IETF Logo Mail Archive

Re: [IPsec] WGLC on draft-ietf-ipsecme-rfc4307bis-11

"Valery Smyslov" <svanru@gmail.com> Thu, 15 September 2016 11:50 UTC

Return-Path: <svanru@gmail.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6A19E12B292 for <ipsec@ietfa.amsl.com>; Thu, 15 Sep 2016 04:50:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.79
X-Spam-Level:
X-Spam-Status: No, score=-0.79 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_SORBS_WEB=0.77, STOX_REPLY_TYPE=0.439] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hATTduWqMFDe for <ipsec@ietfa.amsl.com>; Thu, 15 Sep 2016 04:50:27 -0700 (PDT)
Received: from mail-lf0-x229.google.com (mail-lf0-x229.google.com [IPv6:2a00:1450:4010:c07::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0262F12B269 for <ipsec@ietf.org>; Thu, 15 Sep 2016 04:50:27 -0700 (PDT)
Received: by mail-lf0-x229.google.com with SMTP id g62so31260664lfe.3 for <ipsec@ietf.org>; Thu, 15 Sep 2016 04:50:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:from:to:cc:references:subject:date:mime-version :content-transfer-encoding; bh=dnkms5h49GKobYRVQDTDugQDdjc/Uy+ilyG80HFzTRE=; b=NUoLorJdTzDfiOwJapSLrYKo2en9WHCxRbkGXjGT1oHvXPNbdehnvvgS5ZPZWcFqN5 G3Ktv8kmTfnkAIq7Lv53Cm91QExNWz1yv/dHbp/pfrPhZN2RQrIasnKQbw3lXgHmVHVF KT8RU6iWbEriiH/g0IUX2ejFEHW6KFuGIC5Ekz2Arb6N/Wqqlk8x4qQYrwfDp1ucs+df uSJNrHQ4V3wlG+6h8e1R/9CTqW5KyInC03IldYETfkBknvFaQKni1ja080t55O3vBdl1 pDQ0LKwbW4rCTxbJEhxFBVEc1P80ZXSXavX1lJ5Cuf7ftFelM567VGT/PMXCGl+OsmDp vdrg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:message-id:from:to:cc:references:subject:date :mime-version:content-transfer-encoding; bh=dnkms5h49GKobYRVQDTDugQDdjc/Uy+ilyG80HFzTRE=; b=BJnikmt4YcTCELz0O0jNhXEO/2Gu+uWtXX9lk0E1UTcmXurGMombSDevP0gGacFOCJ IHG0dsTEDwGf19egd0F8h/gRUi0EZrwxbaPrUyaaMp7598kIm/JevZQnz90p80DIeghg SF85C8N7Xc/kONi5I+kAwpcNwY1eLmzYuB5g2FQ1WF9QRgJ+aK5hV90U9JC/o5akmT4n TcGOQ1HhBrHqYyWtH5y3Su84nW80X5dqrhWXgKbOHleSvBAPwGDhVnUAjjFs8YgW7Z3T dumzUHlon3Mn2/Ae/xG3Z94z8frdaGCZ8lnpdLTULHWnM5GkWySSCvgEqexe1eJh1vWT erlA==
X-Gm-Message-State: AE9vXwNHHCEiVXYeaKQBv7tUMZvIammCqzpdgwlIu4vknOBxFKcU4ihEYUs4l0qQuzFtqg==
X-Received: by 10.46.1.170 with SMTP id f42mr3481435lji.25.1473940224019; Thu, 15 Sep 2016 04:50:24 -0700 (PDT)
Received: from buildpc ([82.138.51.4]) by smtp.gmail.com with ESMTPSA id b71sm873559lfb.42.2016.09.15.04.50.22 (version=TLS1 cipher=DES-CBC3-SHA bits=112/168); Thu, 15 Sep 2016 04:50:23 -0700 (PDT)
Message-ID: <87306B3A1A824C1DA4CA23436223C2DF@buildpc>
From: Valery Smyslov <svanru@gmail.com>
To: Tero Kivinen <kivinen@iki.fi>, Paul Wouters <paul@nohats.ca>
References: <MWHPR09MB14403260340F6DBF4DADCD8DF0E40@MWHPR09MB1440.namprd09.prod.outlook.com><08AB2EF60E5C4A9C8950483676619B4C@buildpc><alpine.LRH.2.20.1609131126100.10788@bofh.nohats.ca> <22490.32633.818191.899460@fireball.acr.fi>
Date: Thu, 15 Sep 2016 14:50:23 +0300
MIME-Version: 1.0
Content-Type: text/plain; format="flowed"; charset="iso-8859-1"; reply-type="original"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.5931
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.6157
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/WZ_613z0eJRbx5xhVpXJJr5oqsk>
Cc: IPsecME WG <ipsec@ietf.org>
Subject: Re: [IPsec] WGLC on draft-ietf-ipsecme-rfc4307bis-11
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Sep 2016 11:50:31 -0000

Hi Tero,

>> >       |  RSASSA-PSS with Empty Parameters   | MUST NOT |         |
>> >       |  RSASSA-PSS with Default Parameters | MUST NOT |         |
>> >
>> > Well, I'm a confused with these requirements. As far as I
>> > understand the RSASSA-PSS parameters default to using a SHA1 for
>> > both hashAlgorithm and maskGenAlgorithm. Isn't more clear for
>> > readers to include
>> >
>> >       |  RSASSA-PSS with SHA1            | MUST NOT    |         |
>> >
>> > instead of these two lines, which in their current form don't
>> > explicitely refer to any cryptographic algorithm and force
>> > reader to dig into RSASSA-PSS specification to just get
>> > know that it was SHA1 meant? Or did I miss something?
>> 
>> I'll leave this one to Tero.
> 
> This is aligned with RFC7427, which has 3 examples for RSASSA-PSS. 

Ah, I see your reason. However, I think that few extra words (probably in 
a comment) would make things more clear. Just clarify that both 
Empty and Default parameters mean using SHA1 which is MUST NOT.
Note, that RFC7427 lists them only in Appendix, which is optional
for reading and implementers might have been confused.

Regards,
Valery.

v2.23.0 | Report a Bug | By Email