Return-Path: <prvs=205554f640=jherzog@ll.mit.edu>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix)
 with ESMTP id EDBED3A6EDF; Tue, 15 Mar 2011 14:06:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.847
X-Spam-Level: 
X-Spam-Status: No, score=-5.847 tagged_above=-999 required=5 tests=[AWL=0.000,
 BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, SARE_OBFU_ALL=0.751,
 UNPARSEABLE_RELAY=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com
 [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QT5PgFIZ19FB;
 Tue, 15 Mar 2011 14:06:40 -0700 (PDT)
Received: from mx2.ll.mit.edu (MX2.LL.MIT.EDU [129.55.12.46]) by
 core3.amsl.com (Postfix) with ESMTP id C67303A6EC5;
 Tue, 15 Mar 2011 14:06:39 -0700 (PDT)
Received: from LLE2K7-HUB02.mitll.ad.local (LLE2K7-HUB02.mitll.ad.local) by
 mx2.ll.mit.edu (unknown) with ESMTP id p2FL81YI029488;
 Tue, 15 Mar 2011 17:08:01 -0400
From: "Herzog, Jonathan - 0668 - MITLL" <jherzog@ll.mit.edu>
To: David McGrew <mcgrew@cisco.com>
Date: Tue, 15 Mar 2011 17:07:59 -0400
Thread-Topic: [secdir] Secdir review of draft-herzog-static-ecdh-05
Thread-Index: AcvjVRFCCT07luIDT8uLmx35Y39lBQ==
Message-ID: <9BD7FA82-120B-4433-9EB0-7249C06F6852@ll.mit.edu>
References: <D858A225-D1D1-497D-BA40-A66D3F55AD57@cisco.com>
 <552BBAA9-712F-49B4-8A5F-C671C3817C05@ll.mit.edu>
 <AA323705-436C-4B71-8B51-D2CA9E4E140C@cisco.com>
 <47CF9528-81A1-49D7-8D4B-B1DCC136581E@ll.mit.edu>
 <3E69AF7B-D325-4FC5-A003-FEBA1997D67E@cisco.com>
 <FFD02A42-A10C-4AE7-A763-5C2D1E1DFADA@ll.mit.edu>
 <65D56695-894D-458E-A9C4-6DCF6A38F196@cisco.com>
 <29C1F1D5-6EF0-4055-BA88-03F03E3F0A84@ll.mit.edu>
 <A2B7EC12-25AA-4D0A-ACA3-A5E67C14E596@cisco.com>
 <63667400-81DF-438E-869F-247222DECA18@ll.mit.edu>
In-Reply-To: <63667400-81DF-438E-869F-247222DECA18@ll.mit.edu>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator: 
acceptlanguage: en-US
Content-Type: multipart/signed; boundary="Apple-Mail-56--206467168";
 protocol="application/pkcs7-signature"; micalg=sha1
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.2.15, 1.0.148,
 0.0.0000 definitions=2011-03-15_03:2011-03-14, 2011-03-15,
 1970-01-01 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0
 ipscore=0 suspectscore=8 phishscore=0 bulkscore=0 adultscore=0
 classifier=spam adjust=0 reason=mlx engine=5.0.0-1012030000
 definitions=main-1103150154
X-Mailman-Approved-At: Mon, 21 Mar 2011 08:27:18 -0700
Cc: "secdir@ietf.org" <secdir@ietf.org>,
 "draft-herzog-static-ecdh@tools.ietf.org"
 <draft-herzog-static-ecdh@tools.ietf.org>,
 "iesg@ietf.org IESG" <iesg@ietf.org>
Subject: Re: [secdir] Secdir review of draft-herzog-static-ecdh-05
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>,
 <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>,
 <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Mar 2011 21:06:41 -0000

--Apple-Mail-56--206467168
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=us-ascii


On Mar 10, 2011, at 3:41 PM, Herzog, Jonathan - 0668 - MITLL wrote:
>=20
> From: "Herzog, Jonathan - 0668 - MITLL" <jherzog@ll.mit.edu>
> Date: March 10, 2011 3:41:52 PM EST
> To: David McGrew <mcgrew@cisco.com>
> Cc: Brian Weis <bew@cisco.com>, =
"draft-herzog-static-ecdh@tools.ietf.org" =
<draft-herzog-static-ecdh@tools.ietf.org>, "iesg@ietf.org" =
<iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
> Subject: Re: [secdir] Secdir review of draft-herzog-static-ecdh-05
>=20
>=20
>=20
> On Mar 10, 2011, at 1:12 PM, David McGrew wrote:
>>=20
>>=20
>>>=20
>>> However, SP800-56A does define cofactor ECDH. So let me propose the =20=

>>> following citation scheme:
>>>=20
>>> * ECDH in general: RFC 6090
>>> * Standard ECDH: RFC 6090
>>> * Co-factor Diffie-Hellman: SP 800-56A, Section 5.7.1.2
>>> * Full public-key validation: SP800-56A, Section 5.6.2.5
>>> * Partial public-key validation: SP800-56A: Section 5.6.2.6
>>> * Key-derivation function... still working on it.
>>>=20
>>> Thoughts?
>>=20
>> That looks good to me.  Let me know if I can help with the KDF.
>=20
>=20
> I'd appreciate it, thanks. One of the goals of this draft is to remain =
as compatible with RFC 5753 as possible, so as to impact implementations =
as little as possible. RFC 5753, for its part, specifies the KDF in =
SEC1. And the KDF in SEC1 is just the 'simple hash function construct =
described in ANSI X9.63'. So, do you think I can cite X9.63 as the =
normative reference? And if so, what are your thoughts on citing SEC1 as =
an informative reference for this KDF? SEC1 is, after all, freely =
available on the web.
>=20
> (Note: I'm still chasing down the ANSI spec to ensure that it does, in =
fact, match the description in SEC1.)

Just to follow up on this: I got the X9.63 spec and checked its KDF. =
It's the same as the one in SEC1. Some very very minor differences in =
the description, but it's the same KDF.

Thanks.

--=20
Jonathan Herzog							voice:  =
(781) 981-2356
Technical Staff							fax:    =
(781) 981-7687
Cyber Systems and Technology Group		email:  =
jherzog@ll.mit.edu
MIT Lincoln Laboratory               			www:    =
http://www.ll.mit.edu/CST/
244 Wood Street   =20
Lexington, MA 02420-9185


--Apple-Mail-56--206467168
Content-Disposition: attachment; filename="smime.p7s"
Content-Type: application/pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIJrzCCBNIw
ggO6oAMCAQICChVM3JYAAAAAIh8wDQYJKoZIhvcNAQEFBQAwUTELMAkGA1UEBhMCVVMxHzAdBgNV
BAoTFk1JVCBMaW5jb2xuIExhYm9yYXRvcnkxDDAKBgNVBAsTA1BLSTETMBEGA1UEAxMKTUlUTEwg
Q0EtMTAeFw0xMDA1MjUyMDQ1MzhaFw0xMTA1MjUyMDQ1MzhaMGQxCzAJBgNVBAYTAlVTMR8wHQYD
VQQKExZNSVQgTGluY29sbiBMYWJvcmF0b3J5MQ8wDQYDVQQLEwZQZW9wbGUxIzAhBgNVBAMTGkhl
cnpvZy5Kb25hdGhhbi5DLjUwMDExMzA1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
93mr5a6zq6EQsVtIX9BadxwzpjabF8pvDmoMSP/ZhbWrncNJ1j7xiBGcihYqsDaQz9+hJITxi7IM
NUx5fnFtOQRHZgkOCLR1URFc0AlJ3Pknv6XoQ4fqPODmSMB882c9l/8AbO7N/27r8n/V0Ip4Rpw8
1qnrDXk6UH/1zHlssGmlVng0RSREuQy98xPxzbLr5cOMWLwHs5OLNYcGv0KlD6rp1DPzJ3qplU/+
0P2jyYbGyXStJ/h+3Kx5mOWFLB4j8HDyLG90ZHlZjZXo9FrSoFubVJK/mdVzIuXd00Ldl1fCyxhR
D9elkpTc7xOLJsEzCCi8Gqo6eQuvz1RH93u3PwIDAQABo4IBlzCCAZMwDgYDVR0PAQH/BAQDAgbA
MB0GA1UdDgQWBBRPjG6+CxR6H/o9vyq5PgmW9vmuajAfBgNVHSMEGDAWgBSUWsZYybYmm6AJe6gv
ZJDDiQJuKjAzBgNVHR8ELDAqMCigJqAkhiJodHRwOi8vY3JsLmxsLm1pdC5lZHUvZ2V0Y3JsL0xM
Q0ExMGIGCCsGAQUFBwEBBFYwVDAtBggrBgEFBQcwAoYhaHR0cDovL2NybC5sbC5taXQuZWR1L2dl
dHRvL0xMQ0ExMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5sbC5taXQuZWR1LzAMBgNVHRMBAf8E
AjAAMD0GCSsGAQQBgjcVBwQwMC4GJisGAQQBgjcVCIOD5R2H7Kdmhq2HFYPq8EWFtqEfHYXL3jKH
/4pzAgFkAgEFMCIGA1UdJQEB/wQYMBYGCCsGAQUFBwMEBgorBgEEAYI3CgMMMBgGA1UdIAQRMA8w
DQYLKoZIhvcSAgEDAQgwHQYDVR0RBBYwFIESamhlcnpvZ0BsbC5taXQuZWR1MA0GCSqGSIb3DQEB
BQUAA4IBAQBI6aoe1c6Glzs3Hh/lIzf2TzmtZSQLl8UZaIFGi0zG0EjsO6wjX6bfv/WizE30OEef
6So76p0dNt7j21lrH+FGaH6r41ggikbkoazNkAePsQk0WPZhmpus1rByNUozK4KMPpzLAynHNd5m
POtqoIwDiTEgktLuZ1nwU7bUHmv7BO14dkhLhMOFKRCIi3vqe9rDh9pTYt1YNhQe1fBme6Y5DWLA
TxBBqErz05e7rVngKi6yk6j7cqWpiM6L93z2Zq5p9FqACsJHmMwxH/8XFeeXgFf/CKMAIuSZCGFU
29ouEZWL7LLu87SFGm3f/3sLS7xgXei7d/PlXte1HKKdKOCPMIIE1TCCA72gAwIBAgIKFU5e0QAA
AAAiIDANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWTUlUIExpbmNvbG4g
TGFib3JhdG9yeTEMMAoGA1UECxMDUEtJMRMwEQYDVQQDEwpNSVRMTCBDQS0xMB4XDTEwMDUyNTIw
NDcxN1oXDTExMDUyNTIwNDcxN1owZDELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFk1JVCBMaW5jb2xu
IExhYm9yYXRvcnkxDzANBgNVBAsTBlBlb3BsZTEjMCEGA1UEAxMaSGVyem9nLkpvbmF0aGFuLkMu
NTAwMTEzMDUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtC8sNdkCteQagOVEnQQs4
5uLqsmaOfjqTywNWuvaVj0F8Jsek8bOcuK4rlB1PrBk0Q+s/N4FVcGEn6BEDWRIDFaETVr1jweTE
yRUtqngTIvpbpeixV37BcFkVnbV2VrZC5oaa0c0bkxXkuE0lohQS5AIBXQRADEJVnfXIM44yvsmo
T7J5rdGwjIg4QJ2YA07po0JkbndcylcjU0zW2Lv432MEZrX/o+T0rraFAhT8A+8De9CIo0LJkXCK
cNwk6LwuNKQS0qeezDo5wRiqZaht3ftiAuOImOxN44hxnDa2cHVbOFQ+pevN08gH7d39CVHUbHMC
PnuIBoQNu61I2+ItAgMBAAGjggGaMIIBljAOBgNVHQ8BAf8EBAMCBSAwHQYDVR0OBBYEFEuYUJcI
JTs8b2SWTJN28DD/qqsNMB8GA1UdIwQYMBaAFJRaxljJtiaboAl7qC9kkMOJAm4qMDMGA1UdHwQs
MCowKKAmoCSGImh0dHA6Ly9jcmwubGwubWl0LmVkdS9nZXRjcmwvTExDQTEwYgYIKwYBBQUHAQEE
VjBUMC0GCCsGAQUFBzAChiFodHRwOi8vY3JsLmxsLm1pdC5lZHUvZ2V0dG8vTExDQTEwIwYIKwYB
BQUHMAGGF2h0dHA6Ly9vY3NwLmxsLm1pdC5lZHUvMAwGA1UdEwEB/wQCMAAwPQYJKwYBBAGCNxUH
BDAwLgYmKwYBBAGCNxUIg4PlHYfsp2aGrYcVg+rwRYW2oR8dhevQcIPr7SACAWQCAQQwJQYDVR0l
BB4wHAYEVR0lAAYIKwYBBQUHAwQGCisGAQQBgjcKAwQwGAYDVR0gBBEwDzANBgsqhkiG9xICAQMB
CDAdBgNVHREEFjAUgRJqaGVyem9nQGxsLm1pdC5lZHUwDQYJKoZIhvcNAQEFBQADggEBAAmf5m3W
0Di4aQhLS1e2xejG3MQPQJvWL3dHbnHYG+NDVFWcuqyE5t73eb7nV2UyGRVHDt6MyIquedAPPm86
FSPZ6CUGGj5imp9pAu7C+xESBMY4z0k5htK/h5vlSB9X/i3JbXI8KBOioH1QYenMfrvTISmk/+5A
BHsMDOpK7//bX66DP+iopoIiWJktY+dfiak7uTZhuYEOmICq4QlP9dDqdPiQGje4Y8xZ45YL6+2I
m5GIzuIac/r51YTBuCk+TxTZIITMx+Fr50Ur6s4dOnvApxMR7iZX6oKnmVfXrjFMMQxR1TN5ISUn
IoMyID3yCiInqQh6G3WPCAhwa/qG/moxggLJMIICxQIBATBfMFExCzAJBgNVBAYTAlVTMR8wHQYD
VQQKExZNSVQgTGluY29sbiBMYWJvcmF0b3J5MQwwCgYDVQQLEwNQS0kxEzARBgNVBAMTCk1JVExM
IENBLTECChVM3JYAAAAAIh8wCQYFKw4DAhoFAKCCAT8wGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEH
ATAcBgkqhkiG9w0BCQUxDxcNMTEwMzE1MjEwNzYwWjAjBgkqhkiG9w0BCQQxFgQUHHhDhJ++MzDx
3LOcCnwv/j6GE2kwbgYJKwYBBAGCNxAEMWEwXzBRMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWTUlU
IExpbmNvbG4gTGFib3JhdG9yeTEMMAoGA1UECxMDUEtJMRMwEQYDVQQDEwpNSVRMTCBDQS0xAgoV
Tl7RAAAAACIgMHAGCyqGSIb3DQEJEAILMWGgXzBRMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWTUlU
IExpbmNvbG4gTGFib3JhdG9yeTEMMAoGA1UECxMDUEtJMRMwEQYDVQQDEwpNSVRMTCBDQS0xAgoV
Tl7RAAAAACIgMA0GCSqGSIb3DQEBAQUABIIBABtcxKYiEufgdDFZHcf78g5SUIj+MKwgajeHHRJ3
YrK5h1VklQYkg6rn11nV27+3DLd7/Y8WsNfxzVbVMLKQaGXFtHvEqaDDTgpTI4cXNCKvboYkUd7X
5aUwVc/EOQK28moJ/TKZfjSTEGHJnfv+nTTGPR0R/0hgGNt22gjgiDKNN4gh2uS53qgVpblaqT7c
uOGX2RbNmOtTB9j0UxRJWXFYL2Q4hWzbIkRKe/Q+CeNwR2A9nbb6Yi0KWkL4kRaLp6z2NeyU34Sm
128yqcYpELxbwMhJQNjkbAkVVZAg1PMbI8OFx5dDxNqqpqM7z6SoMv5X7xHADq6jta8+tDyJj9oA
AAAAAAA=

--Apple-Mail-56--206467168--