IETF Logo Mail Archive

Re: [secdir] [Last-Call] Secdir last call review of draft-ietf-ipsecme-qr-ikev2-09

"R. Atkinson" <rja.lists@gmail.com> Thu, 26 December 2019 19:16 UTC

Return-Path: <rja.lists@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 18C7A1208DF; Thu, 26 Dec 2019 11:16:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RF17GmXSLQq9; Thu, 26 Dec 2019 11:16:50 -0800 (PST)
Received: from mail-qk1-x741.google.com (mail-qk1-x741.google.com [IPv6:2607:f8b0:4864:20::741]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F12501208D0; Thu, 26 Dec 2019 11:16:49 -0800 (PST)
Received: by mail-qk1-x741.google.com with SMTP id c16so20031873qko.6; Thu, 26 Dec 2019 11:16:49 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=qXGtJnNdi60A/dOHJaXPws+Azza3mLlKDeaf+JYlNF4=; b=frU/I/YYlEieMaf9gSmKJW+Cwl3bFrosDqe0HBxIYaavLNTt8DuNXDgRf1w7A/n+QF wl7x34zDLL5L4qdSzukQLc4iL1LmcW0ZAM71k6ir6rsk6TosWDZ/BXT7hX9kaBA9Eqya CUqYC7apg049CZpqLZjYHnZt8pyqqDR2j4r/4MldtDZ3wGCIb6T/rWbYVC/4Un5t6MGV b7b8nlZeAfMAQBRVFVx+KY4F+iCsJSZuMvZuOyMSQnsSlOtt0LUSaajY4ALnA3mlm7KN wndCoYT0ySJotVq327G40lPkUhy34oJfDxK3kB8DdLhkk3G6UWPx+czqURUCqwJeYWNW 5P0g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=qXGtJnNdi60A/dOHJaXPws+Azza3mLlKDeaf+JYlNF4=; b=FdC9gUxO7hO4sUaSq/G7ZkjSyYNogQXr83yvJvXyO08P/BK9jigIiwjvpwBYssWJxV kJJOl+ubO/9eCvASly4HDHhDc5kbKkpfiI+xOTOneRX+KN0HxSvAEA0M81mIZrs1dOm8 i5RKeSMsoFZY0hBY7b2U41yAG2PKTbiL8r21Wst7LCtw7GbHOHFhKx5HUsbOeL5yk1a4 mVdUPvXCOsWNYc5MoEWlPxGOiVCNJ/29kuQS6Vl3LYIkFaMMjnhvIJalKksGWgj4xKmb xtAD/mKuzq+YFfS76yVasYIkDmbQUtgSA51a3Kh/Ty/P9bmPQP3qkx5zvkoDNrtYIM8L E/7A==
X-Gm-Message-State: APjAAAUgFuh0KDvFCxbgccyFH3u9GVJPsGerE1tNfI5pQ1s+W3mOjhBb t1wcrsG/rWUeCbRUl0KY+8H1+yRB
X-Google-Smtp-Source: APXvYqw+IiQyfv2eGU4DD/b4+xlpCpk5nXQU/tZoORSDR71WrgQwkp4Kg2YTSSO7oFIeQF5i9YxcRw==
X-Received: by 2002:a05:620a:1403:: with SMTP id d3mr30781056qkj.243.1577387808865; Thu, 26 Dec 2019 11:16:48 -0800 (PST)
Received: from [10.30.20.14] (pool-108-48-81-61.washdc.fios.verizon.net. [108.48.81.61]) by smtp.gmail.com with ESMTPSA id t2sm9663534qtn.22.2019.12.26.11.16.47 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 26 Dec 2019 11:16:48 -0800 (PST)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
From: "R. Atkinson" <rja.lists@gmail.com>
In-Reply-To: <70FA58C0-97E1-4F76-B88B-A28101A46069@mit.edu>
Date: Thu, 26 Dec 2019 14:16:47 -0500
Cc: secdir <secdir@ietf.org>, "draft-ietf-ipsecme-qr-ikev2.all@ietf.org" <draft-ietf-ipsecme-qr-ikev2.all@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <BAD11AD2-26C0-4DEE-8260-E6A0792589D7@gmail.com>
References: <02c101d5baef$de2cdd90$9a8698b0$@elvis.ru> <70FA58C0-97E1-4F76-B88B-A28101A46069@mit.edu>
To: last-call@ietf.org
X-Mailer: Apple Mail (2.3445.104.11)
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/HcetOQoqHixjORKyxPv-IpuujWY>
Subject: Re: [secdir] [Last-Call] Secdir last call review of draft-ietf-ipsecme-qr-ikev2-09
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Dec 2019 19:16:52 -0000

In my experience, many countries other than the US also reference and use/follow many NIST specifications and many NIST recommendations/guidance.

Also, there is some non-governmental commercial pressure to follow NIST specifications, recommendations, & guidance.  For example, insurers of financial sector firms often write a requirement for the insured firm to at least be compliant with listed NIST specifications, recommendations, & guidance as part of the insurance (or re-insurance) policy for a bank, stock brokerage, or such like.

I am not certain, but I think the legal requirement in the US is limited to US Federal Government offices/agencies/departments other than the US Department of Defense.  For example, I do not think there are legal requirements for commercial firms or individual states to follow NIST specifications, recommendations, & guidance.  My understanding, possibly confused, is that US DoD writes its own guidance, at least on cryptographic matters.

Yours,

Ran



> On Dec 25, 2019, at 06:57, Uri Blumenthal <uri@mit.edu> wrote:
> 
> NIST standards are mandatory for a subset of US citizens. But enough of businesses outside the US pay attention to what NIST says to make adding the reference relevant and useful.
> 
>> On Dec 25, 2019, at 01:52, Valery Smyslov <svan@elvis.ru> wrote:
>> 
>> 
>> Hi Watson,
>>  
>> thank you for spending your time on this review in Christmas Eve.
>>  
>> The capitalization issue has been already noticed and fixed.
>>  
>> I’m not sure the draft should mention NIST levels, because 
>> they are relevant mostly for US customers. I think that 
>> generic recommendations on key sizes are more appropriate
>> for this document.
>>  
>> Regards,
>> Valery.
>>  
>> Damn misclick. I meant With Nits.
>>  
>> On Tue, Dec 24, 2019 at 8:02 PM Watson Ladd via Datatracker <noreply@ietf.org> wrote:
>> Reviewer: Watson Ladd
>> Review result: Not Ready
>> 
>> Twas the night before Christmas
>> when all through the house
>> someone was desperately trying to get a review done on time.
>> 
>> I didn't see anything wrong per se in the draft itself, but I found the
>> capitalization of quantum computer an odd choice. IKEv2 is a complicated
>> protocol, and I am not 100% sure that this draft does what we want it to: It
>> would be great if someone could check very carefully in some symbolic model,
>> ala what has been done in TLS. The guidance on sizes seems to rule out NIST
>> level 1, but not any higher levels: might be worth calling out this explicitly.
>> 
>> _______________________________________________
>> secdir mailing list
>> secdir@ietf.org
>> https://www.ietf.org/mailman/listinfo/secdir
>> wiki: http://tools.ietf.org/area/sec/trac/wiki/SecDirReview
>> 
>> 
>> -- 
>> "Man is born free, but everywhere he is in chains".
>> --Rousseau.
>> _______________________________________________
>> secdir mailing list
>> secdir@ietf.org
>> https://www.ietf.org/mailman/listinfo/secdir
>> wiki: http://tools.ietf.org/area/sec/trac/wiki/SecDirReview
> -- 
> last-call mailing list
> last-call@ietf.org
> https://www.ietf.org/mailman/listinfo/last-call

v2.23.0 | Report a Bug | By Email