[secdir] Secdir last call review of draft-ietf-dcrup-dkim-crypto-12
Paul Wouters <paul@nohats.ca> Mon, 11 June 2018 16:58 UTC
Return-Path: <paul@nohats.ca>
X-Original-To: secdir@ietf.org
Delivered-To: secdir@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 51CFC130E76; Mon, 11 Jun 2018 09:58:35 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Paul Wouters <paul@nohats.ca>
To: secdir@ietf.org
Cc: dcrup@ietf.org, ietf@ietf.org, draft-ietf-dcrup-dkim-crypto.all@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.81.2
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <152873631529.2793.6649645368844625316@ietfa.amsl.com>
Date: Mon, 11 Jun 2018 09:58:35 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/WhJNBKOtx3-vJl2Yi1BDmY2GjmQ>
Subject: [secdir] Secdir last call review of draft-ietf-dcrup-dkim-crypto-12
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.26
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Jun 2018 16:58:36 -0000
Reviewer: Paul Wouters Review result: Has Nits NITS: I believe the [FIPS-180-4-2015] reference should be replaced with a reference to RFC-6376 Remove or indicate the RFC Editor should remove the following text: Discussion Venue: Discussion about this draft is directed to the dcrup@ietf.org [1] mailing list. This sentence doesn't parse easily: This is an additional DKIM signature algorithm added to Section 3.3 of [RFC6376] as envisioned in Section 3.3.4 of [RFC6376]. It should simply say something like "This document adds an additional key algorithm type to the DKIM Key Type Registry and a new signature type to the DKIM Hash Algorithms Registry" This text reads a little odd: Ed25519 is a widely used cryptographic technique, so the security of DKIM signatures using new signing algorithms should be at least as good as those using old algorithms. It seems to suggest that being "widely used" is a guarantee for being "at least as good as older stuff". Better would be to just point to the Security Considerations of RFC 8032 Section 4 and 8 have an introductory lines that says "update as follows" followed by a dot instead of a colon. That is a little confusing to the reader, as if some text is missing before the dot.
- [secdir] Secdir last call review of draft-ietf-dc… Paul Wouters