Re: [IPsec] NUDGE: WG Last Call for draft-ietf-ipsecme-dh-checks

Yoav Nir <> Tue, 09 April 2013 14:45 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 8B86521F93B2 for <>; Tue, 9 Apr 2013 07:45:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -8
X-Spam-Status: No, score=-8 tagged_above=-999 required=5 tests=[RCVD_IN_DNSWL_HI=-8]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id osV-E6p6kBwT for <>; Tue, 9 Apr 2013 07:45:51 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id ED3FD21F938F for <>; Tue, 9 Apr 2013 07:45:44 -0700 (PDT)
Received: from ([]) by (8.13.8/8.13.8) with ESMTP id r39EjcOj024216; Tue, 9 Apr 2013 17:45:38 +0300
X-CheckPoint: {51642970-0-1B221DC2-1FFFF}
Received: from ([]) by ([]) with mapi id 14.02.0342.003; Tue, 9 Apr 2013 17:45:38 +0300
From: Yoav Nir <>
To: Paul Hoffman <>
Thread-Topic: [IPsec] NUDGE: WG Last Call for draft-ietf-ipsecme-dh-checks
Thread-Index: AQHONKJ73EdXuj/XRUSHMWVhzjSEwJjNxjoA
Date: Tue, 9 Apr 2013 14:45:37 +0000
Message-ID: <>
References: <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
x-originating-ip: []
x-kse-antivirus-interceptor-info: scan successful
x-kse-antivirus-info: Clean
Content-Type: text/plain; charset="us-ascii"
Content-ID: <>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: IPsecme WG <>
Subject: Re: [IPsec] NUDGE: WG Last Call for draft-ietf-ipsecme-dh-checks
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Discussion of IPsec protocols <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 09 Apr 2013 14:45:52 -0000


tl;dr: Looks fine, please publish

I am not a cryptographer and not competent to comment on the issues that this draft is trying to solve or on the quality of this solution.

Speaking strictly as a developer, the text is clear and understandable. Doing the mental exercise of estimating what it would take to implement this in my code, it was very easy to add the prescribed tests in the two places they would be needed, with about 5 lines of extra code apiece. (of course it helps to have access to the OpenSSL library with functions such as ec_GFp_simple_is_at_infinity() and ec_GFp_simple_is_on_curve() rather than having to implement them myself)


On Apr 9, 2013, at 12:46 AM, Paul Hoffman <> wrote:

> [[ So far, we have received only *one* review of this document, from Tero. If we don't receive more reviews, the document might not progress due to lack of interest. Please review this document within the next week and contribute your review to the list. ]]
> Greetings. This is the start of the WG Last Call for draft-ietf-ipsecme-dh-checks; the WG period will end in two weeks, on April 15. The current draft is available at
> Given that this will be a Standards Track document, it is important for it to be reviewed by as many people as possible. Possible results of individual reviewing the document are:
> - "Looks fine, please publish"
> - "Looks fine, here are some comments"
> - "Has some problems, here they are"
> - Other things of that sort
> Many people on this mailing list are IPsec implementers but are mostly or completely silent on the mailing list. If you are one of those people, doing a WG Last Call review is a good way to participate usefully in the WG. Please strongly consider (a) reading the current draft and (b) sending a message to the list with your short or long review. If there are too few reviews on this document, we could get pushback from the IESG about the document.
> --Paul Hoffman