comments on <draft-harkins-brainpool-ike-groups-04.txt> (Brainpool Elliptic Curves for the IKE Group Description Registry)
Rene Struik <rstruik.ext@gmail.com> Fri, 01 March 2013 02:44 UTC
Return-Path: <rstruik.ext@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E4B6D21F85EB for <ietf@ietfa.amsl.com>; Thu, 28 Feb 2013 18:44:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.152
X-Spam-Level:
X-Spam-Status: No, score=-0.152 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HOST_EQ_CPE=0.979, HOST_EQ_MODEMCABLE=1.368, RDNS_DYNAMIC=0.1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vodzhT3LMrIP for <ietf@ietfa.amsl.com>; Thu, 28 Feb 2013 18:44:12 -0800 (PST)
Received: from mail-ie0-x22a.google.com (mail-ie0-x22a.google.com [IPv6:2607:f8b0:4001:c03::22a]) by ietfa.amsl.com (Postfix) with ESMTP id 10F6F21F84CA for <ietf@ietf.org>; Thu, 28 Feb 2013 18:44:11 -0800 (PST)
Received: by mail-ie0-f170.google.com with SMTP id c11so3069137ieb.29 for <ietf@ietf.org>; Thu, 28 Feb 2013 18:44:11 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=x-received:message-id:date:from:user-agent:mime-version:to:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=emZWBMGrvW3RMGQJ3yxRR6dEdW3tOYr1WGwkx22/870=; b=Z795UxhL3ey+E0Q2BJ7gurrM6DMe2xutBl/Ohc6vMsJM2mOLmVvxpzPVYo2PHoCmaz 0eEGjtvfSJJIW1aVrZeLw9cA0l0j7JMl8GSwtuYZHYTAIC3jqGoKBesptBQRi1Gspm2F rCgYU0VtcZwq+csOb4ZGzq9uwExHsgcXt62MkNgMywnJj79kiyy+6q86yyHW2XrPgxaN TQWvpr0cKwlUfHcsbUDxenoxsGGBFq9QUkLDkllitcr7luawotr2w9jmtk3n8nDAYa/E 6ovyodWfNvWRF3GAPjFhuopNpMvTEpNz2FSFbiKIc3JDumgAuJI6xaBjZF6uOEIjtfvS qqfg==
X-Received: by 10.50.222.195 with SMTP id qo3mr5461917igc.14.1362105851656; Thu, 28 Feb 2013 18:44:11 -0800 (PST)
Received: from [192.168.1.100] (CPE0013100e2c51-CM001cea35caa6.cpe.net.cable.rogers.com. [99.231.4.27]) by mx.google.com with ESMTPS id uy13sm8366239igb.7.2013.02.28.18.44.09 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Thu, 28 Feb 2013 18:44:10 -0800 (PST)
Message-ID: <513015E0.3020402@gmail.com>
Date: Thu, 28 Feb 2013 21:43:44 -0500
From: Rene Struik <rstruik.ext@gmail.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130215 Thunderbird/17.0.3
MIME-Version: 1.0
To: ietf@ietf.org
Subject: comments on <draft-harkins-brainpool-ike-groups-04.txt> (Brainpool Elliptic Curves for the IKE Group Description Registry)
References: <20130131141207.23167.68024.idtracker@ietfa.amsl.com>
In-Reply-To: <20130131141207.23167.68024.idtracker@ietfa.amsl.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Mailman-Approved-At: Fri, 01 Mar 2013 14:00:14 -0800
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Mar 2013 02:44:13 -0000
Dear Dan: I have the following (minor) comments on drat-harkins-brainpool-ike-groups: Section 2: (E-1) RFC 5639 specifies BP-160, BP-192, BP-224, BP-256, BP-360, BP-384, BP-512, including domain parameters and relationship between the twisted curve and the curve (via the "Z" parameter), in a concise and clear manner. Thus, this section seems superfluous and can simply refer to forementioned RFC. (E-2) BSI (added reference of 2012 -- see comment below) recommends the use of Brainpool curves of bit-length at least 224 bits and may have uses for the BP-360 curve. The current draft, however, suggests not to include BP-360, due to "non-matching" current hash functions. With SHA-3, this may certainly change. Moreover, since the draft does not stipulate the context in whih the Brainpool curves are to be used (as also evidenced by Section 4), it seems to be somewhat premature to be this restrictive. Section 3: (E-3) The draft's purpose seems to be self-contradictory, since according to Section 1, the intention is to add codepoints in RFC 2409, while Section 3 explicitly forbids its use. To add to the confusion, Section 5 explicitly makes this objective self-defeating (see "administrative Verbot" language). Section 4: (E-4) l. 4: replace "crryptography" by "cryptography" (T-1) Brainpool curves have order q, that is not "close" to a power of two, thus making both generation of random scalars in the interval [1,q-1] more difficult and increasing implementation cost (e.g., with modular reductions). This suggests that, although Brainpool curves have "interesting security properties" (as mentioned in Section 1), they also have some properties that may give some reason for practical reflection. Shouldn't one expand somewhat on how one could securely generate a number in the [1,q-1] interval and, e.g., whether Brainpool curves differ from NIST prime curves in implementation security vulnerabilities? NOTE - Since the draft simply defines the use of certain Brainpool curves, one may also push these topics "under the rug" and make almost the entire draft a cross-reference to RFC 5639. (It does not address these points, but then neither does RFC 5639 entirely. Section 6.2: (E-5) Please add the following informational reference: Bundesamt fur Sicherheit in der Informationstechnik, Technical Gideline TR-03111 - Elliptic Curve Cryptography, Version 2.0, June 28, 2012. On 1/31/2013 9:12 AM, The IESG wrote: > The IESG has received a request from an individual submitter to consider > the following document: > - 'Brainpool Elliptic Curves for the IKE Group Description Registry' > <draft-harkins-brainpool-ike-groups-04.txt> as Informational RFC > > The IESG plans to make a decision in the next few weeks, and solicits > final comments on this action. Please send substantive comments to the > ietf@ietf.org mailing lists by 2013-02-28. Exceptionally, comments may be > sent to iesg@ietf.org instead. In either case, please retain the > beginning of the Subject line to allow automated sorting. > > Abstract > > > This memo allocates code points for four new elliptic curve domain > parameter sets over finite prime fields into a registry that was > established by The Internet Key Exchange (IKE) but is used by other > protocols. > > The file can be obtained via > http://datatracker.ietf.org/doc/draft-harkins-brainpool-ike-groups/ > > IESG discussion can be tracked via > http://datatracker.ietf.org/doc/draft-harkins-brainpool-ike-groups/ballot/ > > > No IPR declarations have been submitted directly on this I-D. > > -- email: rstruik.ext@gmail.com | Skype: rstruik cell: +1 (647) 867-5658 | US: +1 (415) 690-7363