[secdir] SECDIR review of draft-ietf-ipsecme-rfc4307bis-15

Phillip Hallam-Baker <phill@hallambaker.com> Wed, 18 January 2017 02:24 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8C49A1289B0; Tue, 17 Jan 2017 18:24:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.597
X-Spam-Level:
X-Spam-Status: No, score=-2.597 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.001, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tuCg7ZW46afG; Tue, 17 Jan 2017 18:24:57 -0800 (PST)
Received: from mail-wm0-x22a.google.com (mail-wm0-x22a.google.com [IPv6:2a00:1450:400c:c09::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 14CF112961D; Tue, 17 Jan 2017 18:24:54 -0800 (PST)
Received: by mail-wm0-x22a.google.com with SMTP id c85so225914314wmi.1; Tue, 17 Jan 2017 18:24:53 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:from:date:message-id:subject:to; bh=gWW+ORhv5pfWRrTld1jhk5mQwdiRsr1s9nvLWFEq2mQ=; b=YJvcTCW65v+opS72tu7+uVfv9yLuczjkh5zmQt2LClArgJwsgpkJ8DipU09DBGPFJ2 LhGdN1ki4VqMFVjM3dJ65t4WHKHIC/55V5M6vf2i7PrmmCGe2AF4L8u/IEO9Y/MhYfPF j0LLqInpn7e3KFStU6FMEmcH6YiYr7w7INu99RknH/zKscE8nBGIjMdmxfOjiKwwuu3n g3iSR2UML0rw5Cr7Tzv9ODIVsjgmip4F3UuifNtlVCDGqXLnsqg03PAGb74Ter8df8re Dz39SRJ5sY2xHyUKFLKXLGu3VwJFYhC1WjGmZFiAdkYK7BPjBxLlfyeDYLap3/C/khGF k8XQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:from:date:message-id:subject :to; bh=gWW+ORhv5pfWRrTld1jhk5mQwdiRsr1s9nvLWFEq2mQ=; b=oYZ9q47hMn1wVw48Kiy4F+5cPK4Ta88Cue+d4zqj4ZludKdPqvLEsGFOA2MAVDtLHl CMamMOtckSJk8mNouFxOOktljD4jD2lPVq32jq4xPXKBRkXc3t3N1l9kEuzT5VAsT5q9 EwHVatgJCiGpsC7vI9VJ857Ja3MvYVtXmRDJlkhYQ9MdgeX0+wCfrT8Iyzq3fHrfy4F0 ZUkYK6iizHO8KOlHGD54axnEXPq1FpFDUEaZaVXwyJP74pbyR5j+WxWud7OrftFRzFHv tGfgkI+uJNEDXZhceczHPhb5s2f1Z6cesfNSwMokBbm9eBWfaNAp5IEsU6qjsrxG7X2l oRBQ==
X-Gm-Message-State: AIkVDXIyuZ31SO84sXShtcNqemD4L6+zgl5tbeOzINNgbCJtrFckC0qaOWcdZK+q6ChAnRCwEjuuv+qzWlNJRw==
X-Received: by 10.28.211.200 with SMTP id k191mr705546wmg.137.1484706292391; Tue, 17 Jan 2017 18:24:52 -0800 (PST)
MIME-Version: 1.0
Sender: hallam@gmail.com
Received: by 10.194.221.6 with HTTP; Tue, 17 Jan 2017 18:24:51 -0800 (PST)
From: Phillip Hallam-Baker <phill@hallambaker.com>
Date: Tue, 17 Jan 2017 21:24:51 -0500
X-Google-Sender-Auth: d5i-OefvSymdxrZy5AWLU2a1IeI
Message-ID: <CAMm+Lwi7EnH0tMPS5+CX_-xZMKEr08vtN0207biWxMik4V-XZw@mail.gmail.com>
To: draft-ietf-ipsecme-rfc4307bis.all@ietf.org, "secdir@ietf.org" <secdir@ietf.org>
Content-Type: multipart/alternative; boundary="001a1147437427660c0546551fd5"
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/i9J6qks-brOQ7UybA3EHO1oy2F4>
Subject: [secdir] SECDIR review of draft-ietf-ipsecme-rfc4307bis-15
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Jan 2017 02:24:58 -0000

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

STATUS: Ready with one minor typo.


My personal taste would be to reduce the number of algorithms by half. But
that is not practical given the history so this is the best we can do in
the circumstances.



Typos

 Sec 3.4

   Group 22, 23 and 24 are MODP Groups with Prime Order Subgroups thater
   are not safe-primes.  The seeds for these groups have not been