[secdir] Review of draft-merkle-tls-brainpool-03

Simon Josefsson <simon@josefsson.org> Fri, 05 July 2013 13:20 UTC

Return-Path: <simon@josefsson.org>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 048E911E82E3; Fri, 5 Jul 2013 06:20:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.249
X-Spam-Status: No, score=-102.249 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_SE=0.35, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id vhVtXD6W8SdS; Fri, 5 Jul 2013 06:20:49 -0700 (PDT)
Received: from duva.sjd.se (duva.sjd.se []) by ietfa.amsl.com (Postfix) with ESMTP id C827F21F9622; Fri, 5 Jul 2013 06:20:48 -0700 (PDT)
Received: from latte.josefsson.org (static-213-115-179-130.sme.bredbandsbolaget.se []) (authenticated bits=0) by duva.sjd.se (8.14.4/8.14.4/Debian-4) with ESMTP id r64MgIIi015051 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Fri, 5 Jul 2013 00:42:20 +0200
Date: Fri, 5 Jul 2013 00:42:18 +0200
From: Simon Josefsson <simon@josefsson.org>
To: iesg@ietf.org, secdir@ietf.org, draft-merkle-tls-brainpool.all@tools.ietf.org
Message-ID: <20130705004218.233f8942@latte.josefsson.org>
X-Mailer: Claws Mail 3.8.1 (GTK+ 2.24.10; x86_64-pc-linux-gnu)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: clamav-milter 0.97.8 at duva.sjd.se
X-Virus-Status: Clean
Subject: [secdir] Review of draft-merkle-tls-brainpool-03
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Jul 2013 13:20:55 -0000

I have reviewed draft-merkle-tls-brainpool-03 and consider the document
to be "Ready with nits".  I support its publication.

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

I haven't verified the test vectors, but as an implementer I'm happy
that they are present and they improve the credibility of the draft.

I believe the document would be improved by addressing the suggestions
below, but these comments are not critical.


When I read the document, it seems to be missing its "gut".  There is
one section "Introduction" and then you would expect the actual
specification.  But instead comes the Security Considerations and the
rest of the usual IETF boiler plate.  The contribution of this document
is hidden in the IANA Considerations.

In particular, there is no TLS presentation language of the new fields.

Adding new TLS enum types is done by several other documents, and they
usually contain a bit more detail.  Compare how RFC5878 introduces new
enum types in section 2.  For an alternative approach, look at how
rfc6042 introduces new enum types.

Further, I feel it is more appropriate to put the comment about DTLS
compatibility in this new section rather than in the IANA

I would propose to add a new section after "Introduction":

2. Brainpool NamedCurve Types

This document adds three new NamedCurve types as follows.

        enum {
        } NamedCurve;

These curves are suitable for use with DTLS [RFC6347].


In section 1, remove a whitespace after the RFC5480 citation.  It
causes a comma to appear standalone.

   certificates according to [RFC3279] and [RFC5480] , their negotiation
   certificates according to [RFC3279] and [RFC5480], their negotiation