[Ietf-krb-wg] AD review of draft-ietf-krb-wg-camellia-cts
Stephen Farrell <stephen.farrell@cs.tcd.ie> Fri, 07 September 2012 13:00 UTC
Return-Path: <ietf-krb-wg-bounces@lists.anl.gov>
X-Original-To: ietfarch-krb-wg-archive@ietfa.amsl.com
Delivered-To: ietfarch-krb-wg-archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9DD3821F8715 for <ietfarch-krb-wg-archive@ietfa.amsl.com>; Fri, 7 Sep 2012 06:00:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.599
X-Spam-Level:
X-Spam-Status: No, score=-106.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6W4gNCBkSSdM for <ietfarch-krb-wg-archive@ietfa.amsl.com>; Fri, 7 Sep 2012 06:00:57 -0700 (PDT)
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by ietfa.amsl.com (Postfix) with ESMTP id 3C14C21F86F4 for <krb-wg-archive@lists.ietf.org>; Fri, 7 Sep 2012 06:00:55 -0700 (PDT)
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id A8C677E4; Fri, 7 Sep 2012 08:00:54 -0500 (CDT)
Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 6F6177C6; Fri, 7 Sep 2012 08:00:52 -0500 (CDT)
Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 4DA3754C002; Fri, 7 Sep 2012 08:00:52 -0500 (CDT)
X-Original-To: ietf-krb-wg@lists.anl.gov
Delivered-To: ietf-krb-wg@lists.anl.gov
Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by lists.anl.gov (Postfix) with ESMTP id 7C9DF54C001 for <ietf-krb-wg@lists.anl.gov>; Fri, 7 Sep 2012 08:00:51 -0500 (CDT)
Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 5966E7CC0E6; Fri, 7 Sep 2012 08:00:51 -0500 (CDT)
Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 19026-07-2; Fri, 7 Sep 2012 08:00:51 -0500 (CDT)
Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay.anl.gov (Postfix) with ESMTP id 1FB6B7CC0ED for <ietf-krb-wg@lists.anl.gov>; Fri, 7 Sep 2012 08:00:49 -0500 (CDT)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AuUAANjuSVCG4iA4gGdsb2JhbABFgm64bQEBCwsLBRYFIoIiRQEBNgI7FhgDAgECAUsNCAEBiAwBCqdMhDABBY9dBpFGlnSEOI01
X-IronPort-AV: E=Sophos;i="4.80,385,1344229200"; d="scan'208";a="1302342"
Received: from hermes.scss.tcd.ie (HELO scss.tcd.ie) ([134.226.32.56]) by mailgateway.anl.gov with ESMTP; 07 Sep 2012 08:00:49 -0500
Received: from localhost (localhost [127.0.0.1]) by hermes.scss.tcd.ie (Postfix) with ESMTP id EE4C1171480 for <ietf-krb-wg@lists.anl.gov>; Fri, 7 Sep 2012 14:00:47 +0100 (IST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; h= content-transfer-encoding:content-type:subject:mime-version :user-agent:from:date:message-id:received:received: x-virus-scanned; s=cs; t=1347022845; bh=tJqfEVncPYTWAi1tPi7DXGzZ TEs8I1ULStHD2g9Ofjs=; b=AUsWbJ9VgOxOYmKakPbyc0QU2eBFUSZQmJSjjt6y /m2ZAC+R1YPWWCp6lLDw+FkQ49xgSx52sTREtN+CwHletjcBrMA0FNYnxJ4M3vmv mRGHSTjODHlCbX9JMvP4D67w3A9aekbFw81CrTDwcJTjP3uRmiKabvNTT/CEf3ug /ux9HY+impXgRzFEYzbwyGj99FMAWSpbWaxKG6Z8uhDDq01EkLcRPOBq+oKBMXKX 5OVkQ3uz+36p4m+qyVE2n7KbmwPdYO1bd222taSvKScH890vG9YcrCLsqW7J/r+6 HSb3ErRirPIHpYqwvIzrGdKYJU6DqRbNGXo14m9jiuiVig==
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from scss.tcd.ie ([127.0.0.1]) by localhost (scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10027) with ESMTP id 8apGdQ6vuna9 for <ietf-krb-wg@lists.anl.gov>; Fri, 7 Sep 2012 14:00:45 +0100 (IST)
Received: from [IPv6:2001:770:10:203:51c6:9a33:1471:41e9] (unknown [IPv6:2001:770:10:203:51c6:9a33:1471:41e9]) by smtp.scss.tcd.ie (Postfix) with ESMTPSA id BCEC6171477 for <ietf-krb-wg@lists.anl.gov>; Fri, 7 Sep 2012 14:00:42 +0100 (IST)
Message-ID: <5049EFFC.5090005@cs.tcd.ie>
Date: Fri, 07 Sep 2012 14:00:44 +0100
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:15.0) Gecko/20120827 Thunderbird/15.0
MIME-Version: 1.0
To: "krb-wg mailing list (ietf-krb-wg@lists.anl.gov)" <ietf-krb-wg@lists.anl.gov>
X-Enigmail-Version: 1.4.4
X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov
Subject: [Ietf-krb-wg] AD review of draft-ietf-krb-wg-camellia-cts
X-BeenThere: ietf-krb-wg@lists.anl.gov
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" <ietf-krb-wg.lists.anl.gov>
List-Unsubscribe: <https://lists.anl.gov/mailman/options/ietf-krb-wg>, <mailto:ietf-krb-wg-request@lists.anl.gov?subject=unsubscribe>
List-Archive: <https://lists.anl.gov/pipermail/ietf-krb-wg>
List-Post: <mailto:ietf-krb-wg@lists.anl.gov>
List-Help: <mailto:ietf-krb-wg-request@lists.anl.gov?subject=help>
List-Subscribe: <https://lists.anl.gov/mailman/listinfo/ietf-krb-wg>, <mailto:ietf-krb-wg-request@lists.anl.gov?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: ietf-krb-wg-bounces@lists.anl.gov
Sender: ietf-krb-wg-bounces@lists.anl.gov
Hi all, My AD review of this is below. Thanks for a nice and nicely-short document! The only thing that I'd like before I start IETF LC is an answer on the IPR question at the top (or a discussion about that if need be). All the other stuff can be considered along with other IETF LC comments. Cheers, S. - The IPR declaration (#1304) is noted in the write-up but not specifically associated with this draft, so it wouldn't show up so easily for reviewers but I can call that out specifically in the IETF LC message, but there is another issue: that declaration refers for example to things that are required for compliance with a standard. However, the wg are proposing this as informational, so it may be less clear to IETF LC reviewers if the terms in the declaration apply or not. Did the WG consider that difference when deciding to go for informational? (Note: In some cases, when we've told folks who made declarations about this ambiguity they've been happy to modify the language. I don't know if that applies here or not and of course we cannot force anyone to use specific language in their declarations, but letting IPR holders know about it can help.) - I think section 5 needs to say that the output of CMAC is 128 bits regardless of key size. At present that's only explicitly stated in the IANA considerations and is implicit in the security considerations and the samples. You could add something like "For this specification, the CMAC Tlen is set to 128 bits, that is, checksums are 128 bits long, regardless of the key length." - section 6 could do with a reference to the section of whatever RFC says these are the parameters you need. I guess that's [1], if so, the ordering is a little different here - keeping the same order would have helped me a little to check that nothing's missing. [1] http://tools.ietf.org/html/rfc3961#section-3 - section 6: 3961 says some things take UTF-8 as input but you never mentioned UTF-8 here at all, do you need to? - Side note: while I'm not keen myself on ciphersuite proliferation, when a wg wants it, as in this case, its not my job to get in the way, especially when the wg have specifically considered that aspect as you have here in deciding that you want this as informational and not standards-track. (I'm just saying this in case someone says to me later: "but you said Camellia was ok.";-) nits: - section 2: "The Camellia key space is dense" that's either a non-trivial statement (in which case a reference would be good) or else is trivial, in which case maybe just get rid of it as it might confuse. (Even nittier nit: s/random octet string/octet strings/) - section 3 has an implicit pointer to section 4, where KDF-FEEDBACK-CMAC is defined. Maybe add a pointer or swap the order of sections 3 & 4. - please say somewhere that "|" means catenation. (Personally I prefer "||" but whatever.) - section 6: are the en/de-cryption functions sufficiently well specified that a coder can work from just this? I'm guessing they are ok, but be nice to know if that's happened. - In cross-checking section 6 with 3961 section 3 I wasn't sure that the "string-to-key parameter format" that needs to be specified is clearly specified. (Note: I just did a mechanical check that the things called for by 3961 are present, I didn't really dive into it fully.) _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg
- [Ietf-krb-wg] AD review of draft-ietf-krb-wg-came… Stephen Farrell
- Re: [Ietf-krb-wg] AD review of draft-ietf-krb-wg-… Greg Hudson
- Re: [Ietf-krb-wg] AD review of draft-ietf-krb-wg-… Stephen Farrell
- Re: [Ietf-krb-wg] AD review of draft-ietf-krb-wg-… Jeffrey Hutzelman
- Re: [Ietf-krb-wg] ipr in draft-ietf-krb-wg-camell… Sam Hartman