[Gen-art] RE: Gen art review: draft-maino-fcsp-02.txt
Black_David@emc.com Tue, 27 September 2005 15:57 UTC
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EKHpl-0004jI-Bu; Tue, 27 Sep 2005 11:57:33 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EKHpk-0004j3-Dw for gen-art@megatron.ietf.org; Tue, 27 Sep 2005 11:57:32 -0400
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA22034 for <gen-art@ietf.org>; Tue, 27 Sep 2005 11:57:30 -0400 (EDT)
From: Black_David@emc.com
Received: from mailhub.lss.emc.com ([168.159.2.31]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1EKHx1-0001U4-S9 for gen-art@ietf.org; Tue, 27 Sep 2005 12:05:04 -0400
Received: from mxic2.corp.emc.com (mxic2.corp.emc.com [128.221.12.9]) by mailhub.lss.emc.com (Switch-3.1.6/Switch-3.1.6) with ESMTP id j8RFvGi1012194; Tue, 27 Sep 2005 11:57:18 -0400 (EDT)
Received: by mxic2.corp.emc.com with Internet Mail Service (5.5.2653.19) id <RT508NQM>; Tue, 27 Sep 2005 11:57:15 -0400
Message-ID: <F222151D3323874393F83102D614E0557A6EC0@CORPUSMX20A.corp.emc.com>
To: elwynd@dial.pipex.com, gen-art@ietf.org, housley@vigilsec.com, fmaino@cisco.com
Date: Tue, 27 Sep 2005 11:57:06 -0400
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain
X-PMX-Version: 4.7.1.128075, Antispam-Engine: 2.1.0.0, Antispam-Data: 2005.9.27.16
X-PerlMx-Spam: Gauge=, SPAM=0%, Reasons='EMC_BODY_1+ -5, EMC_FROM_00+ 0, NO_REAL_NAME 0, __C230066_P3_6 0, __C230066_P5 0, __CHILD_PORN_NOT_1 0, __CT 0, __CT_TEXT_PLAIN 0, __HAS_MSGID 0, __HAS_X_MAILER 0, __IMS_MSGID 0, __IMS_MUA 0, __MIME_TEXT_ONLY 0, __MIME_VERSION 0, __SANE_MSGID 0, __STOCK_CRUFT 0'
X-Spam-Score: 1.5 (+)
X-Scan-Signature: 7da5a831c477fb6ef97f379a05fb683c
Cc: Black_David@emc.com
Subject: [Gen-art] RE: Gen art review: draft-maino-fcsp-02.txt
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/gen-art>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
Sender: gen-art-bounces@ietf.org
Errors-To: gen-art-bounces@ietf.org
Elwyn, Thanks for the review. I don't think any significant changes are needed: > s4.1, last para: It might be good to cite > RFC2402RFC2406/draft-ietf-ipsec-esp-ah-algorithms-02.txt to cover all > the 'standard' algorithms rather than one specific algorithm > (RFC3602). Not exactly. RFC 3602 is correctly cited as an example in a sentence saying that all algorithms for ESP are applicable. It would be wrong to cite anything related to AH, as there will be no support for any form of AH in Fibre Channel. A reference to the ESP RFC would be reasonable to add. The recommended and required algorithms for ESP in FC will be specified in the FC-SP standard, and a number of existing IPsec algorithms are likely to be required. OTOH, it would be wrong to reference even the ESP portion of the algorithms draft, as the FC algorithm requirements are likely to be different (e.g., FC has a strong interest in AES-GCM). > s4.2, last para: Nothing is said here about alternative future integrity > algorithms. Given recent discussion about attacks on MD5 and SHA1, and > general views about the need for security algorithms to be replaceable > limiting integrity protection to just two current algorithms is not a > good idea. The "attacks on MD5 and SHA1" do not work on the keyed HMAC-based integrity algorithms used here. The integrity algorithms are replaceable, as the SAID functions similarly to an IPsec SPI in selecting the algorithms to apply and I could see adding a sentence to say that. In fact one of the reasons for having IANA allocate values for these algorithms is to make it easier to replace them, and I could see adding a sentence to say that. The suggested reclassifications of references are reasonable, although the IANA allocations that result from this draft becoming an RFC are necessary to complete the FC-SP standard. The editorial suggestions can be handled between the RFC Editor and Authors 48 hours. Thanks, --David ---------------------------------------------------- David L. Black, Senior Technologist EMC Corporation, 176 South St., Hopkinton, MA 01748 +1 (508) 293-7953 FAX: +1 (508) 293-7786 black_david@emc.com Mobile: +1 (978) 394-7754 ---------------------------------------------------- > -----Original Message----- > From: Elwyn Davies [mailto:elwynd@dial.pipex.com] > Sent: Tuesday, September 27, 2005 4:29 AM > To: gen-art@ietf.org; Mary Barnes; Russ Hously; > fmaino@cisco.com; Black, David > Subject: Gen art review: draft-maino-fcsp-02.txt > > Background for those on the CC list, who may be unaware of GenART: > GenART is the Area Review Team for the General Area of the IETF. We > advise the General Area Director (i.e. the IETF/IESG chair) by providing > more in depth reviews than he could do himself of documents that come up > for final decision in IESG telechat. I was selected as the GenART > member to review this document. Below is my review, which was written > specifically with an eye to the GenART process, but since I believe that > it will be useful to have these comments more widely distributed, others > outside the GenART group are being copied. > > Document: draft-maino-fcsp-02.txt > Intended Status: Informational (individual submission via AD) > Shepherding AD: Russ Housley > Review Trigger: IESG Telechat 29/9/05 > > Summary: > An excellent document IMO - easy to read and with excellent balance > between motivation, explanation and technical detail! Kudos to the > authors. Given this document is informing the IETF about what Fibre > Channel is doing, there is no obligation to fix up the couple of issues > relating to extensibility/future proofing but given IETF experience, it > might be appropriate to consider remedying them. There are also some > editorial nits. > > Review: > Generally an excellent document. Given recent IETF experience and the > general degradation over time of the value of security algorithms, I > think it would be appropriate to provide very explicitly for algorithm > replacement, especially as regards the integrity algrithms which are (as > I read the document) currently fixed. The first two issues give the > details: > > s4.1, last para: It might be good to cite > RFC2402RFC2406/draft-ietf-ipsec-esp-ah-algorithms-02.txt to cover all > the 'standard' algorithms rather than one specific algorithm (RFC3602). > Also it would probably be good to make it crystal clear that any future > transforms that might be invented to go with ESP would be available for > use for Fibre Channel. > > s4.2, last para: Nothing is said here about alternative future integrity > algorithms. Given recent discussion about attacks on MD5 and SHA1, and > general views about the need for security algorithms to be replaceable > limiting integrity protection to just two current algorithms is not a > good idea. > > s8.1: I would consider refs FC-FS, FC-GS and FC-SP as normative. > > s8.2: I think RFCs 2625, 3643 and 3821 are informative as the various > payloads are not IP encapsulated. > > Editorial nits: > s4, para 3: s/Preambol/Preamble/ > > s4, last para: s/Security Association for/Security Associations for/ > > s4.1: Fields are 'normalized before computation': presumably this is > clear to somebody skilled in the Fibre Channel arts but a ref to the > appropriate piece of specification or an inline description > would help > for the unenlightened. > > s4.1, Figure 1: Technically the 'Auth' coverage should be 'Integrity' > coverage (and this would match with the corresponding figure in > draft-ietf-ipsec-esp-v3-10.txt). > > s5.2, para 2: s/protocol ID/protocol IDs/ > > s5.4, para 5 (next to last): s/he function/the function/ > > s5.4, last para: s/Associaton/Association/ > > s6, para 2: s/then there are no theoretical limitations/so that there > are no a priori limitations/ (the previous phrase gives the > theoretical > limit of 4GB!) > > s8.2: Should be entitled Normative References > _______________________________________________ Gen-art mailing list Gen-art@ietf.org https://www1.ietf.org/mailman/listinfo/gen-art
- [Gen-art] Gen art review: draft-maino-fcsp-02.txt Elwyn Davies
- [Gen-art] RE: Gen art review: draft-maino-fcsp-02… Black_David
- [Gen-art] Re: Gen art review: draft-maino-fcsp-02… Elwyn Davies
- [Gen-art] Re: Gen art review: draft-maino-fcsp-02… Elwyn Davies