[secdir] review of draft-ietf-keyprov-symmetrickeyformat-07

"Joseph Salowey (jsalowey)" <jsalowey@cisco.com> Sun, 25 April 2010 20:30 UTC

Return-Path: <jsalowey@cisco.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 194F83A6894; Sun, 25 Apr 2010 13:30:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.493
X-Spam-Level:
X-Spam-Status: No, score=-10.493 tagged_above=-999 required=5 tests=[AWL=0.106, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sP9oFppkPnDm; Sun, 25 Apr 2010 13:30:23 -0700 (PDT)
Received: from sj-iport-4.cisco.com (sj-iport-4.cisco.com [171.68.10.86]) by core3.amsl.com (Postfix) with ESMTP id 05D4B3A68D8; Sun, 25 Apr 2010 13:30:15 -0700 (PDT)
Authentication-Results: sj-iport-4.cisco.com; dkim=neutral (message not signed) header.i=none
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AvsEAOtC1EurR7H+/2dsb2JhbACcM3GleZhthQwEgzk
X-IronPort-AV: E=Sophos;i="4.52,270,1270425600"; d="scan'208";a="120322770"
Received: from sj-core-2.cisco.com ([171.71.177.254]) by sj-iport-4.cisco.com with ESMTP; 25 Apr 2010 20:30:03 +0000
Received: from xbh-sjc-221.amer.cisco.com (xbh-sjc-221.cisco.com [128.107.191.63]) by sj-core-2.cisco.com (8.13.8/8.14.3) with ESMTP id o3PKU3HY023749; Sun, 25 Apr 2010 20:30:03 GMT
Received: from xmb-sjc-225.amer.cisco.com ([128.107.191.38]) by xbh-sjc-221.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.3959); Sun, 25 Apr 2010 13:30:03 -0700
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Date: Sun, 25 Apr 2010 13:30:00 -0700
Message-ID: <AC1CFD94F59A264488DC2BEC3E890DE50A28A007@xmb-sjc-225.amer.cisco.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: review of draft-ietf-keyprov-symmetrickeyformat-07
Thread-Index: AcrkthOxnwbFPjkSS7OYo3hFe5GsPg==
From: "Joseph Salowey (jsalowey)" <jsalowey@cisco.com>
To: secdir@ietf.org, iesg@ietf.org, draft-ietf-keyprov-symmetrickeyformat.all@tools.ietf.org
X-OriginalArrivalTime: 25 Apr 2010 20:30:03.0813 (UTC) FILETIME=[1605A550:01CAE4B6]
Cc: draft-ietf-keyprov-pskc@tools.ietf.org
Subject: [secdir] review of draft-ietf-keyprov-symmetrickeyformat-07
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 25 Apr 2010 20:30:24 -0000

I have reviewed this document as part of the security directorate's 
ongoing effort to review all IETF documents being processed by the 
IESG.  These comments were written primarily for the benefit of the 
security area directors.  Document editors and WG chairs should treat 
these comments just like any other last call comments.

The document defines an ASN.1 container for symmetric keys.  This seems
useful.  For the most part the document is clear.  I have the following
comments (I also copied the authors of draft-ietf-keyprov-pskc-05 since
some of the comments may more pertain to that document). 

1. Is the sKey value encrypted or clear text?  

2. Section 3.2.12 Value MAC

I was not clear to me how this MAC was calculated.  What exactly does it
cover?  I assume it is the octet string in the sKey field in the
OneSymmetricKey sequence.  Does it include the ASN.1 encoding or not.  

3. Why is section 4 necessary in
draft-ietf-keyprov-symmetrickeyformat-07 and not in
http://tools.ietf.org/html/draft-ietf-keyprov-pskc-05?  

Thanks,

Joe