Re: Review of draft-ietf-curdle-dnskey-eddsa-02 (Als was: Secdir review of draft-ietf-curdle-dnskey-eddsa-02)

Dan Romascanu <dromasca@gmail.com> Sat, 17 December 2016 07:11 UTC

Return-Path: <dromasca@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CA95E1294E9; Fri, 16 Dec 2016 23:11:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id joCzmFY3C1EL; Fri, 16 Dec 2016 23:11:05 -0800 (PST)
Received: from mail-qt0-x22c.google.com (mail-qt0-x22c.google.com [IPv6:2607:f8b0:400d:c0d::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 56094129452; Fri, 16 Dec 2016 23:11:05 -0800 (PST)
Received: by mail-qt0-x22c.google.com with SMTP id w33so106326376qtc.3; Fri, 16 Dec 2016 23:11:05 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=4oo0PYw5wXkM+at8CMads1k/KxW6cuUBrhaJI5/frrw=; b=YdjkC43E0ZyG8q334vTRMEe+egHHTqqUodT7AXKzJCGG3mGxqenzNFPE+aEM08zyo5 Hl+9ElUO2a+skC2zZCQS3063UlU286dsqlqy9EZ1mFuuYvlnevflHk3nfX2XfAoXsk0w noSoqWxiOd8il+MA5mhSqYao7fsaOKa0xk/aIRG1xlY7t3P+eyDt5wKG9pyjqZ5Vixn5 GvT4YZJoqagq9xaKDwirY4t5bW4qzSo3UotNrJAKUuznSpEUdyKVrEyH0iraoLpXuXI9 /igTu4sXFND4+swEnIYUJhH1KVI7X3uBGNdo7+ePt3tJ4VUaCku5UaCPtnbrkNz8ePz4 kAXQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=4oo0PYw5wXkM+at8CMads1k/KxW6cuUBrhaJI5/frrw=; b=rfi+tKN08Q7pUDC1Oh0+AxH+sS6uIm3EDaJJWMIpHUSme22wM6ryScfYJYPUEVZ7cT Ka94FoCxDLf/Zovsw1hsJt60+3S7ChoC1KiVAiCBuBa5hOGhZNBkQprM9LvkZMB6nCi1 4YIClOaV9p3T9TWx1/4MJj+4LP3VEiRy7hJ5X50X45n1kLhNSaFJ12+kgUuKQGRYvCYd 0Do6iGTZPtwdcmMi3dDm14Ojmsd+yCVo732juPSj5u24bsBksqud/vORf4hCosxWpCvP /t0P4dfYnF0e7yLJR6urfZC4gjTnloRXOro8zXDnh6z4p0iC5q6/2hzi8dHdT6LA1IXN PqNA==
X-Gm-Message-State: AIkVDXIGouwLPbeCEZ9T78LjignZY/kDRK5JHvsdv3PuLHQ/b6Sd6DigfCSXb8Z+t/jgluuaYmN0yhCy5/WpdQ==
X-Received: by 10.200.48.44 with SMTP id f41mr6234013qte.94.1481958664421; Fri, 16 Dec 2016 23:11:04 -0800 (PST)
MIME-Version: 1.0
Received: by 10.140.40.114 with HTTP; Fri, 16 Dec 2016 23:11:03 -0800 (PST)
In-Reply-To: <2109497203.7399.1481958107415.JavaMail.zimbra@nic.cz>
References: <CADajj4aOGCi1nTzTSP4zAEf-3pa0M78pFj6Tw3QBLq-XuaABbA@mail.gmail.com> <1432493802.4506.1481535515981.JavaMail.zimbra@nic.cz> <2109497203.7399.1481958107415.JavaMail.zimbra@nic.cz>
From: Dan Romascanu <dromasca@gmail.com>
Date: Sat, 17 Dec 2016 09:11:03 +0200
Message-ID: <CAFgnS4UYNSUHW-3E=oZY-p97FbgufxjCNVbTiaXt7bQOCD0-Gw@mail.gmail.com>
Subject: Re: Review of draft-ietf-curdle-dnskey-eddsa-02 (Als was: Secdir review of draft-ietf-curdle-dnskey-eddsa-02)
To: Ondřej Surý <ondrej.sury@nic.cz>
Content-Type: multipart/alternative; boundary="001a1137aa56c3c6d40543d563e3"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/yjSQzUXZoM8TMMAA4uWv3iQnliY>
Cc: ops-dir@ietf.org, ietf <ietf@ietf.org>, secdir <secdir@ietf.org>, gen-art <gen-art@ietf.org>, curdle <curdle@ietf.org>, Tim Chown <Tim.Chown@jisc.ac.uk>, draft-ietf-curdle-dnskey-eddsa.all@ietf.org, Magnus Nyström <magnusn@gmail.com>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 17 Dec 2016 07:11:08 -0000

Thank you for addressing my comments.

Regards,

Dan


On Sat, Dec 17, 2016 at 9:01 AM, Ondřej Surý <ondrej.sury@nic.cz> wrote:

> Hi all,
>
> the IETF review has ended, so I have uploaded -03 version.
>
> Magnus, Dan,
>
> the -03 version addresses all your comments.
>
> Tim,
>
> I left the irtf documents in Normative as per Stephan's comments.
>
> I believe that Section 8 correctly references IANA registry:
> http://www.iana.org/assignments/dns-sec-alg-numbers/dns-sec-alg-numbers.
> xhtml
> by its name.
>
> The paragraph with nit has been removed altogether per Magnus's request.
>
> Thank you all very much for the reviews.
>
> Cheers,
> --
>  Ondřej Surý -- Technical Fellow
>  --------------------------------------------
>  CZ.NIC, z.s.p.o.    --     Laboratoře CZ.NIC
>  Milesovska 5, 130 00 Praha 3, Czech Republic
>  mailto:ondrej.sury@nic.cz    https://nic.cz/
>  --------------------------------------------
>
> ----- Original Message -----
> > From: "Ondřej Surý" <ondrej.sury@nic.cz>
> > To: "Magnus Nyström" <magnusn@gmail.com>, "Dan Romascanu" <
> dromasca@gmail.com>
> > Cc: "secdir" <secdir@ietf.org>, "draft-ietf-curdle-dnskey-eddsa" <
> draft-ietf-curdle-dnskey-eddsa@ietf.org>, "gen-art"
> > <gen-art@ietf.org>, "ietf" <ietf@ietf.org>, "curdle-chairs" <
> curdle-chairs@ietf.org>, "curdle" <curdle@ietf.org>
> > Sent: Monday, 12 December, 2016 10:38:35
> > Subject: Re: Review of draft-ietf-curdle-dnskey-eddsa-02 (Als was:
> Secdir review of draft-ietf-curdle-dnskey-eddsa-02)
>
> > Magnus and Dan,
> >
> > thanks for the review.
> >
> > Magnus, you are right, I have removed the first full paragraph
> > about "security properties" from Security Considerations
> > from my git version as the security properties of EdDSA
> > are better described in Normative references anyway.
> >
> > https://gitlab.labs.nic.cz/labs/ietf/commit/
> 7b52c8e2bbe44042a279a81b960270fdd103d9a2
> >
> > Dan,
> >
> > good catches, I fixed the nits in the git:
> >
> > https://gitlab.labs.nic.cz/labs/ietf/commit/
> bbfc7ce43fb1f46c91fb7f5de564d907d035aadf
> >
> > I would be happy to upload next revision after Last Call
> > is finished or just let the RFC editors to fix it.
> >
> > Cheers,
> > --
> > Ondřej Surý -- Technical Fellow
> > --------------------------------------------
> > CZ.NIC, z.s.p.o.    --     Laboratoře CZ.NIC
> > Milesovska 5, 130 00 Praha 3, Czech Republic
> > mailto:ondrej.sury@nic.cz    https://nic.cz/
> > --------------------------------------------
> >
> > ----- Original Message -----
> >> From: "Magnus Nyström" <magnusn@gmail.com>
> >> To: secdir@ietf.org, "draft-ietf-curdle-dnskey-eddsa"
> >> <draft-ietf-curdle-dnskey-eddsa@ietf.org>
> >> Sent: Monday, 12 December, 2016 02:44:18
> >> Subject: Secdir review of draft-ietf-curdle-dnskey-eddsa-02
> >
> >> I have reviewed this document as part of the security directorate's
> >> ongoing effort to review all IETF documents being processed by the
> >> IESG. These comments were written primarily for the benefit of the
> >> security area directors. Document editors and WG chairs should treat
> >> these comments just like any other last call comments.
> >>
> >> This document describes how to use two two specific Edwards Curves
> >> (Elliptic Curves) in conjunction with DNSSEC, namely ed25519 and
> >> ed448.
> >>
> >> The only comment I have on this document is that the Security
> >> Considerations section plainly states, without any reference or proof:
> >>
> >> "Ed25519 and Ed448 offers improved security properties and
> >> implementation characteristics compared to RSA and ECDSA algorithms"
> >>
> >> I suggest either adding references to proofs of these statements or
> >> alternatively just remove the sentence (since it doesn't really add
> >> anything to the memo); the remaining paragraphs in the Security
> >> Considerations section is what really covers what someone implementing
> >> the memo should know or be aware of.
> >>
> >> -- Magnus
> >
> > ~~~~
> >
> > ----- Original Message -----
> >> From: "Dan Romascanu" <dromasca@gmail.com>
> >> To: gen-art@ietf.org
> >> Cc: "draft-ietf-curdle-dnskey-eddsa all"
> >> <draft-ietf-curdle-dnskey-eddsa.all@ietf.org>, "curdle" <
> curdle@ietf.org>,
> >> ietf@ietf.org
> >> Sent: Sunday, 11 December, 2016 12:21:25
> >> Subject: Review of draft-ietf-curdle-dnskey-eddsa-02
> >
> >> Reviewer: Dan Romascanu
> >> Review result: Ready with Nits
> >>
> >> Summary: Ready, with nits
> >>
> >> I am not an expert in this field, but the document seems to meet its
> >> goals, it's clear and precise
> >>
> >> Major issues:
> >>
> >> Minor issues:
> >>
> >> Nits/editorial comments:
> >>
> >> 1. Section 4: s/Section5.1.7/Sections 5.1.7/
> >>
> >> 2. Section 8: 'The following entry has been added to
> >>   the registry' - I may be wrong, but the section seems to define two
> > > new entries in the registry rather than one
>