Re: [secdir] Secdir review of draft-herzog-static-ecdh-05

"Herzog, Jonathan - 0668 - MITLL" <jherzog@ll.mit.edu> Thu, 10 March 2011 20:40 UTC

Return-Path: <prvs=2050876065=jherzog@ll.mit.edu>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id BFA133A6A2F; Thu, 10 Mar 2011 12:40:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.847
X-Spam-Level:
X-Spam-Status: No, score=-5.847 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, SARE_OBFU_ALL=0.751, UNPARSEABLE_RELAY=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zqY8onbFffYz; Thu, 10 Mar 2011 12:40:39 -0800 (PST)
Received: from mx2.ll.mit.edu (MX2.LL.MIT.EDU [129.55.12.46]) by core3.amsl.com (Postfix) with ESMTP id C25A53A69F1; Thu, 10 Mar 2011 12:40:37 -0800 (PST)
Received: from LLE2K7-HUB02.mitll.ad.local (LLE2K7-HUB02.mitll.ad.local) by mx2.ll.mit.edu (unknown) with ESMTP id p2AKfr38006704; Thu, 10 Mar 2011 15:41:53 -0500
From: "Herzog, Jonathan - 0668 - MITLL" <jherzog@ll.mit.edu>
To: David McGrew <mcgrew@cisco.com>
Date: Thu, 10 Mar 2011 15:41:52 -0500
Thread-Topic: [secdir] Secdir review of draft-herzog-static-ecdh-05
Thread-Index: AcvfY5aiZDxPn8h4ScW7DlnSEoXROg==
Message-ID: <63667400-81DF-438E-869F-247222DECA18@ll.mit.edu>
References: <D858A225-D1D1-497D-BA40-A66D3F55AD57@cisco.com> <552BBAA9-712F-49B4-8A5F-C671C3817C05@ll.mit.edu> <AA323705-436C-4B71-8B51-D2CA9E4E140C@cisco.com> <47CF9528-81A1-49D7-8D4B-B1DCC136581E@ll.mit.edu> <3E69AF7B-D325-4FC5-A003-FEBA1997D67E@cisco.com> <FFD02A42-A10C-4AE7-A763-5C2D1E1DFADA@ll.mit.edu> <65D56695-894D-458E-A9C4-6DCF6A38F196@cisco.com> <29C1F1D5-6EF0-4055-BA88-03F03E3F0A84@ll.mit.edu> <A2B7EC12-25AA-4D0A-ACA3-A5E67C14E596@cisco.com>
In-Reply-To: <A2B7EC12-25AA-4D0A-ACA3-A5E67C14E596@cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: multipart/signed; boundary="Apple-Mail-167--640034663"; protocol="application/pkcs7-signature"; micalg=sha1
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.2.15, 1.0.148, 0.0.0000 definitions=2011-03-10_10:2011-03-10, 2011-03-10, 1970-01-01 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 ipscore=0 suspectscore=8 phishscore=0 bulkscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx engine=5.0.0-1012030000 definitions=main-1103100151
X-Mailman-Approved-At: Fri, 11 Mar 2011 08:19:10 -0800
Cc: "secdir@ietf.org" <secdir@ietf.org>, "draft-herzog-static-ecdh@tools.ietf.org" <draft-herzog-static-ecdh@tools.ietf.org>, "iesg@ietf.org" <iesg@ietf.org>
Subject: Re: [secdir] Secdir review of draft-herzog-static-ecdh-05
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Mar 2011 20:40:43 -0000

On Mar 10, 2011, at 1:12 PM, David McGrew wrote:
> 
> 
>> 
>> However, SP800-56A does define cofactor ECDH. So let me propose the  
>> following citation scheme:
>> 
>> * ECDH in general: RFC 6090
>> * Standard ECDH: RFC 6090
>> * Co-factor Diffie-Hellman: SP 800-56A, Section 5.7.1.2
>> * Full public-key validation: SP800-56A, Section 5.6.2.5
>> * Partial public-key validation: SP800-56A: Section 5.6.2.6
>> * Key-derivation function... still working on it.
>> 
>> Thoughts?
> 
> That looks good to me.  Let me know if I can help with the KDF.


I'd appreciate it, thanks. One of the goals of this draft is to remain as compatible with RFC 5753 as possible, so as to impact implementations as little as possible. RFC 5753, for its part, specifies the KDF in SEC1. And the KDF in SEC1 is just the 'simple hash function construct described in ANSI X9.63'. So, do you think I can cite X9.63 as the normative reference? And if so, what are your thoughts on citing SEC1 as an informative reference for this KDF? SEC1 is, after all, freely available on the web.

(Note: I'm still chasing down the ANSI spec to ensure that it does, in fact, match the description in SEC1.)

Thanks.

-- 
Jonathan Herzog							voice:  (781) 981-2356
Technical Staff							fax:    (781) 981-7687
Cyber Systems and Technology Group		email:  jherzog@ll.mit.edu
MIT Lincoln Laboratory               			www:    http://www.ll.mit.edu/CST/
244 Wood Street    
Lexington, MA 02420-9185