[ippm] Secdir last call review of draft-ietf-ippm-encrypted-pdmv2-05
Chris Lonvick via Datatracker <noreply@ietf.org> Mon, 15 January 2024 22:11 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: ippm@ietf.org
Delivered-To: ippm@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id AF974C14F6A1; Mon, 15 Jan 2024 14:11:59 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Chris Lonvick via Datatracker <noreply@ietf.org>
To: secdir@ietf.org
Cc: draft-ietf-ippm-encrypted-pdmv2.all@ietf.org, ippm@ietf.org, last-call@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 12.2.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <170535671970.49108.2375384616689861939@ietfa.amsl.com>
Reply-To: Chris Lonvick <lonvick.ietf@gmail.com>
Date: Mon, 15 Jan 2024 14:11:59 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/ippm/ZwdRuj3zR-MnWC8DI8St0PZX3hQ>
Subject: [ippm] Secdir last call review of draft-ietf-ippm-encrypted-pdmv2-05
X-BeenThere: ippm@ietf.org
X-Mailman-Version: 2.1.39
List-Id: IETF IP Performance Metrics Working Group <ippm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ippm>, <mailto:ippm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ippm/>
List-Post: <mailto:ippm@ietf.org>
List-Help: <mailto:ippm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ippm>, <mailto:ippm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Jan 2024 22:11:59 -0000
Reviewer: Chris Lonvick
Review result: Ready
Hi,
I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG. These comments
were written primarily for the benefit of the security area directors. Document
editors and WG chairs should treat these comments just like any other last call
comments.
The summary of the review is Ready.
The document explains the use of a lightweight handshake and encryption
protocol for the PDM destination option. I found it to be readable and to
explain how to use the protocol.
I found a few nits that the authors may wish to review.
Second paragraph in Section 1
Current: a timing attack MAY be launched against
Proposed: a timing attack may be launched against
(This isn't a directive in the protocol so doesn't fall under BCP 14.)
Second paragraph of Section 5.4
Current:
Our choice is to use the HPKE framework that incorporates key
encapsulation mechanism (KEM), key derivation function (KDF) and
authenticated encryption with associated data (AEAD). These multiple
schemes are more robust and significantly efficient than the
traditional schemes and thus lead to our choice of this framework.
We recommend default encryption algorithm for HPKE AEAD as AES-
128-GCM, however this is an implementation choice and can be
negotiated between the communicating parties.
Proposed:
It is RECOMMENDED to use the HPKE framework that incorporates key
encapsulation mechanism (KEM), key derivation function (KDF) and
authenticated encryption with associated data (AEAD). These multiple
schemes are more robust and significantly more efficient than other
schemes. While the schemes may be negotiated between communicating
parties, it is RECOMMENDED to use default encryption algorithm for
HPKE AEAD as AES-128-GCM.
Somewhere in Section 6.3
Current:
This field is also used in the Encrypted PDMv2 as the encryption
nonce.
Proposed:
This field is also used in the Encrypted PDMv2 as the encryption
nonce. The nonce MUST NOT be reused in different sessions.
New paragraph in the Security Considerations section
Proposed:
Security considerations about HPKE are addressed in RFC 9180. Security
considerations about PDM are addressed in RFC 9250. Security considerations
about destination objects are addressed in RFC 8200.
- [ippm] Secdir last call review of draft-ietf-ippm… Chris Lonvick via Datatracker
- Re: [ippm] Secdir last call review of draft-ietf-… Tommaso Pecorella