[karp] Gen-ART review of draft-ietf-karp-crypto-key-table-07

"Black, David" <david.black@emc.com> Thu, 25 April 2013 15:22 UTC

Return-Path: <david.black@emc.com>
X-Original-To: karp@ietfa.amsl.com
Delivered-To: karp@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id B5E5F21F93B1; Thu, 25 Apr 2013 08:22:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -99.847
X-Spam-Status: No, score=-99.847 tagged_above=-999 required=5 tests=[AWL=2.752, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id eybJpJaj9I7w; Thu, 25 Apr 2013 08:22:16 -0700 (PDT)
Received: from mexforward.lss.emc.com (hop-nat-141.emc.com []) by ietfa.amsl.com (Postfix) with ESMTP id 3D46121F92C0; Thu, 25 Apr 2013 08:22:10 -0700 (PDT)
Received: from hop04-l1d11-si02.isus.emc.com (HOP04-L1D11-SI02.isus.emc.com []) by mexforward.lss.emc.com (Switch-3.4.3/Switch-3.4.3) with ESMTP id r3PFLt1U020302 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 25 Apr 2013 11:21:56 -0400
Received: from mailhub.lss.emc.com (mailhubhoprd01.lss.emc.com []) by hop04-l1d11-si02.isus.emc.com (RSA Interceptor); Thu, 25 Apr 2013 11:21:42 -0400
Received: from mxhub23.corp.emc.com (mxhub23.corp.emc.com []) by mailhub.lss.emc.com (Switch-3.4.3/Switch-3.4.3) with ESMTP id r3PFLcj8012731; Thu, 25 Apr 2013 11:21:38 -0400
Received: from mx15a.corp.emc.com ([]) by mxhub23.corp.emc.com ([]) with mapi; Thu, 25 Apr 2013 11:21:37 -0400
From: "Black, David" <david.black@emc.com>
To: Russ Housley <housley@vigilsec.com>, "tim.polk@nist.gov" <tim.polk@nist.gov>, "hartmans@painless-security.com" <hartmans@painless-security.com>, "zhangdacheng@huawei.com" <zhangdacheng@huawei.com>, "gen-art@ietf.org" <gen-art@ietf.org>
Date: Thu, 25 Apr 2013 11:21:36 -0400
Thread-Topic: Gen-ART review of draft-ietf-karp-crypto-key-table-07
Thread-Index: Ac5ByJPFxMQV0ntvRsGIbN7yaluElA==
Message-ID: <8D3D17ACE214DC429325B2B98F3AE71293F3BD27@MX15A.corp.emc.com>
Accept-Language: en-US
Content-Language: en-US
acceptlanguage: en-US
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Mailman-Approved-At: Thu, 25 Apr 2013 08:53:05 -0700
Cc: "Black, David" <david.black@emc.com>, "ietf@ietf.org" <ietf@ietf.org>, "karp@ietf.org" <karp@ietf.org>
Subject: [karp] Gen-ART review of draft-ietf-karp-crypto-key-table-07
X-BeenThere: karp@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Discussion list for key management for routing and transport protocols <karp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/karp>, <mailto:karp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/karp>
List-Post: <mailto:karp@ietf.org>
List-Help: <mailto:karp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/karp>, <mailto:karp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Apr 2013 15:22:26 -0000

Document: draft-ietf-karp-crypto-key-table-07
Reviewer: David L. Black
Review Date: April 25, 2013
IETF LC End Date: April 29, 2013

Summary: This draft is on the right track, but has open issues
described in the review.

This draft describes a conceptual key database for use by protocols.
It's definitely useful and valuable work, as key management is often
an afterthought in protocol design, even when security functionality
is actively worked on in the design process.

The draft text is in good shape and reads cleanly, but the draft is
short on precision in specifying a number of the fields for the database,
and the IANA registries; most of the open issues are requests for the
level of precision needed for interoperability and reuse of database
implementation across different protocol implementations.

Major issues: 

(Section 2)

[1] LocalKeyName and PeerKeyName are strings.  What character set?
If Unicode (e.g., UTF-8?), add text on Unicode considerations (e.g.,
normalization).  Finding a Unicode expert will help in getting this
done quickly.  I have similar concerns for other strings, and in
particular, IANA should be told what a "string" is for any registry
field that contains one.

[2] I'm not sure that I understand what a KDF really is from its high
level description in this draft.  At the least, I'm surprised that the
importance of non-invertibility of a KDF is not mentioned - beyond that,
a functional description of inputs and outputs would help, including
a strong recommendation to inject unpredictable nonce material.  This
could be handled by referencing material on what a KDF is that exists

(Section 4)

[3] It's important that this section cover all the fields involved in
the database lookups in Section 3 whose format may be protocol-specific
(the Direction and various time fields aren't).  Protocol should be
covered by the IANA registry, peers and key names are covered here,
but interface appears to be missing - item (9) covers presence vs.
absence of interface information, but not its format.

--- Lots of issues with the IANA Considerations (Section 8)

(Section 8.1.1)

[5] No field format information for the fields in a registry entry.
IANA should be told what formats to expect/use.

[6] "Protocol Specific Values" is not the same as "ProtocolSpecificInfo"
in section 2; the same name should be used, but whitespace differences
are ok.

[7] Should some sort of formats for Peers and Interfaces be included in
registering a Protocol?  If not, the lookups in section 3 may be
implementation-dependent (strings that work w/one implementation may
not work w/other implementations of the same protocol).  The specification
reference may suffice based on the requirements in section 4
for what has to be in each referenced specification.

(Sections 8.2 and 8.3)

[8] No registry entry content descriptions.  Need to supply information
on what to register and the formats of the elements of a registry entry.

[9] I suggest Expert Review for these registries, not just 
First Come First Served, so that someone with a security "clue" can
check that the proposed registrations are reasonable.

Minor issues:

[A] Overall - I would like to see a paragraph added on how this database
conceptually relates to the IPsec Peer Authorization Database (PAD) -
see RFC 4301, section 4.4.3.

[B] (Section 2) Where is key size recorded?  Is that an implicit attribute
of Key?

[C] (Section 3) Where does key selection occur?  I would suggest that the
database return all possible keys and let the protocol figure out what to
use.  This is particularly important for inbound traffic for obvious reasons.

Nits/editorial comments:

I suggest dividing section 3 into
- 3.1 Outgoing Traffic
- 3.2 Incoming Traffic

idnits 2.12.16 found a truly trivial nit -
  == Line 76 has weird spacing: '...strains  where...'

David L. Black, Distinguished Engineer
EMC Corporation, 176 South St., Hopkinton, MA  01748
+1 (508) 293-7953             FAX: +1 (508) 293-7786
david.black@emc.com        Mobile: +1 (978) 394-7754