Re: [Gen-art] Genart last call review of draft-ietf-curdle-ssh-curves-09
"Mark D. Baushke" <mdb@juniper.net> Mon, 26 August 2019 18:23 UTC
Return-Path: <mdb@juniper.net>
X-Original-To: gen-art@ietfa.amsl.com
Delivered-To: gen-art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6B9CA120C3E; Mon, 26 Aug 2019 11:23:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.701
X-Spam-Level:
X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=juniper.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aAXEIp_NER8y; Mon, 26 Aug 2019 11:23:28 -0700 (PDT)
Received: from mx0a-00273201.pphosted.com (mx0a-00273201.pphosted.com [208.84.65.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 66602120B7C; Mon, 26 Aug 2019 11:23:28 -0700 (PDT)
Received: from pps.filterd (m0108159.ppops.net [127.0.0.1]) by mx0a-00273201.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id x7QIDteP021073; Mon, 26 Aug 2019 11:23:22 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h=to : cc : subject : in-reply-to : references : from : mime-version : content-type : content-transfer-encoding : date : message-id; s=PPS1017; bh=K4JS3xbeHAnz53YSslIkTPGqv9EqtUt3p00064iznVk=; b=kGsCuYSiOYcbTgtRv/SRmXaKzkWk+XcIWKfO5PrIYfZqJ/NWbtDdTc+0Evw+DoSRhoNy 7MfferS3YqqWGXZ1UI9sgngdFd5n0kbQidCu8WYhFaF0IYBm1NkuAuQLjGNCdvONa59p RNwcKTpzrKYzp/O63M59iXA9J8WhsQHL5vUmmqOxFbyaa3AxywH7UwZXDg2pD7TZLtS7 crJtfyfIV+09vqGBHg0127Kk2bbj14gmBkamR8q7rMpCJrpzlrlVoksc9nxRLkZWRpO8 VGN7VzkHJUkBPz5SWWEBXD/Ojm8lPKM9piWDK5lavCeGsLTbiJisgVYtqLL5L6/7IuS2 5w==
Received: from nam03-co1-obe.outbound.protection.outlook.com (mail-co1nam03lp2053.outbound.protection.outlook.com [104.47.40.53]) by mx0a-00273201.pphosted.com with ESMTP id 2ukne1j6k2-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Mon, 26 Aug 2019 11:23:22 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=fpqGpYnlV3NQ1rZH0RiEGzPFunMaP3Ze3ibfKMmefdkS1HTjIpN0G+yAxWAUq/V6f9eTezugR/sgDJKhym8uj/XH4J2mloj1dYVZcAqaM5fs9maiUIBJUDaybdUPl9rABzfyMZC/vVVsLfIUu5aLhf9MxQAbkxcfDShlnE2iTYMplnAxOlusadfT2I4sbYBaNDWvcEXqnL0JWf9/jjXysvaLUNMaBw3zIbUwwb2Zt/zma4ftQzL36nsFSfzJstlzg2Uc1EY9+gMyjSuyUja6cixlgLEmXIRgHTmPqCvmuSzGWZuIPMcl/6LSryPmsNt7wJEOclwNTQAPUx6YVW6Mjg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=K4JS3xbeHAnz53YSslIkTPGqv9EqtUt3p00064iznVk=; b=TXhYrxxbuYvNiw/yWAEHMvEcnJl95WSn62KUpvE5VPg8pgmcay3j3Zp0zxdlc1A4xCEu54ewy4gOoI5c+I0SvXBjRMKToVLJlahUS8EOVmG9vvdqmvHjLOjHl/SarwINMDrkLPR9S9zy3d4sEyPJY2SzTr+5QJf4N29rn20VnVI8O62V+BGA1thnpTyn6OTG04oq2n8Q1xeemaJSagYZ+vVvHH4hDfn0dfQTjpCWbwa91XqRZEBrSE6cS4u9ntpgO6Rr1dnhKBMJELTc/prZoGeklT5aKk4NKQ/PzoN4+Huwgb18Yo/L/p2YlUc9XQOk+QiVNOI0ZIeDq+AFkEQqPg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=softfail (sender ip is 66.129.239.12) smtp.rcpttodomain=ietf.org smtp.mailfrom=juniper.net; dmarc=fail (p=reject sp=reject pct=100) action=oreject header.from=juniper.net; dkim=none (message not signed); arc=none
Received: from CO2PR05CA0100.namprd05.prod.outlook.com (2603:10b6:104:1::26) by BN7PR05MB4482.namprd05.prod.outlook.com (2603:10b6:406:ff::27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2220.15; Mon, 26 Aug 2019 18:23:20 +0000
Received: from CO1NAM05FT041.eop-nam05.prod.protection.outlook.com (2a01:111:f400:7e50::205) by CO2PR05CA0100.outlook.office365.com (2603:10b6:104:1::26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2220.11 via Frontend Transport; Mon, 26 Aug 2019 18:23:20 +0000
Received-SPF: SoftFail (protection.outlook.com: domain of transitioning juniper.net discourages use of 66.129.239.12 as permitted sender)
Received: from P-EXFEND-EQX-01.jnpr.net (66.129.239.12) by CO1NAM05FT041.mail.protection.outlook.com (10.152.96.154) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.2220.7 via Frontend Transport; Mon, 26 Aug 2019 18:23:19 +0000
Received: from P-EXBEND-EQX-03.jnpr.net (10.104.8.56) by P-EXFEND-EQX-01.jnpr.net (10.104.8.54) with Microsoft SMTP Server (TLS) id 15.0.1367.3; Mon, 26 Aug 2019 11:23:19 -0700
Received: from P-EXBEND-EQX-02.jnpr.net (10.104.8.53) by P-EXBEND-EQX-03.jnpr.net (10.104.8.56) with Microsoft SMTP Server (TLS) id 15.0.1367.3; Mon, 26 Aug 2019 11:23:18 -0700
Received: from p-mailhub01.juniper.net (10.104.20.6) by P-EXBEND-EQX-02.jnpr.net (10.104.8.53) with Microsoft SMTP Server (TLS) id 15.0.1367.3 via Frontend Transport; Mon, 26 Aug 2019 11:23:18 -0700
Received: from contrail-ubm16-mdb.svec1.juniper.net ([10.163.18.199]) by p-mailhub01.juniper.net (8.14.4/8.11.3) with ESMTP id x7QINGii018589; Mon, 26 Aug 2019 11:23:17 -0700 (envelope-from mdb@juniper.net)
To: Christer Holmberg <christer.holmberg@ericsson.com>
CC: "gen-art@ietf.org" <gen-art@ietf.org>, "curdle@ietf.org" <curdle@ietf.org>, "ietf@ietf.org" <ietf@ietf.org>, "draft-ietf-curdle-ssh-curves.all@ietf.org" <draft-ietf-curdle-ssh-curves.all@ietf.org>
In-Reply-To: <VI1PR07MB31676329164CD78688C193E393A10@VI1PR07MB3167.eurprd07.prod.outlook.com>
References: <156647523885.14827.16394888562228822662@ietfa.amsl.com>, <19556.1566836922@contrail-ubm16-mdb.svec1.juniper.net> <VI1PR07MB31676329164CD78688C193E393A10@VI1PR07MB3167.eurprd07.prod.outlook.com>
Comments: In-reply-to: Christer Holmberg <christer.holmberg@ericsson.com> message dated "Mon, 26 Aug 2019 17:37:16 -0000."
From: "Mark D. Baushke" <mdb@juniper.net>
X-Phone: +1 408 745-2952 (Office)
X-Mailer: MH-E 8.6; nmh 1.6; GNU Emacs 24.5.1
X-Face: #8D_6URD2G%vC.hzU<dI&#Y9szHj$'mGtUq&d=rXy^L$-=G_-LmZ^5!Fszk:yXZp$k\nTF? 8Up0!v/%1Q[(d?ES0mQW8dRCXi18gK)luJu)loHk, }4{Vi`yX?p?crF5o:LL{6#eiO:(E:YMxLXULB k|'a*EjN.B&L+[J!PhJ*aX0n:5/
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Date: Mon, 26 Aug 2019 11:23:16 -0700
Message-ID: <22345.1566843796@contrail-ubm16-mdb.svec1.juniper.net>
X-EXCLAIMER-MD-CONFIG: e3cb0ff2-54e7-4646-8a04-0dae4ac7b136
X-EOPAttributedMessage: 0
X-MS-Office365-Filtering-HT: Tenant
X-Forefront-Antispam-Report: CIP:66.129.239.12; IPV:NLI; CTRY:US; EFV:NLI; SFV:NSPM; SFS:(10019020)(4636009)(396003)(376002)(136003)(346002)(39860400002)(2980300002)(189003)(199004)(23676004)(86362001)(2906002)(117636001)(14444005)(5660300002)(50466002)(47776003)(478600001)(76176011)(70586007)(7696005)(2486003)(229853002)(53936002)(70206006)(54906003)(316002)(356004)(97876018)(8746002)(336012)(8936002)(6246003)(486006)(476003)(126002)(446003)(11346002)(426003)(81166006)(81156014)(8676002)(6916009)(50226002)(186003)(305945005)(26005)(4326008)(62816006); DIR:OUT; SFP:1102; SCL:1; SRVR:BN7PR05MB4482; H:P-EXFEND-EQX-01.jnpr.net; FPR:; SPF:SoftFail; LANG:en; PTR:InfoDomainNonexistent; MX:1; A:1;
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 3ac260cf-9d02-4b6b-9401-08d72a5278c4
X-Microsoft-Antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600166)(711020)(4605104)(4710121)(4711137)(1401327)(4618075)(2017052603328); SRVR:BN7PR05MB4482;
X-MS-TrafficTypeDiagnostic: BN7PR05MB4482:
X-Microsoft-Antispam-PRVS: <BN7PR05MB448209E956B38585B470DAE2BFA10@BN7PR05MB4482.namprd05.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:10000;
X-Forefront-PRVS: 01415BB535
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Message-Info: A4ZhY8odA0lEwF9Iu0K1Xh7Ds5EZ6JzZldjzGgSP7QR7hBlrbNhmkP5BgkuGUyF9lOIOVNcOhemDQ5qLLMQjCjSgu5osAZS6QWuZSK3CcV4GRNQWxEy+oMH3cA7dQmkIoWBR2VyanVDRAGfbXehnXGkWNjnXGYWtbM5RHiP+q0vPgjQk/5L5UF66hU3N9dQKJZO7h4zNobBs3ToMe6/djb6hyz5jrGQZCeH7TTo72wBI/w5oSAgK55069s8VNJit4tfanG8QXX9n1sT/S41yWf5o3eBTV6LVv3QZYOymyyzERCeqH5hRDMRJlj4PD/sdbilTVk1jsnSkb3U3Bo2AaDD5JZK/raQKXoVZHUGmlZqopsKNT0VV7ikfgSoAkwWLjbZ0/t7q5Ph/wtdKHI1MP5qpIdVZicS/6QmpMeyQv4k=
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Aug 2019 18:23:19.6256 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 3ac260cf-9d02-4b6b-9401-08d72a5278c4
X-MS-Exchange-CrossTenant-Id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=bea78b3c-4cdb-4130-854a-1d193232e5f4; Ip=[66.129.239.12]; Helo=[P-EXFEND-EQX-01.jnpr.net]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN7PR05MB4482
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:5.22.84,1.0.8 definitions=2019-08-26_08:2019-08-26,2019-08-26 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 priorityscore=1501 adultscore=0 mlxlogscore=999 malwarescore=0 bulkscore=0 suspectscore=0 impostorscore=0 phishscore=0 spamscore=0 mlxscore=0 lowpriorityscore=0 clxscore=1015 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-1906280000 definitions=main-1908260177
Archived-At: <https://mailarchive.ietf.org/arch/msg/gen-art/lBuMhhaEN1fA1do2x4MHqhPh1GA>
Subject: Re: [Gen-art] Genart last call review of draft-ietf-curdle-ssh-curves-09
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/gen-art/>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Aug 2019 18:23:30 -0000
Christer Holmberg <christer.holmberg@ericsson.com> writes: > Hi Mark, > > Please see inline. I have removed the comments where your suggested > solution is fine and I have nothing further to say. I have done likewise. > Section 1: > ----------- > > Q1_1: > ...elided... > > RFC5656 covers three specific constructions: > > > > a) Elliptic Curve Diffie-Hellman (ECDH),> > > b) Elliptic Curve Menezes-Qu-Vanstone (ECMQV) key agreement, and > > c) Elliptic Curve Digital Signature Algorithm (ECDSA). > > > > This draft does not cover the use of a digital signature algoirthm > > or apply the Curve25519 or Curve448 constructions to the use of > > ECMQV and focuses entirely on ECDH key exchange extensions for a > > different construction of elliptic curves. > > Would it be good to indicate that in a note? Possibly. I could add this as the final sentence to the first paragraph of the introduction: Other parts of <xref target="RFC5656"/>, such as Elliptic Curve Menezes-Qu-Vanstone (ECMQV) key agreement, and Elliptic Curve Digital Signature Algorithm (ECDSA) are not considered in this document. ...elided... > > It seems a bit detailed to me for an introduction. Let me know if > > you have any suggestions on a revision. > > I think the text looks good, and it is for sure a good clarification > for a non-security person like myself :) Okay, I will keep at as revised with the only other question being the addition of the sentence noted previously. ...elided... > Personally I would use "describe", but my main issue is being > consistent - no matter what word is used :) I will retain the 'This document defines...' text. I believe that there is a difference between defines and describes. The former is normative text and the latter is more informative. > > --- > > Q1_5: > > >> The text says: > >> > >> > >> “This document provide Curve25519 as the preferred choice, but > >> suggests that the fall back option Curve448 is implemented to provide > >> an hedge against unforeseen analytical advances against Curve25519 > >> and SHA-256.” > >> > >> - Is the only reason why one should implement Curve448 that something > >> MAY happen to Curve25519 in the future? > > > >No, the Curve448 also has a stronger cryptographic security strength. If > >it becomes a requirement to use a minimum of 128 bits of security > >strength, then Curve25519 may be rejected by some and thus the need to > > provide for something stronger. > > Wouldn't it be enough to say that, instead of talking about unforeseen > analytical advances etc? I noted that the sec-dir reviewer had some > comments on that too. > > Please see below for suggested modified text. > > > Let me know if you which to have me remove the entire paragraph or not. > > I think you could keep the paragraph, but instead say something like: > > “This document provide Curve25519 as the preferred choice, but > suggests that the Curve448 is implemented in order to provide > 128 bits of security strength, should that become a requirement. > > At the time of writing this specification high-quality free > implementations of Curve25519 had been in deployed use for > several years, while Curve448 implementations were slowly > appearing, so it was accepted that adoption of Curve448 > would be slower." > > > Should I upload my updated draft-ietf-curdle-ssh-curves-10.xml or > > do you have additional suggestions? I have adopted your two paragraphs to replace the one paragraph that was previously present. > I haven't seen the update draft yet, but if you are ok with my > suggestions you can go ahead to upload. If you are not ok with my > suggestions, then let me know :) Only one questions remains as the last sentence of the first paragarph of the introduction. -- Mark
- [Gen-art] Genart last call review of draft-ietf-c… Christer Holmberg via Datatracker
- Re: [Gen-art] Genart last call review of draft-ie… Mark D. Baushke
- Re: [Gen-art] Genart last call review of draft-ie… Christer Holmberg
- Re: [Gen-art] Genart last call review of draft-ie… Mark D. Baushke
- Re: [Gen-art] Genart last call review of draft-ie… Christer Holmberg
- Re: [Gen-art] Genart last call review of draft-ie… Mark D. Baushke
- Re: [Gen-art] Genart last call review of draft-ie… Christer Holmberg
- Re: [Gen-art] Genart last call review of draft-ie… Alissa Cooper