[secdir] Secdir last call review of draft-ietf-cose-aes-ctr-and-cbc-04
Daniel Migault via Datatracker <noreply@ietf.org> Tue, 16 May 2023 18:22 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: secdir@ietf.org
Delivered-To: secdir@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id BD245C16B5C6; Tue, 16 May 2023 11:22:19 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: Daniel Migault via Datatracker <noreply@ietf.org>
To: secdir@ietf.org
Cc: cose@ietf.org, draft-ietf-cose-aes-ctr-and-cbc.all@ietf.org, last-call@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 10.3.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <168426133976.16012.18353276769573616615@ietfa.amsl.com>
Reply-To: Daniel Migault <daniel.migault@ericsson.com>
Date: Tue, 16 May 2023 11:22:19 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/i1mBNVBu2721rTcvZ3wUrgRzqHc>
Subject: [secdir] Secdir last call review of draft-ietf-cose-aes-ctr-and-cbc-04
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.39
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 May 2023 18:22:19 -0000
Reviewer: Daniel Migault Review result: Ready Reviewer: Daniel Migault Review result: Ready I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other section 4 AES counter mode In "AES encryption of (IV +1) mod 2^128" I am wondering if "mod 2^128" is needed as I see the encryption returning a 128 bit block. That said we understand why it is there, it is more that I am curious if there is any reason. I am also wondering if we should mention the IV + i is called the counter block as this is mentioned in section 8. The following text sounded cryptic to me until I reached section 6. I suspect that adding a reference to section 6 might be useful. The same comment applies for CBC. """ Since AES-CTR cannot provide integrity protection for external additional authenticated data, the decryptor MUST ensure that no external additional authenticated data was supplied. """ section 4.2. AES-CTR COSE Algorithm Identifiers In the title “Algoritm” needs to be changed. It is surprising to define a "Deprecated", but the note provides the rationale. I am wondering if that rationale could be also mentioned in the IANA page - this is just a suggestion. section 5. AES Cipher Block Chaining Mode I believe that another reason for using integrity protection is the vulnerability to padding oracle.
- [secdir] Secdir last call review of draft-ietf-co… Daniel Migault via Datatracker
- Re: [secdir] Secdir last call review of draft-iet… Russ Housley
- Re: [secdir] Secdir last call review of draft-iet… Daniel Migault