IETF Logo Mail Archive

[secdir] review of draft-ietf-tls-negotiated-ff-dhe-08

"Klaas Wierenga (kwiereng)" <kwiereng@cisco.com> Thu, 07 May 2015 13:17 UTC

Return-Path: <kwiereng@cisco.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C21EE1A8AD1; Thu, 7 May 2015 06:17:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.511
X-Spam-Level:
X-Spam-Status: No, score=-14.511 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bNsm8N3bexKS; Thu, 7 May 2015 06:17:38 -0700 (PDT)
Received: from rcdn-iport-7.cisco.com (rcdn-iport-7.cisco.com [173.37.86.78]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 54C8C1A6EDA; Thu, 7 May 2015 06:17:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=1064; q=dns/txt; s=iport; t=1431004659; x=1432214259; h=from:to:subject:date:message-id:content-id: content-transfer-encoding:mime-version; bh=2GxEvgWJLil0HQRAkRGxHrrTjR1R67bUm5ven1hFR2A=; b=Wu1H08kfHjlbnj21ztxMDUltHNYB55/8SDWNm1O3MFyiYj2QdEe6sMNg 5ZoycXZZpqRZYr9bje4bjPgH+sgXa6tAL2lidElopA0fQ2H96/C8qPvWB peO1x8JHkncyGB/uCOOtAUoiau3Z5VTMJyHHkxSz3CT43N1zIKNxGI3ss k=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0AEBgB/ZUtV/40NJK1TCYMMgTiDGMFZiGiBE0wBAQEBAQGBC4QnIxFXASICJgIEMBUSBAGIPrJukywBAQEBAQEBAwEBAQEBARyBIYoYhCmDSy+BFgWSKIpYljkjg3aCM4EBAQEB
X-IronPort-AV: E=Sophos;i="5.13,384,1427760000"; d="scan'208";a="417778614"
Received: from alln-core-8.cisco.com ([173.36.13.141]) by rcdn-iport-7.cisco.com with ESMTP; 07 May 2015 13:17:38 +0000
Received: from xhc-aln-x02.cisco.com (xhc-aln-x02.cisco.com [173.36.12.76]) by alln-core-8.cisco.com (8.14.5/8.14.5) with ESMTP id t47DHbN6013649 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Thu, 7 May 2015 13:17:37 GMT
Received: from xmb-aln-x12.cisco.com ([169.254.7.13]) by xhc-aln-x02.cisco.com ([173.36.12.76]) with mapi id 14.03.0195.001; Thu, 7 May 2015 08:17:37 -0500
From: "Klaas Wierenga (kwiereng)" <kwiereng@cisco.com>
To: "draft-ietf-tls-negotiated-ff-dhe.all@tools.ietf.org" <draft-ietf-tls-negotiated-ff-dhe.all@tools.ietf.org>, "iesg@ietf.org" <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
Thread-Topic: review of draft-ietf-tls-negotiated-ff-dhe-08
Thread-Index: AQHQiMgvmSULQh6VmEaMnu41Pd07zA==
Date: Thu, 07 May 2015 13:17:37 +0000
Message-ID: <B3C0DBCF-047A-42F8-BED4-1F0A9575CEEA@cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.61.97.85]
Content-Type: text/plain; charset="utf-8"
Content-ID: <A77A6A4B67E1244C9D63C25E6D3D9A19@emea.cisco.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/QJ7LEXG2qnh9qeH9CYgXhsfZLr8>
Subject: [secdir] review of draft-ietf-tls-negotiated-ff-dhe-08
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 May 2015 13:17:39 -0000

Hi,

I have reviewed this document as part of the security directorate's 
ongoing effort to review all IETF documents being processed by the 
IESG.  These comments were written primarily for the benefit of the 
security area directors.  Document editors and WG chairs should treat 
these comments just like any other last call comments.

This document modifies TLS to use a section of the “EC Named Curves” registry to advertise support for common Finite Field Diffie Hellman group parameters.

I believe the document is ready for publication.

The document is clear and I believe the approach makes sense and is potentially very helpful in establishing sensible group parameters.


--
Klaas Wierenga
Identity Architect
Cisco Cloud Services

v2.23.0 | Report a Bug | By Email