[secdir] Secdir review of draft-hansen-scram-sha256-04

Vincent Roca <vincent.roca@inria.fr> Tue, 01 September 2015 08:09 UTC

Return-Path: <vincent.roca@inria.fr>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com []) by ietfa.amsl.com (Postfix) with ESMTP id D75FA1ACD5C; Tue, 1 Sep 2015 01:09:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.559
X-Spam-Status: No, score=-6.559 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_FR=0.35, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id 5TfPxNGaxmVE; Tue, 1 Sep 2015 01:09:45 -0700 (PDT)
Received: from mail2-relais-roc.national.inria.fr (mail2-relais-roc.national.inria.fr []) (using TLSv1.2 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6831E1B854D; Tue, 1 Sep 2015 01:09:44 -0700 (PDT)
X-IronPort-AV: E=Sophos;i="5.17,447,1437429600"; d="asc'?scan'208,217";a="175547351"
Received: from geve.inrialpes.fr ([]) by mail2-relais-roc.national.inria.fr with ESMTP/TLS/DHE-RSA-AES256-SHA; 01 Sep 2015 10:09:20 +0200
From: Vincent Roca <vincent.roca@inria.fr>
X-Pgp-Agent: GPGMail 2.5
Content-Type: multipart/signed; boundary="Apple-Mail=_A9AD1682-5E90-46EF-95DB-FFFD28AA47B0"; protocol="application/pgp-signature"; micalg=pgp-sha512
Date: Tue, 1 Sep 2015 10:09:18 +0200
Message-Id: <DC2F4F43-EAB6-4D73-ADFA-ECD116155A7C@inria.fr>
To: IESG <iesg@ietf.org>, secdir@ietf.org, draft-hansen-scram-sha256@tools.ietf.org
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2104\))
X-Mailer: Apple Mail (2.2104)
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/iqMnVWN_PqByXMDXXHs4g1U8yn0>
Subject: [secdir] Secdir review of draft-hansen-scram-sha256-04
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Sep 2015 08:09:47 -0000


I have reviewed this document as part of the security directorate’s ongoing
effort to review all IETF documents being processed by the IESG. These
comments were written primarily for the benefit of the security area
directors.  Document editors and WG chairs should treat these comments just
like any other last call comments.

IMHO, the document is ready.

Just a minor comment: it is said in the Security Considerations section that:
	«an iteration count of 4096 takes around 0.5 seconds on current mobile handsets.»
It may be useful to give an idea of the features of a representative «current mobile handset».
It can simplify comparisons in a few years from now as things are evolving quite rapidly in this