[Gen-art] Gen-ART review of draft-martin-ibcs-04.txt
Black_David@emc.com Wed, 04 July 2007 01:08 UTC
Return-path: <gen-art-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1I5tMM-0008Q5-5q; Tue, 03 Jul 2007 21:08:46 -0400
Received: from gen-art by megatron.ietf.org with local (Exim 4.43) id 1I5tMK-0008Fx-2A for gen-art-confirm+ok@megatron.ietf.org; Tue, 03 Jul 2007 21:08:44 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1I5tMJ-0008DF-MX; Tue, 03 Jul 2007 21:08:43 -0400
Received: from mexforward.lss.emc.com ([128.222.32.20]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1I5tMB-00043d-Fr; Tue, 03 Jul 2007 21:08:43 -0400
Received: from mailhub.lss.emc.com (nagas.lss.emc.com [10.254.144.11]) by mexforward.lss.emc.com (Switch-3.2.5/Switch-3.1.7) with ESMTP id l6418XM9000063; Tue, 3 Jul 2007 21:08:34 -0400 (EDT)
Received: from corpussmtp3.corp.emc.com (corpussmtp3.corp.emc.com [10.254.64.53]) by mailhub.lss.emc.com (Switch-3.2.5/Switch-3.1.7) with ESMTP id l6418RHE007198; Tue, 3 Jul 2007 21:08:28 -0400 (EDT)
From: Black_David@emc.com
Received: from CORPUSMX20A.corp.emc.com ([128.221.62.12]) by corpussmtp3.corp.emc.com with Microsoft SMTPSVC(6.0.3790.1830); Tue, 3 Jul 2007 21:08:27 -0400
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable
Date: Tue, 03 Jul 2007 21:08:26 -0400
Message-ID: <F222151D3323874393F83102D614E0550A4D225F@CORPUSMX20A.corp.emc.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: Gen-ART review of draft-martin-ibcs-04.txt
Thread-Index: Ace919PE+J1XSEp8REup1hmpjiXttQ==
To: gen-art@ietf.org, tim.polk@nist.gov, hartmans-ietf@mit.edu, xavier@voltage.com, martin@voltage.com
X-OriginalArrivalTime: 04 Jul 2007 01:08:27.0615 (UTC) FILETIME=[D4064EF0:01C7BDD7]
X-PMX-Version: 4.7.1.128075, Antispam-Engine: 2.5.1.298604, Antispam-Data: 2007.7.3.172533
X-PerlMx-Spam: Gauge=, SPAM=0%, Reason='EMC_BODY_1+ -3, EMC_FROM_0+ -3, NO_REAL_NAME 0, __C230066_P5 0, __CP_URI_IN_BODY 0, __CT 0, __CTE 0, __CT_TEXT_PLAIN 0, __HAS_MSGID 0, __IMS_MSGID 0, __MIME_TEXT_ONLY 0, __MIME_VERSION 0, __SANE_MSGID 0'
X-Spam-Score: 0.2 (/)
X-Scan-Signature: 73734d43604d52d23b3eba644a169745
Cc: blake@sendmail.com, turners@ieca.com, Black_David@emc.com, ietf-action@ietf.org
Subject: [Gen-art] Gen-ART review of draft-martin-ibcs-04.txt
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/gen-art>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
Errors-To: gen-art-bounces@ietf.org
IETF-ACTION: The IPR disclosure search is failing to find IPR disclosures for this draft. A search for draft-martin-ibcs-04.txt should return IPR disclosures #821 and #751. Please make it so. Xavier and Luther, I have been selected as the General Area Review Team (Gen-ART) reviewer for this draft (for background on Gen-ART, please see http://www.alvestrand.no/ietf/gen/art/gen-art-FAQ.html). Please wait for direction from your document shepherd or AD before posting a new version of the draft. Document: draft-martin-ibcs-04.txt Reviewer: David L. Black Review Date: 03 July 2007 IESG Telechat date: 05 July 2007 Summary: This draft is basically ready for publication as an Informational RFC, but has nits that should be fixed before publication. Comments: The -04 version of this draft is much improved over the -03 version, and has addressed most of the concerns raised in the GenART review of the -03 version. In particular, the serious lack of hash agility and the related lack of support for the 256-bit level of security have both been corrected in the -04 version, there is now a discussion of use of IBE at the front of the draft, and the security considerations section has been significantly improved. Many thanks to the authors for dealing with these issues. The IPR disclosure was in fact filed at the time of the previous review, but the IETF IPR search tool fails to find it. This review has been cc:'d to IETF-ACTION in order to correct this failure. I've cc:'d the smime WG chairs to ensure that they are aware of the contents of this disclosure - https://datatracker.ietf.org/ipr/821/ . The security considerations section does not explicitly address the stream-cipher-like behavior of encryption/decryption noted in the previous GenART review. This is ok because this security concern has been addressed by other means in the -04 version; the plaintext is now required to be a random session key in Sections 5.4 and 6.4. If the crucial value that effectively initializes the stream cipher (l in Section 5.4, s in Section 6.4), is ever reused, an adversary learns only the XOR of two random session keys, which should be of no value to the adversary for truly random session keys. I still have one concern - there is no discussion of rekeying an individual user. In order to rekey a user whose private keying material has been compromised without changing the master IBE secret, the user's identity has to change. The draft defines identity in Section 2.2 as: Identity - An identity an arbitrary string, usually a human- readable unambiguous designator of a system user, possibly augmented with a time stamp and other attributes. The "possibly augmented ... " wording may be describing a feature that is crucial to enabling a user to be rekeyed without changing her name (e.g., given name, email address). Some discussion of rekeying of users without changing the master IBE secret should be included in the security considerations section, as it appears to have relevance to the choice of structure of identities used with these algorithms. Nit: the parameter space for V in Sections 5.4.1 and 5.5.1 should be "{0, ... , 255}^hashlen" instead of "{0, ... , 255}^20" . Nit: I don't see the point of the [KERLAW] reference to an 1883 paper in French. The added [BF] citations in the -04 version are sufficient for the request in the previous review that a reference be cited to support the statements of belief about strength of these cryptographic techniques. Thanks, --David ---------------------------------------------------- David L. Black, Senior Technologist EMC Corporation, 176 South St., Hopkinton, MA 01748 +1 (508) 293-7953 FAX: +1 (508) 293-7786 black_david@emc.com Mobile: +1 (978) 394-7754 ---------------------------------------------------- _______________________________________________ Gen-art mailing list Gen-art@ietf.org https://www1.ietf.org/mailman/listinfo/gen-art