IETF Logo Mail Archive

Re: [secdir] Secdir last call review of draft-ietf-ipsecme-qr-ikev2-09

Uri Blumenthal <uri@mit.edu> Wed, 25 December 2019 11:57 UTC

Return-Path: <uri@mit.edu>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1CC3112082E; Wed, 25 Dec 2019 03:57:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.199
X-Spam-Level:
X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fEFU3pPeOt1L; Wed, 25 Dec 2019 03:57:41 -0800 (PST)
Received: from outgoing-exchange-5.mit.edu (outgoing-exchange-5.mit.edu [18.9.28.59]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BC58A12004A; Wed, 25 Dec 2019 03:57:40 -0800 (PST)
Received: from w92exedge4.exchange.mit.edu (W92EXEDGE4.EXCHANGE.MIT.EDU [18.7.73.16]) by outgoing-exchange-5.mit.edu (8.14.7/8.12.4) with ESMTP id xBPBxhLp019915; Wed, 25 Dec 2019 06:59:44 -0500
Received: from oc11expo31.exchange.mit.edu (18.9.4.104) by w92exedge4.exchange.mit.edu (18.7.73.16) with Microsoft SMTP Server (TLS) id 15.0.1293.2; Wed, 25 Dec 2019 06:56:01 -0500
Received: from oc11expo31.exchange.mit.edu (18.9.4.104) by oc11expo31.exchange.mit.edu (18.9.4.104) with Microsoft SMTP Server (TLS) id 15.0.1365.1; Wed, 25 Dec 2019 06:57:32 -0500
Received: from oc11expo31.exchange.mit.edu ([18.9.4.104]) by oc11expo31.exchange.mit.edu ([18.9.4.104]) with mapi id 15.00.1365.000; Wed, 25 Dec 2019 06:57:32 -0500
From: Uri Blumenthal <uri@mit.edu>
To: Valery Smyslov <svan@elvis.ru>
CC: Watson Ladd <watsonbladd@gmail.com>, "ipsec@ietf.org" <ipsec@ietf.org>, "last-call@ietf.org" <last-call@ietf.org>, "draft-ietf-ipsecme-qr-ikev2.all@ietf.org" <draft-ietf-ipsecme-qr-ikev2.all@ietf.org>, secdir <secdir@ietf.org>
Thread-Topic: [secdir] Secdir last call review of draft-ietf-ipsecme-qr-ikev2-09
Thread-Index: AQHVutgQJ9+wavcRBECx2knvNxQEcqfKlyyAgAAmsQCAAFU9gA==
Date: Wed, 25 Dec 2019 11:57:32 +0000
Message-ID: <70FA58C0-97E1-4F76-B88B-A28101A46069@mit.edu>
References: <02c101d5baef$de2cdd90$9a8698b0$@elvis.ru>
In-Reply-To: <02c101d5baef$de2cdd90$9a8698b0$@elvis.ru>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
Content-Type: multipart/signed; boundary="Apple-Mail-D2EEC21A-E3BF-4669-B023-977D9FB8468C"; protocol="application/pkcs7-signature"; micalg="sha-256"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/VSANULneTzcJXu3AywO2HnTwUdU>
Subject: Re: [secdir] Secdir last call review of draft-ietf-ipsecme-qr-ikev2-09
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Dec 2019 11:57:43 -0000

NIST standards are mandatory for a subset of US citizens. But enough of businesses outside the US pay attention to what NIST says to make adding the reference relevant and useful.

> On Dec 25, 2019, at 01:52, Valery Smyslov <svan@elvis.ru> wrote:
> 
> 
> Hi Watson,
>  
> thank you for spending your time on this review in Christmas Eve.
>  
> The capitalization issue has been already noticed and fixed.
>  
> I’m not sure the draft should mention NIST levels, because
> they are relevant mostly for US customers. I think that
> generic recommendations on key sizes are more appropriate
> for this document.
>  
> Regards,
> Valery.
>  
> Damn misclick. I meant With Nits.
>  
> On Tue, Dec 24, 2019 at 8:02 PM Watson Ladd via Datatracker <noreply@ietf.org> wrote:
> Reviewer: Watson Ladd
> Review result: Not Ready
> 
> Twas the night before Christmas
> when all through the house
> someone was desperately trying to get a review done on time.
> 
> I didn't see anything wrong per se in the draft itself, but I found the
> capitalization of quantum computer an odd choice. IKEv2 is a complicated
> protocol, and I am not 100% sure that this draft does what we want it to: It
> would be great if someone could check very carefully in some symbolic model,
> ala what has been done in TLS. The guidance on sizes seems to rule out NIST
> level 1, but not any higher levels: might be worth calling out this explicitly.
> 
> _______________________________________________
> secdir mailing list
> secdir@ietf.org
> https://www.ietf.org/mailman/listinfo/secdir
> wiki: http://tools.ietf.org/area/sec/trac/wiki/SecDirReview
> 
> 
> --
> "Man is born free, but everywhere he is in chains".
> --Rousseau.
> _______________________________________________
> secdir mailing list
> secdir@ietf.org
> https://www.ietf.org/mailman/listinfo/secdir
> wiki: http://tools.ietf.org/area/sec/trac/wiki/SecDirReview

v2.23.0 | Report a Bug | By Email