Re: [secdir] Secdir review of draft-ietf-karp-crypto-key-table-08.txt

Russ Housley <housley@vigilsec.com> Wed, 07 August 2013 14:19 UTC

Return-Path: <housley@vigilsec.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 70B0321E812D; Wed, 7 Aug 2013 07:19:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.672
X-Spam-Level:
X-Spam-Status: No, score=-102.672 tagged_above=-999 required=5 tests=[AWL=-0.073, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id C9sln5F8AMpL; Wed, 7 Aug 2013 07:19:40 -0700 (PDT)
Received: from odin.smetech.net (mail.smetech.net [208.254.26.82]) by ietfa.amsl.com (Postfix) with ESMTP id E91BB21F99B8; Wed, 7 Aug 2013 07:19:37 -0700 (PDT)
Received: from localhost (unknown [208.254.26.81]) by odin.smetech.net (Postfix) with ESMTP id C4CF8F2408D; Wed, 7 Aug 2013 10:19:44 -0400 (EDT)
X-Virus-Scanned: amavisd-new at smetech.net
Received: from odin.smetech.net ([208.254.26.82]) by localhost (ronin.smetech.net [208.254.26.81]) (amavisd-new, port 10024) with ESMTP id m38pvsmPkXsc; Wed, 7 Aug 2013 10:19:25 -0400 (EDT)
Received: from [192.168.2.109] (pool-96-241-154-95.washdc.fios.verizon.net [96.241.154.95]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by odin.smetech.net (Postfix) with ESMTP id 00A03F24085; Wed, 7 Aug 2013 10:19:41 -0400 (EDT)
Mime-Version: 1.0 (Apple Message framework v1085)
Content-Type: text/plain; charset=us-ascii
From: Russ Housley <housley@vigilsec.com>
In-Reply-To: <7E1636E02F313F4BA69A428B314B77C708CA7638@xmb-aln-x12.cisco.com>
Date: Wed, 7 Aug 2013 10:19:28 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <9D8F4DC5-30E2-4E21-B28C-C44DA6105A5F@vigilsec.com>
References: <7E1636E02F313F4BA69A428B314B77C708CA7638@xmb-aln-x12.cisco.com>
To: Klaas Wierenga (kwiereng) <kwiereng@cisco.com>
X-Mailer: Apple Mail (2.1085)
Cc: "secdir@ietf.org" <secdir@ietf.org>, The IESG <iesg@ietf.org>, "draft-ietf-karp-crypto-key-table.all@tools.ietf.org" <draft-ietf-karp-crypto-key-table.all@tools.ietf.org>
Subject: Re: [secdir] Secdir review of draft-ietf-karp-crypto-key-table-08.txt
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Aug 2013 14:19:45 -0000

Klaas:

The property you describe depends on the inputs to the KDF, not just the definition of the function.

Notice that an IANA registry is defined, and each entry should point to a definition of the function.

Russ


On Aug 7, 2013, at 9:52 AM, Klaas Wierenga (kwiereng) wrote:

> Hi,
> 
> After having reviewed version 07, I have only one (minor) nit for version 8, you write:
> 
> KDF: A key
>       derivation function is a one-way function that provides
>       cryptographic separation of key material.  The KDF MAY use
>       inputs from the row in the key table and the message being sent
>       or received but MUST NOT depend on other configuration state.
> 
> I wonder whether that definition is correct. I have always considered forwarding secrecy a desirable but not necessary property for KDF's. For example the key may not have the necessary properties so a transformation may be needed (could be as simple as padding until a certain length). But if you can point me to a definition that includes one-way I stand corrected.
> 
> Klaas
> _______________________________________________
> secdir mailing list
> secdir@ietf.org
> https://www.ietf.org/mailman/listinfo/secdir
> wiki: http://tools.ietf.org/area/sec/trac/wiki/SecDirReview