Re: [secdir] Secdir last call review of draft-ietf-ipsecme-qr-ikev2-09

Valery Smyslov <svan@elvis.ru> Wed, 25 December 2019 06:52 UTC

Return-Path: <svan@elvis.ru>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6C56012011F; Tue, 24 Dec 2019 22:52:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Y31XMX6KaiWO; Tue, 24 Dec 2019 22:52:27 -0800 (PST)
Received: from akmail.elvis.ru (akmail.elvis.ru [82.138.51.97]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 85DDC120045; Tue, 24 Dec 2019 22:52:27 -0800 (PST)
Received: from kmail2.elvis.ru ([93.188.44.210]) by akmail.elvis.ru with esmtp (Exim 4.89) (envelope-from <svan@elvis.ru>) id 1ik0Wu-0001cR-53; Wed, 25 Dec 2019 09:52:24 +0300
Received: from mail16.office.elvis.ru ([10.111.1.29] helo=mail.office.elvis.ru) by kmail2.elvis.ru with esmtp (Exim 4.89) (envelope-from <svan@elvis.ru>) id 1ik0Wt-0002m8-FI; Wed, 25 Dec 2019 09:52:24 +0300
Received: from MAIL16.office.elvis.ru (10.111.1.29) by MAIL16.office.elvis.ru (10.111.1.29) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1779.2; Wed, 25 Dec 2019 09:52:23 +0300
Received: from buildpc (10.111.10.33) by MAIL16.office.elvis.ru (10.111.1.29) with Microsoft SMTP Server id 15.1.1779.2 via Frontend Transport; Wed, 25 Dec 2019 09:52:23 +0300
From: Valery Smyslov <svan@elvis.ru>
To: 'Watson Ladd' <watsonbladd@gmail.com>
CC: 'secdir' <secdir@ietf.org>, ipsec@ietf.org, last-call@ietf.org, draft-ietf-ipsecme-qr-ikev2.all@ietf.org
References: <157724651034.19353.11323639071881214460@ietfa.amsl.com> <CACsn0ckGSZUjKBfv29CmA+QSu-xPc6OHe6AvB854s-bUtbbjjA@mail.gmail.com>
In-Reply-To: <CACsn0ckGSZUjKBfv29CmA+QSu-xPc6OHe6AvB854s-bUtbbjjA@mail.gmail.com>
Date: Wed, 25 Dec 2019 09:52:26 +0300
Message-ID: <02c101d5baef$de2cdd90$9a8698b0$@elvis.ru>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_02C2_01D5BB09.037B2700"
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQHAI3dxdU4nCxDkFGYNjlyUdbESogLEWRy+p99zWWA=
Content-Language: ru
X-CrossPremisesHeadersFilteredBySendConnector: MAIL16.office.elvis.ru
X-OrganizationHeadersPreserved: MAIL16.office.elvis.ru
X-Spam-Scanner: Rspamd work in kmail2.elvis.ru, WHITELIST
X-KLMS-Rule-ID: 1
X-KLMS-Message-Action: clean
X-KLMS-AntiSpam-Status: not scanned, disabled by settings
X-KLMS-AntiPhishing: Clean, bases: 2019/12/25 05:40:00
X-KLMS-AntiVirus: Kaspersky Security for Linux Mail Server, version 8.0.3.30, bases: 2019/12/25 05:12:00 #14885698
X-KLMS-AntiVirus-Status: Clean, skipped
X-Spam-Scanner: Rspamd work in akmail.elvis.ru, WHITELIST
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/XRVDUcIPxhkFYUhOzqBAMIul9z4>
Subject: Re: [secdir] Secdir last call review of draft-ietf-ipsecme-qr-ikev2-09
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Dec 2019 06:52:31 -0000

Hi Watson,

 

thank you for spending your time on this review in Christmas Eve.

 

The capitalization issue has been already noticed and fixed.

 

I’m not sure the draft should mention NIST levels, because 

they are relevant mostly for US customers. I think that 

generic recommendations on key sizes are more appropriate

for this document.

 

Regards,

Valery.

 

Damn misclick. I meant With Nits.

 

On Tue, Dec 24, 2019 at 8:02 PM Watson Ladd via Datatracker <noreply@ietf.org> wrote:

Reviewer: Watson Ladd
Review result: Not Ready

Twas the night before Christmas
when all through the house
someone was desperately trying to get a review done on time.

I didn't see anything wrong per se in the draft itself, but I found the
capitalization of quantum computer an odd choice. IKEv2 is a complicated
protocol, and I am not 100% sure that this draft does what we want it to: It
would be great if someone could check very carefully in some symbolic model,
ala what has been done in TLS. The guidance on sizes seems to rule out NIST
level 1, but not any higher levels: might be worth calling out this explicitly.

_______________________________________________
secdir mailing list
secdir@ietf.org
https://www.ietf.org/mailman/listinfo/secdir
wiki: http://tools.ietf.org/area/sec/trac/wiki/SecDirReview



-- 

"Man is born free, but everywhere he is in chains".
--Rousseau.