IETF Logo Mail Archive

Re: [IPsec] [Technical Errata Reported] RFC7634 (5441)

Benjamin Kaduk <kaduk@mit.edu> Fri, 27 July 2018 14:17 UTC

Return-Path: <kaduk@mit.edu>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F1C8B130E0F for <ipsec@ietfa.amsl.com>; Fri, 27 Jul 2018 07:17:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id u06QxBH2RRw5 for <ipsec@ietfa.amsl.com>; Fri, 27 Jul 2018 07:17:08 -0700 (PDT)
Received: from dmz-mailsec-scanner-1.mit.edu (dmz-mailsec-scanner-1.mit.edu [18.9.25.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 28786130DE7 for <ipsec@ietf.org>; Fri, 27 Jul 2018 07:17:07 -0700 (PDT)
X-AuditID: 1209190c-d11ff700000021fe-2f-5b5b29625ab5
Received: from mailhub-auth-2.mit.edu ( [18.7.62.36]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-1.mit.edu (Symantec Messaging Gateway) with SMTP id A4.0C.08702.2692B5B5; Fri, 27 Jul 2018 10:17:06 -0400 (EDT)
Received: from outgoing.mit.edu (OUTGOING-AUTH-1.MIT.EDU [18.9.28.11]) by mailhub-auth-2.mit.edu (8.13.8/8.9.2) with ESMTP id w6REH5Dk030452; Fri, 27 Jul 2018 10:17:05 -0400
Received: from mit.edu (24-107-191-124.dhcp.stls.mo.charter.com [24.107.191.124]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id w6REGw6R017601 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Fri, 27 Jul 2018 10:17:00 -0400
Date: Fri, 27 Jul 2018 09:16:58 -0500
From: Benjamin Kaduk <kaduk@mit.edu>
To: Yoav Nir <ynir.ietf@gmail.com>
Cc: RFC Errata System <rfc-editor@rfc-editor.org>, ekr@rtfm.com, david.waltermire@nist.gov, kivinen@iki.fi, andrew.cagney@gmail.com, ipsec@ietf.org
Message-ID: <20180727141658.GC12983@mit.edu>
References: <20180726182923.D548CB8125E@rfc-editor.org> <20FE97E3-768B-426D-9DF1-A228E8DEB143@gmail.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="y0ulUmNC+osPPQO6"
Content-Disposition: inline
In-Reply-To: <20FE97E3-768B-426D-9DF1-A228E8DEB143@gmail.com>
User-Agent: Mutt/1.9.1 (2017-09-22)
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFrrNKsWRmVeSWpSXmKPExsUixG6nopukGR1t0D5H3+L13ByLjT3/2CxW vD7HbrF/yws2i6Pnn7NZNO3/ymax9NgHJgd2j52z7rJ7LFnyk8nj8NeFLB7XTv5l9WhoO8bq MflxG3MAWxSXTUpqTmZZapG+XQJXxuRd31gKNglXHN2/lamBcYVAFyMnh4SAicSP5ZfYQWwh gcVMEldbFCDsjYwS7/+4dDFyAdlnmSSeP1vFCJJgEVCV6H55nQnEZhNQkWjovswMYosIKEkc vvKVGaSBWWApo8Tio29ZQBLCAuYSk679A0pwcPAK6Eg8mM8PsSBL4sTFfrDFvAKCEidnPgEr ZxYok2j7sZEFpJxZQFpi+T8OEJNTwFZi0g47kApRAWWJvX2H2CcwCsxC0jwLSfMshGaIsLrE n3mXmDGEtSWWLXzNDGHbSqxb955lASP7KkbZlNwq3dzEzJzi1GTd4uTEvLzUIl1DvdzMEr3U lNJNjKC44pTk2cF45o3XIUYBDkYlHt4fLyKjhVgTy4orcw8xSnIwKYnyrvkbFS3El5SfUpmR WJwRX1Sak1p8iFEFaNejDasvMEqx5OXnpSqJ8AqrREcL8aYkVlalFuXDlElzsCiJ896tCY8W EkhPLEnNTk0tSC2CycpwcChJ8DZqADUKFqWmp1akZeaUIKSZODgPMUpw8AANtwWp4S0uSMwt zkyHyJ9i1OX4837qJGYhsAukxHn/qAMVCYAUZZTmwc0BpUmJ7P01rxjFgV4U5p0BMooHmGLh Jr0CWsIEtOR4XCTIkpJEhJRUA+ONXdfqpdqPzTTVWfqlr3lxbtqiZM6Jcrc1xT+2Fcg2va+f 7/jypFiWP1/mNA2L/OtLNxf7iE/7M+/5k4xs1jZ1r//bFs6Rm753x0K9udceux78cWnV/sx7 BptCv8a/OL+1uGjKnIf5eY0f3RhDzeyaFzYFhH5fo6UdaH/stWDlP/YYzfZUIU4lluKMREMt 5qLiRACEY2eLbgMAAA==
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/NbNqJR5ybhZYDBBTciHoMTvV4oU>
Subject: Re: [IPsec] [Technical Errata Reported] RFC7634 (5441)
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 27 Jul 2018 14:17:10 -0000

On Thu, Jul 26, 2018 at 10:06:30PM +0300, Yoav Nir wrote:
> This errata proposes to add the following sentence to section 4 of RFC 7634 <https://tools.ietf.org/html/rfc7634#section-4>:
> 
> As with other transforms that use a fixed-length key, the Key Length attribute MUST NOT be specified.
> 
> This sentence is correct. If this came up as a suggestion during WG processing or during LC, I think we would add it.
> 
> Looking back in RFC 7296, we have in section 3.3.5 <https://tools.ietf.org/html/rfc7296#section-3.3.5>:
> 
>    o  The Key Length attribute MUST NOT be used with transforms that use
>       a fixed-length key.  For example, this includes ENCR_DES,
>       ENCR_IDEA, and all the Type 2 (Pseudorandom Function) and Type 3
>       (Integrity Algorithm) transforms specified in this document.  It
>       is recommended that future Type 2 or 3 transforms do not use this
>       attribute.
> 
> And RFC 7634 says:
> 
>    o  The encryption key is 256 bits.
> 
> Given that, I don’t think there is any chance for a conscientious implementer to make the mistake of including the Key Length attribute.
> 
> I don’t believe adding clarifying text is a proper use of the errata system. At best it should be marked as editorial and held for document update, if not rejected outright.

I generally agree with this sentiment.  I would probably be willing to mark
as editorial/hold for document update in this case, though.  How would that
work for people?

-Ben

v2.23.0 | Report a Bug | By Email