.28.235.57.threembb.co.uk [188.28.235.57]) by rufus.isode.com (submission channel) via TCP with ESMTPA id <ThIiWwB=gFNj@rufus.isode.com>; Mon, 4 Jul 2011 21:28:12 +0100
Message-ID: <4E12223B.304@isode.com>
Date: Mon, 04 Jul 2011 21:27:39 +0100
From: Alexey Melnikov <alexey.melnikov@isode.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.12) Gecko/20050915
X-Accept-Language: en-us, en
To: "Burgin, Kelley W." <kwburgi@tycho.ncsc.mil>
References: <4D9C8D2A.7080605@nostrum.com> <4DFBD34B.7000900@isode.com> <D22B261D1FA3CD48B0414DF484E43D32986F8C@celebration.infosec.tycho.ncsc.mil>
In-Reply-To: <D22B261D1FA3CD48B0414DF484E43D32986F8C@celebration.infosec.tycho.ncsc.mil>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: gen-art@ietf.org, draft-burgin-ipsec-suiteb-profile.all@tools.ietf.org, iesg@ietf.org
Subject: Re: [Gen-art] Gen-Art Last Call Review: draft-burgin-ipsec-suiteb-profile-00
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/gen-art>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Jul 2011 20:28:16 -0000
Hi Kelley, Thanks for the answers. Some followup questions/comments below. Burgin, Kelley W. wrote: >Thank you for the review. Comments inline below, noted with [kwb]. > >Kelley > >-----Original Message----- >From: Alexey Melnikov [mailto:alexey.melnikov@isode.com] >Sent: Friday, June 17, 2011 6:21 PM >To: draft-burgin-ipsec-suiteb-profile.all@tools.ietf.org >Cc: gen-art@ietf.org; iesg@ietf.org >Subject: [Gen-art] Gen-Art Last Call Review: >draft-burgin-ipsec-suiteb-profile-00 > >I am the assigned Gen-ART reviewer for this draft. For background on >Gen-ART, please see the FAQ at ><http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>. > >Please resolve these comments along with any other Last Call comments >you may receive. > >Document: draft-burgin-ipsec-suiteb-profile-00 >Reviewer: Alexey Melnikov >Review Date: 17-June-2011 >IETF LC End Date: 13-July-2011 >IESG Telechat > >Summary: not ready, but issues are not difficult to address > >Major issues: > >4.3. Suite B IKEv2 Authentication > > If configured at a minimum level of security of 128 bits, a system > MUST use either ECDSA-256 or ECDSA-384 for IKE authentication. It > is allowable for one party to authenticate with ECDSA-256 and the > other party to authenticate with ECDSA-384. This flexibility will > allow interoperability between an initiator and a responder that > have different sizes of ECDSA authentication keys. > > Initiators and responders in a system configured at a minimum level > of security of 128 bits MUST be able to verify ECDSA-256 signatures > and SHOULD be able to verify ECDSA-384 signatures. > >The last SHOULD seems to mean that at the minimum level of security of >128 bits it is possible to have a situation when a responder might be unable >to verify ECDSA-384 signatures used by an initiator. > >Is this truly desirable? > >[kwb] Would we like minLOS_128 devices to be able to also support the >192 bit sure, but there might be cases where they simply can't. That's >why it's a SHOULD and not a MUST. > How are you planning to achieve interoperability if one endpoint can use a mechanism which the other end is not required to support? >5. Suite B Security Associations (SAs) for IKEv2 and IPsec > > An initiator in a system configured at a minimum level of security > of 128 bits MUST offer one or more of the four suites: > Suite-B-GCM-128, Suite-B-GMAC-128, Suite-B-GCM-256 or > Suite-B-GMAC-256 [RFC4869bis]. Suite-B-GCM-128 and > Suite-B-GMAC-128, if offered, must appear in the IKEv2 and IPsec SA > payloads before any offerings of Suite-B-GCM-256 and > Suite-B-GMAC-256. > >Does this mean that the responder needs to support all 4? >I think it does (or otherwise there is a chance of non >interoperability), >but it would be better to state that explicitly. > >[kwb] I will add "A responder configured in a system at a minimum level >of security of 128 bits MUST support Suite-B-GCM-128 and >Suite-B-GMAC-128 and SHOULD support Suite-B-GCM-256 and >Suite-B-GMAC-256." To the beginning of the following paragraph. > > This is going to have the same interop issue as above. > A responder configured in a system at a minimum level of security > of 128 bits SHOULD accept the first Suite B UI suite offered by the > >Is this a new requirement in this document, or is this repeating a >general requirement stated in another document? If the latter, a >reference is needed here, ideally accompanied by some text stating that >the requirement comes from another document. > >Similar text later in the same section. > > initiator that it can accommodate. If none of the four suites are > offered, the responder MUST return a Notify payload with the error > "NO_PROPOSAL_CHOSEN". > >[kwb] These are new, so no reference is given. > Why is this a SHOULD and not a MUST, i.e. what are the possible reasons for not selecting the first offered mechanism? >8. Additional Requirements > > Suite B IPsec compliant systems MUST support IKEv2 and MUST NOT use > IKEv1. However, to accommodate backward compatibility, a Suite B > IPsec compliant system can be configured to use IKEv1 so long as >only > IKEv2 is used between a Suite B compliant initiator and responder. > >You lost me here. Can you please explain what is the meaning of >the second sentence? > >[kwb] This means that the box can talk both IKEv1 and IKEv2 but when >they're talking in "Suite B mode" they can't use IKEv1. > I suggest you rephrase the 2 sentences to say exactly that. I found the current text to be unclear. > The administrative user interface, (UI), for a system that conforms > to this profile MUST allow the operator to specify a single suite. > If only one suite is specified in the administrative UI, the IKEv2 > implementation MUST only offer algorithms for that one suite. > >This requirement is unusual, because IETF documents rarely have >requirements on UIs. Can you please elaborate what is this trying to >achieve? > >[kwb] It is unusual, but the accompanying draft >(draft-law-rfc4869bis-01) defines Suite B User Interface suites (the >term UI is from RFC 4308) that this draft refers to so this seems like >the appropriate term. From RFC 4308: "These suites may be presented in >the administrative interface of the IPsec system." > Ok. >Minor issues: > >3. Suite B Requirements > > Curve NIST name SECG name IANA assigned DH group # > ----------------------------------------------------------------- > P-256 nistp256 secp256r1 19 > P-384 nistp384 secp384r1 20 > >This doesn't tell where to look for the IANA assigned DH group. >An Informative reference would be nice. > >[kwb] Will add "IANA has already registered these DH groups in >[IKEV2IANA]." after the table, and add to Informative References: >[IKEV2IANA] "Internet Key Exchange Version 2 (IKEv2) Parameters", ><http://www.iana.org>. > Thanks. >10. IANA Considerations > > TBD. > >I think this needs to be replaced with a statement saying that this >document doesn't require any new actions from IANA, because all >algorithm are already registered in RFCs referenced by this document. > >[kwb] Will replace "TBD" with "None." > >idnits 2.12.12 reports: > > Miscellaneous warnings: > >------------------------------------------------------------------------ >---- > > -- The document has a disclaimer for pre-RFC5378 work, but was first > submitted on or after 10 November 2008. Does it really need the > disclaimer? > >Please double check that that is intentional. > >[kwb] This is intentional since this draft uses text from documents >published before 10 November 2008. > > Thanks for checking. >Nits/editorial comments: > >7. Generating Keying Material for the IKE SA > > IKEv2, [RFC5996], allows for the reuse of Diffie-Hellman ephemeral > keys. Section 5.6.4.3 of NIST SP800-56A states that an ephemeral > private key MUST be used in exactly one key establishment > transaction and MUST be zeroized after its use. > >Is "zeroized" a correct verb? > >[kwb] The terms zeroize, zeroized, zeroizing are used in security >standards (e.g., RFCs 1319-1321, 4949). > Ok then :-).
- [Gen-art] A *new* batch of IETF LC reviews - 2011… A. Jean Mahoney
- [Gen-art] Review: draft-ietf-siprec-req-09 Joel M. Halpern
- [Gen-art] Review: draft-ietf-siprec-req-10 Joel M. Halpern
- [Gen-art] Gen-Art Last Call Review: draft-burgin-… Alexey Melnikov
- Re: [Gen-art] Gen-Art Last Call Review: draft-bur… Alexey Melnikov
- Re: [Gen-art] Gen-Art Last Call Review: draft-bur… Burgin, Kelley W.
- Re: [Gen-art] Gen-Art Last Call Review: draft-bur… Alexey Melnikov
- Re: [Gen-art] Gen-Art Last Call Review: draft-bur… Paul Hoffman
- Re: [Gen-art] Gen-Art Last Call Review: draft-bur… Alexey Melnikov
- Re: [Gen-art] Gen-Art Last Call Review: draft-bur… Alexey Melnikov