[IPsec] AD review of draft-ietf-ipsecme-dh-checks

Sean Turner <turners@ieca.com> Tue, 30 April 2013 13:39 UTC

Return-Path: <turners@ieca.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 4C9BC21F9BC5 for <ipsec@ietfa.amsl.com>; Tue, 30 Apr 2013 06:39:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.265
X-Spam-Status: No, score=-102.265 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, IP_NOT_FRIENDLY=0.334, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id BqyvuMnIT7xP for <ipsec@ietfa.amsl.com>; Tue, 30 Apr 2013 06:39:27 -0700 (PDT)
Received: from gateway16.websitewelcome.com (gateway16.websitewelcome.com []) by ietfa.amsl.com (Postfix) with ESMTP id E8A1521F99AE for <ipsec@ietf.org>; Tue, 30 Apr 2013 06:39:26 -0700 (PDT)
Received: by gateway16.websitewelcome.com (Postfix, from userid 5007) id 0A993EC22D64F; Tue, 30 Apr 2013 08:39:02 -0500 (CDT)
Received: from gator1743.hostgator.com (gator1743.hostgator.com []) by gateway16.websitewelcome.com (Postfix) with ESMTP id EF539EC22D605 for <ipsec@ietf.org>; Tue, 30 Apr 2013 08:39:01 -0500 (CDT)
Received: from [] (port=50163 helo=thunderfish.local) by gator1743.hostgator.com with esmtpsa (TLSv1:DHE-RSA-AES256-SHA:256) (Exim 4.80) (envelope-from <turners@ieca.com>) id 1UXAmE-0004bS-8F; Tue, 30 Apr 2013 08:39:26 -0500
Message-ID: <517FC98D.2020201@ieca.com>
Date: Tue, 30 Apr 2013 07:39:25 -0600
From: Sean Turner <turners@ieca.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:17.0) Gecko/20130328 Thunderbird/17.0.5
MIME-Version: 1.0
To: ipsec@ietf.org, draft-ietf-ipsecme-dh-checks@tools.ietf.org
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - gator1743.hostgator.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - ieca.com
X-BWhitelist: no
X-Source-Sender: (thunderfish.local) []:50163
X-Source-Auth: sean.turner@ieca.com
X-Email-Count: 3
X-Source-Cap: ZG9tbWdyNDg7ZG9tbWdyNDg7Z2F0b3IxNzQzLmhvc3RnYXRvci5jb20=
Subject: [IPsec] AD review of draft-ietf-ipsecme-dh-checks
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Apr 2013 13:39:32 -0000

Nicely written that makes it so much easier to review.  Thanks.

My comments in no particular order:

1. This document updates RFC 5996.  I know one of my fellow ADs will ask 
why this is an updates before they get to s2.  Can we add something to 
the introduction that says "This document updates RFC 5996 by providing 
new requirements for all IKEv2 implementations" or something like that.

2. s1/s3 indicates parts are taken from RFC 2412.  Did you ask Hilarie 
if she was willing to grant you rights to publish under the current 
IETF's TLP in order to avoid including the pre-5378 boilerplate?  In a 
nut shell if you copy text from an RFC before RFC 5378 you gotta ask. 
If you don't get an answer you need to include some additional 
boilerplate that says the draft includes pre-5378 text.  All you need do 
is send her a message (I'd try ho@alum.mit.edu) explaining the situation 
and asking if she'd be willing to grant rights under the TLP 
(http://trustee.ietf.org/license-info/).  Just forward the response to 
me so I know was done.  If you'd rather not bother that's okay but then 
you need to add the following to the end of the copy right notice section:

This document may contain material from IETF Documents or IETF 
Contributions published or made publicly available before November 10, 
2008. The person(s) controlling the copyright in some of this material 
may not have granted the IETF Trust the right to allow modifications of 
such material outside the IETF Standards Process.  Without obtaining an 
adequate license from the person(s) controlling the copyright in such 
materials, this document may not be modified outside the IETF Standards 
Process, and derivative works of it may not be created outside the IETF 
Standards Process, except to format it for publication as an RFC or to 
translate it into languages other than English.

3. s2.3: RFC 5114 uses y^2 = x^3 + ax + b (mod p) instead of y**2 = x**3 
+ ax + b mod p maybe best to stick with what's there or explain explain 
that it's different.

4. s1: r/elliptic curve groups/Elliptic Curve (EC) groups
   the term gets used later so you might as well introduce it early on

5. s3: r/ECC groups/EC groups or change it in s1 to match this section

5. s2.3/3: Seems like in s3 you added "*" to signify multiplication 
should you also do that in s2.3 to keep them consistent?

6. Please don't forget to incorporate Johannes suggestion.