[secdir] secdir review of draft-moriarty-pkcs5-v2dot1-01

"Xialiang (Frank)" <frank.xialiang@huawei.com> Wed, 31 August 2016 10:03 UTC

Return-Path: <frank.xialiang@huawei.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id EB14912DA93; Wed, 31 Aug 2016 03:03:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.768
X-Spam-Status: No, score=-4.768 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.548, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id 5CAlMPwNTBAd; Wed, 31 Aug 2016 03:03:04 -0700 (PDT)
Received: from lhrrgout.huawei.com (lhrrgout.huawei.com []) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 357A912D0D9; Wed, 31 Aug 2016 03:03:03 -0700 (PDT)
Received: from (EHLO lhreml705-cah.china.huawei.com) ([]) by lhrrg02-dlp.huawei.com (MOS 4.3.7-GA FastPath queued) with ESMTP id CQM67243; Wed, 31 Aug 2016 10:03:01 +0000 (GMT)
Received: from SZXEMA415-HUB.china.huawei.com ( by lhreml705-cah.china.huawei.com ( with Microsoft SMTP Server (TLS) id; Wed, 31 Aug 2016 11:02:58 +0100
Received: from SZXEMA502-MBS.china.huawei.com ([]) by SZXEMA415-HUB.china.huawei.com ([]) with mapi id 14.03.0235.001; Wed, 31 Aug 2016 18:02:50 +0800
From: "Xialiang (Frank)" <frank.xialiang@huawei.com>
To: "'iesg@ietf.org'" <iesg@ietf.org>, "'secdir@ietf.org'" <secdir@ietf.org>, "draft-moriarty-pkcs5-v2dot1.all@tools.ietf.org" <draft-moriarty-pkcs5-v2dot1.all@tools.ietf.org>
Thread-Topic: secdir review of draft-moriarty-pkcs5-v2dot1-01
Thread-Index: AdIDbtQMbJEl3m8/Q2qkTlutw9fhVA==
Date: Wed, 31 Aug 2016 10:02:50 +0000
Message-ID: <C02846B1344F344EB4FAA6FA7AF481F12AFB7711@SZXEMA502-MBS.china.huawei.com>
Accept-Language: zh-CN, en-US
Content-Language: zh-CN
x-originating-ip: []
Content-Type: multipart/alternative; boundary="_000_C02846B1344F344EB4FAA6FA7AF481F12AFB7711SZXEMA502MBSchi_"
MIME-Version: 1.0
X-CFilter-Loop: Reflected
X-Mirapoint-Virus-RAPID-Raw: score=unknown(0), refid=str=0001.0A0B0203.57C6AB55.00EA, ss=1, re=0.000, recu=0.000, reip=0.000, cl=1, cld=1, fgs=0, ip=, so=2013-06-18 04:22:30, dmn=2013-03-21 17:37:32
X-Mirapoint-Loop-Id: d7ff7d9256b9ade65b9b6a8d5c30ccbc
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/GAhIMpkAbj4yxBIf6MKUlEmowJY>
Subject: [secdir] secdir review of draft-moriarty-pkcs5-v2dot1-01
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 31 Aug 2016 10:03:07 -0000


I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG.  These comments were written primarily for the benefit of the security area directors.  Document editors and WG chairs should treat these comments just like any other last call comments.

This document provides recommendations for the implementation of password-based cryptography, covering key derivation functions, encryption schemes, message-authentication schemes, and ASN.1 syntax identifying the techniques. And this document represents a republication of PKCS #5 v2.1 from RSA Laboratories' Public-Key Cryptography Standards (PKCS) series. By publishing this RFC, change control is transferred to the IETF.

In general, this draft is based on [RFC2898] (PKCS #5) and RSA new released PKCS #5 V2.1 specification, and includes some minor updates to them. So, it has a solid security basis. Regarding to the new introduced contents, there are no more new security threats identified.

Summary: this document appears in reasonably good shape, with minor issues that should be addressed before publication.

Below is a series of my comments, nits for your consideration.


Section 5.1
"S    salt, an eight-octet string": This sentence is not accurate. The Salt used in the PBKDF1 algorithm should be an octet string with more than 8 bytes length here;

section 5.2
"applied to the password P and the concatenation of the salt S and the block index i:": this sentence seems to be not clear to explain the following series of equations, for example:
1. how to use "i" in them?
2. how to use "Salt" in them?
Would you please clarify the issue and improve the content to be more clear?


1. PKCS #8 should have a reference of [PKCS8][RFC5958];
2. The second "-" in "password-based-key" should be removed;
3. If there is PKCS #5 V2.1 specification, the reference of it should be added after the content of "PKCS #5 V2.1";

Section 1
Please split the last two words of "compatibletechniques.".

Section 2
Miss "\xor" before "bit-wise exclusive-or of two octet strings".

Section 5.1
"DK = Tc<0..dkLen-1>": Tc should be T_c.

Section 5.2
1. The title of Section 5.2 should be "PBKDF2";
2. A calculation equation is missed here: "F (P, S, c, i) = U_1 \xor U_2 \xor ... \xor U_c".

Section 6.1.1
The title of the Section should be "PBES1 Encryption Operation".

Appendix A.1
"for PBES1" should be changed to "for PBKDF1".