IETF Logo Mail Archive

[Gen-art] Gen-ART review of draft-martin-ibcs-04.txt

Black_David@emc.com Wed, 04 July 2007 01:08 UTC

Return-path: <gen-art-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1I5tMM-0008Q5-5q; Tue, 03 Jul 2007 21:08:46 -0400
Received: from gen-art by megatron.ietf.org with local (Exim 4.43) id 1I5tMK-0008Fx-2A for gen-art-confirm+ok@megatron.ietf.org; Tue, 03 Jul 2007 21:08:44 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1I5tMJ-0008DF-MX; Tue, 03 Jul 2007 21:08:43 -0400
Received: from mexforward.lss.emc.com ([128.222.32.20]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1I5tMB-00043d-Fr; Tue, 03 Jul 2007 21:08:43 -0400
Received: from mailhub.lss.emc.com (nagas.lss.emc.com [10.254.144.11]) by mexforward.lss.emc.com (Switch-3.2.5/Switch-3.1.7) with ESMTP id l6418XM9000063; Tue, 3 Jul 2007 21:08:34 -0400 (EDT)
Received: from corpussmtp3.corp.emc.com (corpussmtp3.corp.emc.com [10.254.64.53]) by mailhub.lss.emc.com (Switch-3.2.5/Switch-3.1.7) with ESMTP id l6418RHE007198; Tue, 3 Jul 2007 21:08:28 -0400 (EDT)
From: Black_David@emc.com
Received: from CORPUSMX20A.corp.emc.com ([128.221.62.12]) by corpussmtp3.corp.emc.com with Microsoft SMTPSVC(6.0.3790.1830); Tue, 3 Jul 2007 21:08:27 -0400
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable
Date: Tue, 03 Jul 2007 21:08:26 -0400
Message-ID: <F222151D3323874393F83102D614E0550A4D225F@CORPUSMX20A.corp.emc.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: Gen-ART review of draft-martin-ibcs-04.txt
Thread-Index: Ace919PE+J1XSEp8REup1hmpjiXttQ==
To: gen-art@ietf.org, tim.polk@nist.gov, hartmans-ietf@mit.edu, xavier@voltage.com, martin@voltage.com
X-OriginalArrivalTime: 04 Jul 2007 01:08:27.0615 (UTC) FILETIME=[D4064EF0:01C7BDD7]
X-PMX-Version: 4.7.1.128075, Antispam-Engine: 2.5.1.298604, Antispam-Data: 2007.7.3.172533
X-PerlMx-Spam: Gauge=, SPAM=0%, Reason='EMC_BODY_1+ -3, EMC_FROM_0+ -3, NO_REAL_NAME 0, __C230066_P5 0, __CP_URI_IN_BODY 0, __CT 0, __CTE 0, __CT_TEXT_PLAIN 0, __HAS_MSGID 0, __IMS_MSGID 0, __MIME_TEXT_ONLY 0, __MIME_VERSION 0, __SANE_MSGID 0'
X-Spam-Score: 0.2 (/)
X-Scan-Signature: 73734d43604d52d23b3eba644a169745
Cc: blake@sendmail.com, turners@ieca.com, Black_David@emc.com, ietf-action@ietf.org
Subject: [Gen-art] Gen-ART review of draft-martin-ibcs-04.txt
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/gen-art>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
Errors-To: gen-art-bounces@ietf.org

IETF-ACTION: The IPR disclosure search is failing to find IPR
disclosures for this draft.  A search for draft-martin-ibcs-04.txt
should return IPR disclosures #821 and #751.  Please make it so.

Xavier and Luther,

I have been selected as the General Area Review Team (Gen-ART) 
reviewer for this draft (for background on Gen-ART, please see 
http://www.alvestrand.no/ietf/gen/art/gen-art-FAQ.html). 

Please wait for direction from your document shepherd 
or AD before posting a new version of the draft. 

Document: draft-martin-ibcs-04.txt
Reviewer: David L. Black
Review Date: 03 July 2007
IESG Telechat date: 05 July 2007 

Summary:

This draft is basically ready for publication as an Informational
RFC, but has nits that should be fixed before publication.

Comments:

The -04 version of this draft is much improved over the -03 version,
and has addressed most of the concerns raised in the GenART review
of the -03 version.  In particular, the serious lack of hash agility
and the related lack of support for the 256-bit level of security
have both been corrected in the -04 version, there is now a
discussion of use of IBE at the front of the draft, and the security
considerations section has been significantly improved.  Many thanks
to the authors for dealing with these issues.

The IPR disclosure was in fact filed at the time of the previous
review, but the IETF IPR search tool fails to find it.  This review
has been cc:'d to IETF-ACTION in order to correct this failure.
I've cc:'d the smime WG chairs to ensure that they are aware of the
contents of this disclosure - https://datatracker.ietf.org/ipr/821/ .

The security considerations section does not explicitly address
the stream-cipher-like behavior of encryption/decryption noted
in the previous GenART review.  This is ok because this security
concern has been addressed  by other means in the -04 version;
the plaintext is now required to be a random session key in
Sections 5.4 and 6.4.  If the crucial value that effectively
initializes the stream cipher (l in Section 5.4, s in Section
6.4), is ever reused, an adversary learns only the XOR of two
random session keys, which should be of no value to the adversary
for truly random session keys.

I still have one concern - there is no discussion of rekeying an
individual user.  In order to rekey a user whose private keying
material has been compromised without changing the master IBE
secret, the user's identity has to change.  The draft defines
identity in Section 2.2 as:

        Identity - An identity an arbitrary string, usually a human-
        readable unambiguous designator of a system user, possibly 
        augmented with a time stamp and other attributes. 

The "possibly augmented ... " wording may be describing a feature
that is crucial to enabling a user to be rekeyed without changing
her name (e.g., given name, email address).  Some discussion of
rekeying of users without changing the master IBE secret should be
included in the security considerations section, as it appears to
have relevance to the choice of structure of identities used with
these algorithms.

Nit: the parameter space for V in Sections 5.4.1 and 5.5.1 should
be "{0, ... , 255}^hashlen" instead of "{0, ... , 255}^20" .

Nit: I don't see the point of the [KERLAW] reference to an 1883
paper in French.  The added [BF] citations in the -04 version are
sufficient for the request in the previous review that a reference
be cited to support the statements of belief about strength of
these cryptographic techniques.

Thanks,
--David
----------------------------------------------------
David L. Black, Senior Technologist
EMC Corporation, 176 South St., Hopkinton, MA  01748
+1 (508) 293-7953             FAX: +1 (508) 293-7786
black_david@emc.com        Mobile: +1 (978) 394-7754
----------------------------------------------------



_______________________________________________
Gen-art mailing list
Gen-art@ietf.org
https://www1.ietf.org/mailman/listinfo/gen-art

v2.23.0 | Report a Bug | By Email