Re: [saag] AD review of draft-iab-crypto-alg-agility-06

[Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>]

Hi,

Sent from my iPhone

> On Jul 17, 2015, at 7:18 PM, Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote:
> 
> 
> Hiya,
> 
> Russ has asked me to start IETF last call for this draft and I
> plan to do that shortly. For WG drafts I usually post an AD
> review before doing so, and that's below. I don't think any of
> my comments need to be processed before starting LC so these
> should be considered along with other last call comments
> received.
> 
> Cheers,
> S.
> 
> [1] https://tools.ietf.org/html/draft-iab-crypto-alg-agility-06
> 
> 
> Don't be put off by the filename, this is being proposed for the
> IETF stream as a BCP.
> 
> intro, 3rd para: are we saying that agility is achieved when a
> protocol (specification) can easliy migrate from one suite to a
> better one, or when a deployment can easily migrate? The current
> text implies the former, but I'm not sure if we'd be better off
> aiming more for the latter.
> 
> 2.1: "Algorithm identifiers, on the other hand, impose a burden on
> implementations by forcing a determination at run-time regarding
> which algorithm combinations are acceptable." Here you mean IPsec
> style or chinese menu style alg ids. Do we need to make sure that
> alg id and suite id are used consistently throughout as one or the
> other but not both, and do we need a new term that means either? (I
> find this clear enough, but I'm not sure if it might confuse some
> readers.)
> 
> 2.3: "a mechanism is needed to determine whether the new algorithm
> has been deployed" I think that's overstated, maybe
> s/needed/desirable/ would be better?  (maybe with a bit more
> wordsmithing)
> 
> 2.4: The SHOULD for integrity only applies when the negotiation is
> done over the network, but some "selection" methods might not need
> protocol integrity mechanisms. Maybe drop "selection" there?
> 
> 2.4: Maybe join paras 2 and 3, para 2 alone reads a little oddly
> 
> 2.9: I'm not really a fan of blessing weaker algs for OS, but I lost
> that argument before. I wonder if we would get consensus if this
> said that weak algs are better than no encryption but still MUST be
> deprecated as soon as feasible?

I don't think we've really debated this enough to get consensus.  I don't think weaker algs fit into our agreed definitions for OS.  I just recall your debate with Pete on another draft, but think a wider debate is needed to see what the consensus is.  I don't think weaker algorithms should fit into the definition.

Best regards,
Kathleen
> 
> 3.1, 1st para: I think this could do with some more editing.
> 
> 3.2: "some people say" is a bit too weasel-wordy
> 
> 3.2: the second para here is repetition, I think you could delete
> all or almost all of that
> 
> 4: "eliminate the cruft" - yes, I like that:-)
> 
> general: there are some typos throughout, another pass to fix those
> would be good but I didn't have time to note them all sorry
> 
> _______________________________________________
> saag mailing list
> saag@ietf.org
> https://www.ietf.org/mailman/listinfo/saag