IETF Logo Mail Archive

Re: [kitten] WGLC on draft-ietf-kitten-aes-cts-hmac-sha2-08

Greg Hudson <ghudson@mit.edu> Fri, 15 January 2016 17:26 UTC

Return-Path: <ghudson@mit.edu>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C6DD51B3037 for <kitten@ietfa.amsl.com>; Fri, 15 Jan 2016 09:26:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.202
X-Spam-Level:
X-Spam-Status: No, score=-4.202 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VdDn2z_iIGfM for <kitten@ietfa.amsl.com>; Fri, 15 Jan 2016 09:26:02 -0800 (PST)
Received: from dmz-mailsec-scanner-8.mit.edu (dmz-mailsec-scanner-8.mit.edu [18.7.68.37]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 133FC1B302F for <kitten@ietf.org>; Fri, 15 Jan 2016 09:26:01 -0800 (PST)
X-AuditID: 12074425-f793c6d000006975-01-56992ba847c5
Received: from mailhub-auth-2.mit.edu ( [18.7.62.36]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-8.mit.edu (Symantec Messaging Gateway) with SMTP id AF.12.26997.8AB29965; Fri, 15 Jan 2016 12:26:00 -0500 (EST)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by mailhub-auth-2.mit.edu (8.13.8/8.9.2) with ESMTP id u0FHPxZY003233; Fri, 15 Jan 2016 12:26:00 -0500
Received: from [18.101.8.236] (vpn-18-101-8-236.mit.edu [18.101.8.236]) (authenticated bits=0) (User authenticated as ghudson@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id u0FHPwCw022183 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Fri, 15 Jan 2016 12:25:59 -0500
To: Benjamin Kaduk <kaduk@mit.edu>, kitten@ietf.org
References: <alpine.GSO.1.10.1601060014510.26829@multics.mit.edu>
From: Greg Hudson <ghudson@mit.edu>
X-Enigmail-Draft-Status: N1110
Message-ID: <56992BA6.7040309@mit.edu>
Date: Fri, 15 Jan 2016 12:25:58 -0500
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.4.0
MIME-Version: 1.0
In-Reply-To: <alpine.GSO.1.10.1601060014510.26829@multics.mit.edu>
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: 8bit
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFnrFIsWRmVeSWpSXmKPExsUixG6nortCe2aYwdNVWhZHN69icWD0WLLk J1MAYxSXTUpqTmZZapG+XQJXxsQ3/ewFLdwV+xcdZGtg/MXRxcjBISFgInHlk1gXIyeQKSZx 4d56NhBbSGAxk8TeqTYQ9kZGiff7mSHsI0wSv4/Gg9jCAi4SH6/+A6sXETCWuPvzBgtEjaPE l18PGUFsNgFlifX7t7JAzJeT6O2eBGbzCqhJ7OqYB9bLIqAq8e7ZG1aQc0QFIiQW7ciEKBGU ODnzCVg5p4CTxPxn68DKmQX0JHZc/8UKYctLNG+dzTyBUXAWkpZZSMpmISlbwMi8ilE2JbdK NzcxM6c4NVm3ODkxLy+1SNdCLzezRC81pXQTIzhIXVR3ME44pHSIUYCDUYmH9wfnjDAh1sSy 4srcQ4ySHExKorzyGjPDhPiS8lMqMxKLM+KLSnNSiw8xSnAwK4nwrlMCyvGmJFZWpRblw6Sk OViUxHm/VU4JExJITyxJzU5NLUgtgsnKcHAoSfC2aQE1ChalpqdWpGXmlCCkmTg4QYbzAA3/ DFLDW1yQmFucmQ6RP8WoKCXOuwMkIQCSyCjNg+sFJ5FUjjevGMWBXhHmPQ1SxQNMQHDdr4AG MwEN5g2YDjK4JBEhJdXA2MYSmx+tGrTiIrvPogMJmW4aMuKPOXZmdx2xvMrH+VmRN/fbHN/d oVxbr7HMshGvXP2tJytz/x8D+WcOR3Z4meWflNz7OKMyc8r2G+IiPwVYTmnf+7Ci+8oJ6Srf gOUd5p9XX91nkHVd+M+i7geLvWXrJiirme0pfpq4wnjCJdFD+oeljJldlFiKMxINtZiLihMB S7ezIP0CAAA=
Archived-At: <http://mailarchive.ietf.org/arch/msg/kitten/ZIi48oUvJkTW8n31-TS8oPbKxek>
Subject: Re: [kitten] WGLC on draft-ietf-kitten-aes-cts-hmac-sha2-08
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 15 Jan 2016 17:26:04 -0000

I did another read-through of the draft.  I found some minor issues,
which I hope can be resolved without requiring another WGLC.

* There is no specification of how to read the string-to-key parameter.
 RFC 3962 says, "The parameter string is four octets indicating an
unsigned number in big-endian order," but this draft does not reference
the RFC 3962 string-to-key and just says "iter_count = string-to-key
parameter (default is decimal 32768 if not specified)".  I assume the
intent is to be consistent with RFC 3962.

* Section 5 says "specific key structure: three protocol-format keys: {
Kc, Ke, Ki }".  Kc, Ke, and Ki are not protocol-format keys; Kc and Ki
don't even have the same length for aes256.  I suggest "three derived keys."

* Section 8 says, "The salt and iteration count resist brute force and
dictionary attacks, however, it is still important to choose or generate
strong passphrases."  This is a run-on sentence; the comma preceding
"however" should be a semicolon.

* Section 8.1 says, "The string-to-key function as defined in [RFC3961]
requires the salt to be valid UTF-8 strings."  This sentence should end
with "a valid UTF-8 string."

* Section 8.1 says, "ktutil's add_entry command assumes the default
salt."  That might be too specific; I suggest "Some key table
manipulation programs assume the default salt when adding entries based
on passwords."

v2.23.0 | Report a Bug | By Email