[secdir] Secdir last call review of draft-ietf-curdle-ssh-ed25519-ed448-07

Catherine Meadows <catherine.meadows@nrl.navy.mil> Fri, 28 December 2018 17:35 UTC

Return-Path: <catherine.meadows@nrl.navy.mil>
X-Original-To: secdir@ietf.org
Delivered-To: secdir@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 3AFD313100F; Fri, 28 Dec 2018 09:35:34 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: Catherine Meadows <catherine.meadows@nrl.navy.mil>
To: <secdir@ietf.org>
Cc: draft-ietf-curdle-ssh-ed25519-ed448.all@ietf.org, curdle@ietf.org, ietf@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.89.2
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <154601853411.21528.4173984200093785499@ietfa.amsl.com>
Date: Fri, 28 Dec 2018 09:35:34 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/TkL0yM7J1AoYBF4BkWm7CQSBPIA>
Subject: [secdir] Secdir last call review of draft-ietf-curdle-ssh-ed25519-ed448-07
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Dec 2018 17:35:35 -0000

Reviewer: Catherine Meadows
Review result: Has Nits

This draft specifies the use of the digital signature algorithms Ed25519 and
Ed448 in the SSH protocol.  Most of this,  except for syntactic features such
as formats and names, can be found in other RFC’s, and the appropriate
references are given.  The Security Considerations are also given by reference
to RFC4241 (security considerations for SSH) and RFC8032 and RFC7479 (for
Ed25519 and Ed448).  These security considerations sections are very thorough
and I don’t see any need for any additions.

A nit:
The paragraph

This document describes the method implemented by OpenSSH and others,
 and formalizes its use of the name "ssh-ed25519". Additionally, it
 also describes the use of Ed448 and formalizes its use of the name
 "ssh-ed448".

Would be clearer as

This document describes the Ed25519 method implemented by OpenSSH and others,
 and formalizes its use of the name "ssh-ed25519". Additionally, it
 also describes the use of Ed448 and formalizes its use of the name
 "ssh-ed448”.