[secdir] Review of draft-merkle-tls-brainpool-03
Simon Josefsson <simon@josefsson.org> Fri, 05 July 2013 13:20 UTC
Return-Path: <simon@josefsson.org>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 048E911E82E3; Fri, 5 Jul 2013 06:20:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.249
X-Spam-Level:
X-Spam-Status: No, score=-102.249 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_SE=0.35, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vhVtXD6W8SdS; Fri, 5 Jul 2013 06:20:49 -0700 (PDT)
Received: from duva.sjd.se (duva.sjd.se [37.123.176.9]) by ietfa.amsl.com (Postfix) with ESMTP id C827F21F9622; Fri, 5 Jul 2013 06:20:48 -0700 (PDT)
Received: from latte.josefsson.org (static-213-115-179-130.sme.bredbandsbolaget.se [213.115.179.130]) (authenticated bits=0) by duva.sjd.se (8.14.4/8.14.4/Debian-4) with ESMTP id r64MgIIi015051 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Fri, 5 Jul 2013 00:42:20 +0200
Date: Fri, 05 Jul 2013 00:42:18 +0200
From: Simon Josefsson <simon@josefsson.org>
To: iesg@ietf.org, secdir@ietf.org, draft-merkle-tls-brainpool.all@tools.ietf.org
Message-ID: <20130705004218.233f8942@latte.josefsson.org>
X-Mailer: Claws Mail 3.8.1 (GTK+ 2.24.10; x86_64-pc-linux-gnu)
Mime-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: clamav-milter 0.97.8 at duva.sjd.se
X-Virus-Status: Clean
Subject: [secdir] Review of draft-merkle-tls-brainpool-03
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Jul 2013 13:20:55 -0000
I have reviewed draft-merkle-tls-brainpool-03 and consider the document to be "Ready with nits". I support its publication. I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. I haven't verified the test vectors, but as an implementer I'm happy that they are present and they improve the credibility of the draft. I believe the document would be improved by addressing the suggestions below, but these comments are not critical. 1) When I read the document, it seems to be missing its "gut". There is one section "Introduction" and then you would expect the actual specification. But instead comes the Security Considerations and the rest of the usual IETF boiler plate. The contribution of this document is hidden in the IANA Considerations. In particular, there is no TLS presentation language of the new fields. Adding new TLS enum types is done by several other documents, and they usually contain a bit more detail. Compare how RFC5878 introduces new enum types in section 2. For an alternative approach, look at how rfc6042 introduces new enum types. Further, I feel it is more appropriate to put the comment about DTLS compatibility in this new section rather than in the IANA Considerations. I would propose to add a new section after "Introduction": --->>> 2. Brainpool NamedCurve Types This document adds three new NamedCurve types as follows. enum { brainpoolP256r1(TBD1), brainpoolP384r1(TBD2), brainpoolP512r1(TBD3) } NamedCurve; These curves are suitable for use with DTLS [RFC6347]. <<<--- 2) In section 1, remove a whitespace after the RFC5480 citation. It causes a comma to appear standalone. OLD: certificates according to [RFC3279] and [RFC5480] , their negotiation NEW: certificates according to [RFC3279] and [RFC5480], their negotiation /Simon
- [secdir] Review of draft-merkle-tls-brainpool-03 Simon Josefsson
- Re: [secdir] Review of draft-merkle-tls-brainpool… Johannes Merkle
- Re: [secdir] Review of draft-merkle-tls-brainpool… Simon Josefsson