[secdir] Secdir review of draft-ietf-curdle-dnskey-eddsa-02

Magnus Nyström <magnusn@gmail.com> Mon, 12 December 2016 01:44 UTC

Return-Path: <magnusn@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 44CF51279EB; Sun, 11 Dec 2016 17:44:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4EqLQsnV9nVG; Sun, 11 Dec 2016 17:44:19 -0800 (PST)
Received: from mail-yw0-x233.google.com (mail-yw0-x233.google.com [IPv6:2607:f8b0:4002:c05::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AD797129549; Sun, 11 Dec 2016 17:44:19 -0800 (PST)
Received: by mail-yw0-x233.google.com with SMTP id t125so54380414ywc.1; Sun, 11 Dec 2016 17:44:19 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:from:date:message-id:subject:to; bh=E8zQJKiciD09nHBYEDQoR68lihvh69t9027H7iPZBH8=; b=vY4qnmSBVDjJQlpWZDfgZ1vYG3iOUr4e7vWxfeEgw0ZX85mEPdLjrdRnBWauyQO2i6 xwXr0BgVHx7eSP4NdSp2/8FT2Aihhp6xQQCkOBdIJFU87bn0JPk6ymgKLV7EkiXBufHo UDlQBEHhYsOGpANnsdGis2obJge2eQauZXmK8DaQB+yx+SEOfPzkvG1pknQyNR6mP7u6 Y8910YSJUrYGEX9ASyISSgCm9MKwYvn8v4Y5+ADi5gBKWvxGpE3q84UUkMBEJnMkcjiF WnyOQsmxzkAcfa4QbGcGNu58PqqgFvmnOEEyIBHeuU0BYrc0qRYjQxGf5oP/aILzHhX/ 7GJQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=E8zQJKiciD09nHBYEDQoR68lihvh69t9027H7iPZBH8=; b=NbH+lzENLloJ0hNsJAaaagjN+6Psx7mc0AWjtQQZTjyxC8+0BA+W+1UkcoquTeRbaZ +ROnKQrDQ+xpWSjaay+9QLmD5sjSQkyrJAK2UsvSCqgRwQHycLeLFeTPQLtqJivwHH/b gtXA03PHCDHhcBCBVA5l8H5honHfmnULPTZEO/XfyXfwWBDrUNJ80DFA+thlY18/Uv9G 1bPYMak4dqI6g0FpS/MDDJJNgYRSRcfXplLppEBJJ3fYWYexKD7VIM76WZ7wSGt8gEGc +z2OdWjCMF9MY1H8s2ZJs+cJd0GR6kjGCQsdjIgJvQCvk7caxohZHVlLsgfXY9vVEuEl dEcQ==
X-Gm-Message-State: AKaTC00zjhaAo8Kibo1uh7wDxBkEw6lok5EoywEaXNO5mdVmP55wppGsrt7yBcc2uC35RnItr9WSQERQWjkBBQ==
X-Received: by 10.13.250.3 with SMTP id k3mr84786510ywf.276.1481507058837; Sun, 11 Dec 2016 17:44:18 -0800 (PST)
MIME-Version: 1.0
Received: by 10.37.195.195 with HTTP; Sun, 11 Dec 2016 17:44:18 -0800 (PST)
From: =?UTF-8?Q?Magnus_Nystr=C3=B6m?= <magnusn@gmail.com>
Date: Sun, 11 Dec 2016 17:44:18 -0800
Message-ID: <CADajj4aOGCi1nTzTSP4zAEf-3pa0M78pFj6Tw3QBLq-XuaABbA@mail.gmail.com>
To: "secdir@ietf.org" <secdir@ietf.org>, draft-ietf-curdle-dnskey-eddsa@ietf.org
Content-Type: text/plain; charset=UTF-8
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/HUOWX6N7pkHFwQJO9ssl34LTi9Q>
Subject: [secdir] Secdir review of draft-ietf-curdle-dnskey-eddsa-02
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Dec 2016 01:44:21 -0000

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG. These comments were written primarily for the benefit of the
security area directors. Document editors and WG chairs should treat
these comments just like any other last call comments.

This document describes how to use two two specific Edwards Curves
(Elliptic Curves) in conjunction with DNSSEC, namely ed25519 and
ed448.

The only comment I have on this document is that the Security
Considerations section plainly states, without any reference or proof:

"Ed25519 and Ed448 offers improved security properties and
implementation characteristics compared to RSA and ECDSA algorithms"

I suggest either adding references to proofs of these statements or
alternatively just remove the sentence (since it doesn't really add
anything to the memo); the remaining paragraphs in the Security
Considerations section is what really covers what someone implementing
the memo should know or be aware of.

-- Magnus