Re: [secdir] Secdir review of draft-herzog-static-ecdh-05

Brian Weis <bew@cisco.com> Wed, 09 March 2011 18:52 UTC

Return-Path: <bew@cisco.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 562A73A6928; Wed, 9 Mar 2011 10:52:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -109.848
X-Spam-Level:
X-Spam-Status: No, score=-109.848 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8, SARE_OBFU_ALL=0.751, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mYXsIzA-R2NI; Wed, 9 Mar 2011 10:52:34 -0800 (PST)
Received: from sj-iport-2.cisco.com (sj-iport-2.cisco.com [171.71.176.71]) by core3.amsl.com (Postfix) with ESMTP id 2FF703A680F; Wed, 9 Mar 2011 10:52:34 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=bew@cisco.com; l=2579; q=dns/txt; s=iport; t=1299696831; x=1300906431; h=subject:mime-version:from:in-reply-to:date:cc: content-transfer-encoding:message-id:references:to; bh=DJS5GD5NprxL3G9pFnIdfVFeo3B+W/gzDiK0v2Fdj3M=; b=l96OKQmoC2avz4oIwLUtEJdheZudqqLkf8k9BqrbWp6aoxuhPIQ52BUD HdvbjGsyqKxHr5zhv5By1qWu6dWJR0tGbIerBZJWmRarVku+pMf4gJu3O ihL9K/PHlTRaOz/Rh6O4hF2CMJI09+n8bh33PPLOvNiuirOAk5xhfEPEZ k=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AvsEAP5bd02rR7Hu/2dsb2JhbACmcHSnM5xRgxiCTQSFIocYjCk
X-IronPort-AV: E=Sophos;i="4.62,291,1297036800"; d="scan'208";a="318641062"
Received: from sj-core-5.cisco.com ([171.71.177.238]) by sj-iport-2.cisco.com with ESMTP; 09 Mar 2011 18:53:50 +0000
Received: from dhcp-128-107-111-194.cisco.com (dhcp-128-107-111-194.cisco.com [128.107.111.194]) by sj-core-5.cisco.com (8.13.8/8.14.3) with ESMTP id p29Iro7e018228; Wed, 9 Mar 2011 18:53:50 GMT
Mime-Version: 1.0 (Apple Message framework v1082)
Content-Type: text/plain; charset=us-ascii
From: Brian Weis <bew@cisco.com>
In-Reply-To: <FFD02A42-A10C-4AE7-A763-5C2D1E1DFADA@ll.mit.edu>
Date: Wed, 9 Mar 2011 10:53:50 -0800
Content-Transfer-Encoding: quoted-printable
Message-Id: <BA430CB6-FA7D-4A56-82CF-B72F0857C586@cisco.com>
References: <D858A225-D1D1-497D-BA40-A66D3F55AD57@cisco.com> <552BBAA9-712F-49B4-8A5F-C671C3817C05@ll.mit.edu> <AA323705-436C-4B71-8B51-D2CA9E4E140C@cisco.com> <47CF9528-81A1-49D7-8D4B-B1DCC136581E@ll.mit.edu> <3E69AF7B-D325-4FC5-A003-FEBA1997D67E@cisco.com> <FFD02A42-A10C-4AE7-A763-5C2D1E1DFADA@ll.mit.edu>
To: "Herzog, Jonathan - 0668 - MITLL" <jherzog@ll.mit.edu>
X-Mailer: Apple Mail (2.1082)
Cc: "draft-herzog-static-ecdh@tools.ietf.org" <draft-herzog-static-ecdh@tools.ietf.org>, "iesg@ietf.org" <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
Subject: Re: [secdir] Secdir review of draft-herzog-static-ecdh-05
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Mar 2011 18:52:35 -0000

Hi Jonathan,

No objections.

Thanks,
Brian

On Mar 9, 2011, at 10:34 AM, Herzog, Jonathan - 0668 - MITLL wrote:

> 
> On Mar 8, 2011, at 12:13 PM, Brian Weis wrote:
> 
>>>>> 
>>>>>> 2. Reference [SEC1] is heavily referenced in this document, for both a definition of ECDH and specific methods for using ECDH. But it would be good to also mention RFC 6090, which is the best IETF document describing ECDH.
>>>>> 
>>>>> I was not previous aware of this RFC-- my bad. I have added it as an informative reference, but continued to refer to [Sec1] as the normative reference for the ECDH operation. Or do you think that RFC 6090 should be the normative reference?
>>>> 
>>>> I would suggesting using RFC 6090 for a normative reference to ECDH if you need such a reference. But I don't believe RFC 6090 discusses static-static consideration or issues at all, so for that [Sec1] seems to be the appropriate normative reference.
>>> 
>>> I'm a little uneasy with using RFC 6090 as a normative reference for ECDH, as my impression is that the rest of CMS uses SEC1 as the normative reference. (See RFC 5753.) This may be because RFC 6090 is so new, but I'm worried that switching to RFC 6090 as the normative reference for ECDH will introduce subtle incompatibilities.
>>> 
>>> Also, RFC 6090 doesn't seem to include the cofactor ECDH operation (I think), or the use of the SharedInfo/ukm value.
>>> 
>>> Given this, do you mind if I keep SEC1 as normative and use RFC 6090 as informative?
>> 
>> Sure, that's fine.
> 
> 
> I've thought a little more about this, and change my proposal to:
> 
> * Reference RFC 6090 for ECDH in general, but
> * SEC1 for co-factor ECDH, the public-key validation primitives, and the key-derivation function (KDF).
> 
> Unfortunately, none of those algorithms in the second bullet are present in RFC 6090. (Though the security considerations of RFC 6090 discuss why one would want to validate public keys, it doesn't describe how to do so.)
> 
> 
> Any objections?
> 
> Thanks.
> -- 
> Jonathan Herzog							voice:  (781) 981-2356
> Technical Staff							fax:    (781) 981-7687
> Cyber Systems and Technology Group		email:  jherzog@ll.mit.edu
> MIT Lincoln Laboratory               			www:    http://www.ll.mit.edu/CST/
> 244 Wood Street    
> Lexington, MA 02420-9185
> 


-- 
Brian Weis
Security Standards and Technology, ARTG, Cisco Systems
Telephone: +1 408 526 4796
Email: bew@cisco.com