[Lwip] Paul Wouters' No Objection on draft-ietf-lwig-curve-representations-23: (with COMMENT)
Paul Wouters via Datatracker <noreply@ietf.org> Thu, 02 February 2023 13:19 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: lwip@ietf.org
Delivered-To: lwip@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 5A04BC14F730; Thu, 2 Feb 2023 05:19:08 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Paul Wouters via Datatracker <noreply@ietf.org>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-lwig-curve-representations@ietf.org, lwig-chairs@ietf.org, lwip@ietf.org, Mohit Sethi <mohit.m.sethi@ericsson.com>, mohit.m.sethi@ericsson.com
X-Test-IDTracker: no
X-IETF-IDTracker: 9.7.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Paul Wouters <paul.wouters@aiven.io>
Message-ID: <167534394835.57544.8641992452366713349@ietfa.amsl.com>
Date: Thu, 02 Feb 2023 05:19:08 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/lwip/Yb7qTWvI6_69U0E9e8bRXf461kY>
Subject: [Lwip] Paul Wouters' No Objection on draft-ietf-lwig-curve-representations-23: (with COMMENT)
X-BeenThere: lwip@ietf.org
X-Mailman-Version: 2.1.39
List-Id: "Lightweight IP stack. Official mailing list for IETF LWIG Working Group." <lwip.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lwip>, <mailto:lwip-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lwip/>
List-Post: <mailto:lwip@ietf.org>
List-Help: <mailto:lwip-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lwip>, <mailto:lwip-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Feb 2023 13:19:08 -0000
Paul Wouters has entered the following ballot position for draft-ietf-lwig-curve-representations-23: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ for more information about how to handle DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-lwig-curve-representations/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- I fully support Roman's DISCUSS. I also agree with Lars, which is the reason I'm balloting No Objection. I feel the document is not telling the full story of the price to pay for this code re-use effort. After all, Section 10 and 12 is requesting code points JOSE / COSE, so this effort is not simply something that is limited in scope to implementaton details. There is a price to facilitate this. The reason I am not objecting to the code points, is that the registry defines a range for non-standard track "specification required" entries. But I agree with Roman that these entries cannot have "Recommended: Y". NOTE 2: At this point, it is unclear whether a FIPS-accredited module implementing the co-factor Diffie-Hellman scheme with, e.g., P-256 would also extend this accreditation to the Montgomery versions X25519+ or X25519. (For cryptographic module validation program guidance, see, e.g., [FIPS-140-2].) This note should be re-evaluated as it is based on FIPS-140-2 which was obsoleted by FIPS-140-3 about 4 years ago. If the note is still valid, the reference should be updated. Note that storage would have reduced to a single 64-byte table if only the Curve25519 curve would have been generated so as to be isomorphic to a Weierstrass curve with hardcoded a=-3 parameter (this corresponds to l=1). This feels like aimed at a discussion and/or implementer that is not in scope for this document. The Privacy Considerations text feels out of scope for this document. Open IANA Expert issue: Expert comments: OIDs have been approved. JOSE experts had approved version 12, but new reviews are pending. A COSE expert writes that he hasn't seen a detailed response to his February review and adds, "As I remember the overall conclusion the COSE WG meeting Feb 17 confirmed that registrations should follow current practice, and that, e.g., ES256K is an exception not to be followed."
- [Lwip] Paul Wouters' No Objection on draft-ietf-l… Paul Wouters via Datatracker