RE: FIPS 186 and X9.42: One of these things is not like the other

Russ Housley <housley@spyrus.com> Tue, 23 November 1999 17:34 UTC

Message-Id: <4.2.0.58.19991123091224.009e5ee0@mail.spyrus.com>
Date: Tue, 23 Nov 1999 09:18:21 -0500
To: "John C. Kennedy" <jkennedy@trustpoint.com>
From: Russ Housley <housley@spyrus.com>
Subject: RE: FIPS 186 and X9.42: One of these things is not like the other
Cc: pgut001@cs.aucKland.ac.nz, ietf-pkix@imc.org, ietf-smime@imc.org, ipsec@lists.tislabs.com, ekr@rtfm.com, robert.zuccherato@entrust.com, djohnson@certicom.com, wpolk@nist.gov, jis@mit.edu, mleech@nortelnetworks.com, Elaine Barker <elaine.barker@nist.gov>, Sharon Keller <skeller@nist.gov>, Simon Blake-Wilson <sblakewi@certicom.com>, Phil Griffin <Phil_Griffin@certicom.com>
In-Reply-To: <NDBBKGCMPJCKIDPKAHACGEPBCAAA.jkennedy@trustpoint.com>
References: <4.2.0.58.19991122105512.009c6e00@mail.spyrus.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Sender: owner-ipsec@lists.tislabs.com
Precedence: bulk

John:

At 12:57 PM 11/22/99 -0800, John C. Kennedy wrote:
>1. With all due respect, saying that I have been "out of the loop" is not
>quite correct.  I have continued to track the output of both X9F1 and IETF
>with regards to X9.42 and DH for the last couple of years. I have copies
>of X9.42 drafts up through February 1999.  One does not have to be "in the
>loop" to see the inconsistencies I have pointed out.
>
>2. The PKIX "son-of-2459" work, of which mostly only the ASN.1 portion of
>X9.42 is relevant, is probably correct.  What is a bigger problem is that
>RFC 2631 (Diffie-Hellman Key Agreement Method) by Eric Rescorla references
>a 1998 draft. The related drafts, <draft-ietf-smime-small-subgroup-02.txt>
>and <draft-ietf-pkix-dhpop-02.txt>, reference RFC 2631.  Is there proper
>alignment in these works with the current state of X9.42?  I don't think
>so.  How would the larger IETF community know if they were?  Is ANSI
>keeping all these authors "in the loop"?
>
>3. FIPS 186-1 on DSA and rDSA is a good example.  If the X9.42
>specification had been kept as simple as FIPS 186 we wouldn't be where we
>are now.  It is unfortunate that crypto-politics and other machinations
>did not allow NIST to handle this work independent of ANSI from the
>beginning.

1.  I apologize.  You certainly have not taken an active role in the IETF 
or X9F1 for the last few years.  I am glad to hear that you have kept 
current.  I would encourage you to become actively involved again.

2.  Once the IETF adopted X9.42, I worked diligently with X9F1 to ensure 
that none of the aspects of X9.42 that were adopted by the IETF were 
changed.  We made a final comparison of the X9.42 draft and RFC 2631 just 
prior to publication of the RFC.  I have commitment that the parts of X9.42 
that are included in RFC 2631 will not be changed unless a security problem 
is discovered.  If a security problem is discovered, then the IETF will 
want to update RFC 2631 anyway, so this is not a concern.

3.  Agree.

Russ

RE: FIPS 186 and X9.42: One of these things is no… John C. Kennedy
Re: FIPS 186 and X9.42: One of these things is no… Ben Laurie
RE: FIPS 186 and X9.42: One of these things is no… John C. Kennedy
RE: FIPS 186 and X9.42: One of these things is no… Don Johnson
RE: FIPS 186 and X9.42: One of these things is no… Russ Housley
RE: FIPS 186 and X9.42: One of these things is no… Don Johnson
RE: FIPS 186 and X9.42: One of these things is no… Russ Housley
RE: FIPS 186 and X9.42: One of these things is no… Russ Housley
Re: FIPS 186 and X9.42: One of these things is no… Peter Gutmann
RE: FIPS 186 and X9.42: One of these things is no… John C. Kennedy
RE: FIPS 186 and X9.42: One of these things is no… Don Johnson
RE: FIPS 186 and X9.42: One of these things is no… John C. Kennedy
RE: FIPS 186 and X9.42: One of these things is no… Russ Housley