[secdir] Secdir last call review of draft-ietf-dcrup-dkim-crypto-12

Paul Wouters <paul@nohats.ca> Mon, 11 June 2018 16:58 UTC

Return-Path: <paul@nohats.ca>
X-Original-To: secdir@ietf.org
Delivered-To: secdir@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 51CFC130E76; Mon, 11 Jun 2018 09:58:35 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Paul Wouters <paul@nohats.ca>
To: <secdir@ietf.org>
Cc: dcrup@ietf.org, ietf@ietf.org, draft-ietf-dcrup-dkim-crypto.all@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.81.2
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <152873631529.2793.6649645368844625316@ietfa.amsl.com>
Date: Mon, 11 Jun 2018 09:58:35 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/WhJNBKOtx3-vJl2Yi1BDmY2GjmQ>
Subject: [secdir] Secdir last call review of draft-ietf-dcrup-dkim-crypto-12
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.26
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Jun 2018 16:58:36 -0000

Reviewer: Paul Wouters
Review result: Has Nits

I believe the [FIPS-180-4-2015] reference should be replaced with a reference
to RFC-6376

Remove or indicate the RFC Editor should remove the following text:

      Discussion Venue:    Discussion about this draft is directed to the
      dcrup@ietf.org [1] mailing list.

This sentence doesn't parse easily:

     This is an additional DKIM signature algorithm added to Section 3.3
   of [RFC6376] as envisioned in Section 3.3.4 of [RFC6376].

It should simply say something like "This document adds an additional key
algorithm type to the DKIM Key Type Registry and a new signature type to the
DKIM Hash Algorithms Registry"

This text reads a little odd:

   Ed25519 is a widely used cryptographic technique, so the security of
   DKIM signatures using new signing algorithms should be at least as
   good as those using old algorithms.

It seems to suggest that being "widely used" is a guarantee for being "at least
as good as older stuff". Better would be to just point to the Security
Considerations of RFC 8032

Section 4 and 8 have an introductory lines that says "update as follows"
followed by a dot instead of a colon. That is a little confusing to the reader,
as if some text is missing before the dot.