[IPsec] Opsdir last call review of draft-ietf-ipsecme-eddsa-04

Joel Jaeggli <joelja@bogus.com> Wed, 29 November 2017 00:52 UTC

MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Joel Jaeggli <joelja@bogus.com>
To: ops-dir@ietf.org
Cc: ipsec@ietf.org, ietf@ietf.org, draft-ietf-ipsecme-eddsa.all@ietf.org
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <151191675007.8090.17913891042195155302@ietfa.amsl.com>
Date: Tue, 28 Nov 2017 16:52:30 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/GxFJT-8uuvbNXYvCqpeO0f0MIcc>
Subject: [IPsec] Opsdir last call review of draft-ietf-ipsecme-eddsa-04

Reviewer: Joel Jaeggli
Review result: Ready

I reviewed  draft-ietf-ipsecme-eddsa on behalf of the opsdir during it's IETF
Last call.

This standards track draft introduces an importance change in the IKE
negotiation in that the sender can indicate that it hash algorithms which do
not require prehashing and can instead operate on arbitrary length data.

It also goes on to make a more strong requirement then RFC 8032 (which is
informational) that:

" The pre-hashed versions of Ed25519 and Ed448 (Ed25519ph and Ed448ph
   respectively) MUST NOT be used in IKE."

Changes to IKE negotiation require careful review, but I am satisfied that this
explicit signal improves the handling of support for the edwards curves.

[IPsec] Opsdir last call review of draft-ietf-ips… Joel Jaeggli