Re: Review of draft-ietf-curdle-dnskey-eddsa-02 (Als was: Secdir review of draft-ietf-curdle-dnskey-eddsa-02)

Ondřej Surý <ondrej.sury@nic.cz> Mon, 12 December 2016 09:38 UTC

Return-Path: <ondrej.sury@nic.cz>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C31F61294DA; Mon, 12 Dec 2016 01:38:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.896
X-Spam-Level:
X-Spam-Status: No, score=-9.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-2.896] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nic.cz
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Pq9mXwdxcYkr; Mon, 12 Dec 2016 01:38:42 -0800 (PST)
Received: from mail.nic.cz (mail.nic.cz [IPv6:2001:1488:800:400::400]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8A1541295A3; Mon, 12 Dec 2016 01:38:37 -0800 (PST)
Received: from zimbra.rfc1925.org (calcifer.labs.nic.cz [217.31.192.138]) by mail.nic.cz (Postfix) with ESMTP id 23F1F6127A; Mon, 12 Dec 2016 10:38:36 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=nic.cz; s=default; t=1481535516; bh=jNR6LblXm7uu3HC68mpBMXkzX/1jNjqaQ19OG3h2Gqg=; h=Date:From:To; b=o6mtY4yNkWZUGFgPgF4ZHhalIhT3badJi/qoxJwJGDw07jV+6yNU9QgkiDfgcCEfy GtSCQPQYrJfuR7Oo5tQMcKF+uQbgxvVBbbk3Dd420hRKukxSjHw90ZFIjXuJheKhUP qIagOogkL48nUP/kXGGGW6KgmiNvQfiq9g7KeQ8M=
Date: Mon, 12 Dec 2016 10:38:35 +0100 (CET)
From: =?utf-8?Q?Ond=C5=99ej_Sur=C3=BD?= <ondrej.sury@nic.cz>
To: Magnus =?utf-8?Q?Nystr=C3=B6m?= <magnusn@gmail.com>, Dan Romascanu <dromasca@gmail.com>
Message-ID: <1432493802.4506.1481535515981.JavaMail.zimbra@nic.cz>
In-Reply-To: <CADajj4aOGCi1nTzTSP4zAEf-3pa0M78pFj6Tw3QBLq-XuaABbA@mail.gmail.com>
References: <CADajj4aOGCi1nTzTSP4zAEf-3pa0M78pFj6Tw3QBLq-XuaABbA@mail.gmail.com>
Subject: Re: Review of draft-ietf-curdle-dnskey-eddsa-02 (Als was: Secdir review of draft-ietf-curdle-dnskey-eddsa-02)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Originating-IP: [217.31.192.138]
X-Mailer: Zimbra 8.7.0_GA_1659 (ZimbraWebClient - FF50 (Linux)/8.7.0_GA_1659)
Thread-Topic: Review of draft-ietf-curdle-dnskey-eddsa-02 (Als was: Secdir review of draft-ietf-curdle-dnskey-eddsa-02)
Thread-Index: LzflipimV17IlkcBn4a2Ul/QhkSYmA==
X-Virus-Scanned: clamav-milter 0.99.2 at mail
X-Virus-Status: Clean
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/1PRS5PZOixnit_vEbfI4_fVrSB8>
Cc: curdle <curdle@ietf.org>, ietf@ietf.org, secdir@ietf.org, gen-art@ietf.org, curdle-chairs <curdle-chairs@ietf.org>, draft-ietf-curdle-dnskey-eddsa <draft-ietf-curdle-dnskey-eddsa@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Dec 2016 09:38:45 -0000

Magnus and Dan,

thanks for the review.

Magnus, you are right, I have removed the first full paragraph
about "security properties" from Security Considerations
from my git version as the security properties of EdDSA
are better described in Normative references anyway.

https://gitlab.labs.nic.cz/labs/ietf/commit/7b52c8e2bbe44042a279a81b960270fdd103d9a2

Dan,

good catches, I fixed the nits in the git:

https://gitlab.labs.nic.cz/labs/ietf/commit/bbfc7ce43fb1f46c91fb7f5de564d907d035aadf

I would be happy to upload next revision after Last Call
is finished or just let the RFC editors to fix it.

Cheers,
--
 Ondřej Surý -- Technical Fellow
 --------------------------------------------
 CZ.NIC, z.s.p.o.    --     Laboratoře CZ.NIC
 Milesovska 5, 130 00 Praha 3, Czech Republic
 mailto:ondrej.sury@nic.cz    https://nic.cz/
 --------------------------------------------

----- Original Message -----
> From: "Magnus Nyström" <magnusn@gmail.com>
> To: secdir@ietf.org, "draft-ietf-curdle-dnskey-eddsa" <draft-ietf-curdle-dnskey-eddsa@ietf.org>
> Sent: Monday, 12 December, 2016 02:44:18
> Subject: Secdir review of draft-ietf-curdle-dnskey-eddsa-02

> I have reviewed this document as part of the security directorate's
> ongoing effort to review all IETF documents being processed by the
> IESG. These comments were written primarily for the benefit of the
> security area directors. Document editors and WG chairs should treat
> these comments just like any other last call comments.
> 
> This document describes how to use two two specific Edwards Curves
> (Elliptic Curves) in conjunction with DNSSEC, namely ed25519 and
> ed448.
> 
> The only comment I have on this document is that the Security
> Considerations section plainly states, without any reference or proof:
> 
> "Ed25519 and Ed448 offers improved security properties and
> implementation characteristics compared to RSA and ECDSA algorithms"
> 
> I suggest either adding references to proofs of these statements or
> alternatively just remove the sentence (since it doesn't really add
> anything to the memo); the remaining paragraphs in the Security
> Considerations section is what really covers what someone implementing
> the memo should know or be aware of.
> 
> -- Magnus

~~~~

----- Original Message -----
> From: "Dan Romascanu" <dromasca@gmail.com>
> To: gen-art@ietf.org
> Cc: "draft-ietf-curdle-dnskey-eddsa all" <draft-ietf-curdle-dnskey-eddsa.all@ietf.org>rg>, "curdle" <curdle@ietf.org>rg>,
> ietf@ietf.org
> Sent: Sunday, 11 December, 2016 12:21:25
> Subject: Review of draft-ietf-curdle-dnskey-eddsa-02

> Reviewer: Dan Romascanu
> Review result: Ready with Nits
> 
> Summary: Ready, with nits
> 
> I am not an expert in this field, but the document seems to meet its
> goals, it's clear and precise
> 
> Major issues:
> 
> Minor issues:
> 
> Nits/editorial comments:
> 
> 1. Section 4: s/Section5.1.7/Sections 5.1.7/
> 
> 2. Section 8: 'The following entry has been added to
>   the registry' - I may be wrong, but the section seems to define two
> new entries in the registry rather than one