IETF Logo Mail Archive

Re: [secdir] secdir review of draft-moonesamy-sshfp-ed25519-01

"Joseph Salowey (jsalowey)" <jsalowey@cisco.com> Tue, 27 May 2014 04:37 UTC

Return-Path: <jsalowey@cisco.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EA2C01A036D; Mon, 26 May 2014 21:37:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -15.152
X-Spam-Level:
X-Spam-Status: No, score=-15.152 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.651, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id d25Qi407vjUP; Mon, 26 May 2014 21:37:50 -0700 (PDT)
Received: from alln-iport-5.cisco.com (alln-iport-5.cisco.com [173.37.142.92]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 155ED1A0363; Mon, 26 May 2014 21:37:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=1392; q=dns/txt; s=iport; t=1401165467; x=1402375067; h=from:to:subject:date:message-id:references:in-reply-to: content-id:content-transfer-encoding:mime-version; bh=Vk9oJ0Tc0y4ovTrmVBGjgfFSg/2qXG0s+jObsLjU4qY=; b=jscdqXwP0iTUNpMS0Pr0ai/DyCeE97P6MQ+UAxKiIVV9QHQat4KemNeh s9bjmV/1AZVEw8oAbgIM8f3gHbxLRmSkOK066NN+S55aYyyA+77mXo9I6 FbYHHrwcSAYsCW7nmo0GtIQPNrEPVOzYtBjASYSdBMAZkZDD58MrwOJyC E=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AhMFAL0VhFOtJV2P/2dsb2JhbABZgweBKsIVAYEMFnSCJQEBAQMBOkQLAgEINhAyJQIEARKIOgjUGReOHzqDK4EVAQOZc5MngziCLw
X-IronPort-AV: E=Sophos;i="4.98,916,1392163200"; d="scan'208";a="47455761"
Received: from rcdn-core-7.cisco.com ([173.37.93.143]) by alln-iport-5.cisco.com with ESMTP; 27 May 2014 04:37:46 +0000
Received: from xhc-rcd-x04.cisco.com (xhc-rcd-x04.cisco.com [173.37.183.78]) by rcdn-core-7.cisco.com (8.14.5/8.14.5) with ESMTP id s4R4bkEK020397 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Tue, 27 May 2014 04:37:46 GMT
Received: from xmb-rcd-x09.cisco.com ([169.254.9.239]) by xhc-rcd-x04.cisco.com ([fe80::200:5efe:173.37.183.34%12]) with mapi id 14.03.0123.003; Mon, 26 May 2014 23:37:46 -0500
From: "Joseph Salowey (jsalowey)" <jsalowey@cisco.com>
To: "<secdir@ietf.org>" <secdir@ietf.org>, "draft-moonesamy-sshfp-ed25519.all@tools.ietf.org" <draft-moonesamy-sshfp-ed25519.all@tools.ietf.org>, "iesg@ietf.org IESG" <iesg@ietf.org>
Thread-Topic: secdir review of draft-moonesamy-sshfp-ed25519-01
Thread-Index: AQHPeWUfo5K1BZN1JUqd29NR7Q9teZtUK+AA
Date: Tue, 27 May 2014 04:37:45 +0000
Message-ID: <09CA9BB8-E476-40B3-BEB3-FA3BB20FDAA8@cisco.com>
References: <2ACBFFE4-BCEB-4F6D-A2D3-861BADF543DE@cisco.com>
In-Reply-To: <2ACBFFE4-BCEB-4F6D-A2D3-861BADF543DE@cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.33.248.116]
Content-Type: text/plain; charset="us-ascii"
Content-ID: <1D2A5B0EA26C5541A60F533C3EE44681@emea.cisco.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/secdir/OwHPu_0c_QCYmBS3AhGJVRoeZSQ
Subject: Re: [secdir] secdir review of draft-moonesamy-sshfp-ed25519-01
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 May 2014 04:37:52 -0000

<resending to include the IESG>
On May 26, 2014, at 9:35 PM, Joe Salowey <jsalowey@cisco.com> wrote:

> I have reviewed this document as part of the security directorate's 
> ongoing effort to review all IETF documents being processed by the 
> IESG.  These comments were written primarily for the benefit of the 
> security area directors.  Document editors and WG chairs should treat 
> these comments just like any other last call comments.
> 
> This document defines an SSHFP DNS record for ED25519 signature algorithm.  The document is ready with issues:
> 
> 1)  This document describes how to store the fingerprint of a public key that can be used with the ed25519 signature algorithm.  I do not see any reference as to how to use the ed25519 signature algorithm in SSH.  Perhaps I am missing a reference somewhere, but it really seems that the use of the signature algorithm in SSH should be defined somewhere, preferably in an IETF document.  I so not see the point of publishing the SSHFP record document without some reference as to how it will be used. 
> 
> 2)  The examples in RFC 6594 include the OpenSSH formatted key that is decoded and hashed to obtain the resulting fingerprint.  It would be better if the draft followed this aspect of 6594 and included the key used to generate the fingerprint.  
> 
> Joe

v2.23.0 | Report a Bug | By Email