[secdir] draft-mcgrew-tls-aes-ccm-ecc SECDIR Review
Donald Eastlake <d3e3e3@gmail.com> Thu, 24 October 2013 15:29 UTC
Return-Path: <d3e3e3@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B83B911E8311; Thu, 24 Oct 2013 08:29:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.6
X-Spam-Level:
X-Spam-Status: No, score=-102.6 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, NO_RELAYS=-0.001, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hUiisrCOSAG3; Thu, 24 Oct 2013 08:29:47 -0700 (PDT)
Received: from mail-ob0-x234.google.com (mail-ob0-x234.google.com [IPv6:2607:f8b0:4003:c01::234]) by ietfa.amsl.com (Postfix) with ESMTP id BE3B511E8333; Thu, 24 Oct 2013 08:29:43 -0700 (PDT)
Received: by mail-ob0-f180.google.com with SMTP id wo20so2492825obc.11 for <multiple recipients>; Thu, 24 Oct 2013 08:29:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:from:date:message-id:subject:to:cc:content-type; bh=hAQEod7nX2zey8v2vWBwlTtGyZLbL/u0VFce2ZFJFd4=; b=pptdZiivX4tsr97q7rXOBpaQoTSynTwvfSNT7Za7bVHV0mwK3OPMUOtldB0i0m09eR F21hlNysVqKPcXoU/DEVsUeN3aImbc/DVIA3QmEIch7tfIFdmW/9FIcFqi12McEhBKjT 010NJWGiGnJa97XeZ+B/YZdU/XT8luXphAdy1ywd6HYoXZ+HzrY6Myk7RS/0WaQezYg3 bZPOcRHl3dLBRYjxczslWamjWeOAGP60J9iaBjNaeehxTkPQtkNwNHlNda0BswkLjWvq tRE4knTyPTvMkZv/jMiJ7yOaGRgzQnS2zBelY9VaFrWEKgj5aqhD4AJnMvuQcQMz8sY1 ixAA==
X-Received: by 10.182.80.196 with SMTP id t4mr2629383obx.1.1382628583375; Thu, 24 Oct 2013 08:29:43 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.76.33.102 with HTTP; Thu, 24 Oct 2013 08:29:23 -0700 (PDT)
From: Donald Eastlake <d3e3e3@gmail.com>
Date: Thu, 24 Oct 2013 11:29:23 -0400
Message-ID: <CAF4+nEG9nm1ycVz0gLALXEOFYA1LstuDSV9iSXAZtAGerfDGWw@mail.gmail.com>
To: "iesg@ietf.org" <iesg@ietf.org>
Content-Type: text/plain; charset="ISO-8859-1"
Cc: draft-mcgrew-tls-aes-ccm-ecc.all@tools.ietf.org, "secdir@ietf.org" <secdir@ietf.org>
Subject: [secdir] draft-mcgrew-tls-aes-ccm-ecc SECDIR Review
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Oct 2013 15:29:47 -0000
My apologies. I don't know that a review this late is useful but I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. This document specifies the use of AES and ECC in CBC-MAC Mode (CCM) for TLS 1.2. Further, it uses Ephemeral Elliptic Curve Diffie-Hellman (ECDHE) to establish keys. The document is pretty short and to the point. The Security Considerations section just mentions the benefit of "perfect forward secrecy", the burden that the counter in AES-CCM never be reused, and how that burden is met. I believe that, overall, the document adequately covers needed security considerations when one also takes into account material outside of the Security Considerations section. Question: There are a number of SHOULDs in this draft with no indication of when you might not do what is specified. For example "The client SHOULD offer the elliptic_curves extension" If the specified crypto depends on ECC, what happens if the client doesn't do that? Trivia: In standards track documents, I prefer to use "specifies" rather than "describes", for example in the abstract and introduction. Thanks, Donald ============================= Donald E. Eastlake 3rd +1-508-333-2270 (cell) 155 Beaver Street, Milford, MA 01757 USA d3e3e3@gmail.com
- [secdir] draft-mcgrew-tls-aes-ccm-ecc SECDIR Reviā¦ Donald Eastlake