Re: [secdir] Review of draft-merkle-tls-brainpool-03
Johannes Merkle <johannes.merkle@secunet.com> Fri, 05 July 2013 15:11 UTC
Return-Path: <Johannes.Merkle@secunet.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3B39311E8104; Fri, 5 Jul 2013 08:11:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level:
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id B8bfXIuQQ8tY; Fri, 5 Jul 2013 08:11:49 -0700 (PDT)
Received: from a.mx.secunet.com (a.mx.secunet.com [195.81.216.161]) by ietfa.amsl.com (Postfix) with ESMTP id C822711E80F4; Fri, 5 Jul 2013 08:11:48 -0700 (PDT)
Received: from localhost (alg1 [127.0.0.1]) by a.mx.secunet.com (Postfix) with ESMTP id 553971A0084; Fri, 5 Jul 2013 17:11:44 +0200 (CEST)
X-Virus-Scanned: by secunet
Received: from a.mx.secunet.com ([127.0.0.1]) by localhost (a.mx.secunet.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 0AdQsri8WD55; Fri, 5 Jul 2013 17:11:43 +0200 (CEST)
Received: from mail-srv1.secumail.de (unknown [10.53.40.200]) by a.mx.secunet.com (Postfix) with ESMTP id 1F4251A008C; Fri, 5 Jul 2013 17:11:43 +0200 (CEST)
Received: from [10.208.1.73] ([10.208.1.73]) by mail-srv1.secumail.de with Microsoft SMTPSVC(6.0.3790.4675); Fri, 5 Jul 2013 17:11:42 +0200
Message-ID: <51D6E22E.3040107@secunet.com>
Date: Fri, 05 Jul 2013 17:11:42 +0200
From: Johannes Merkle <johannes.merkle@secunet.com>
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:17.0) Gecko/20130620 Thunderbird/17.0.7
MIME-Version: 1.0
To: Simon Josefsson <simon@josefsson.org>
References: <20130705004218.233f8942@latte.josefsson.org>
In-Reply-To: <20130705004218.233f8942@latte.josefsson.org>
X-Enigmail-Version: 1.5.1
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
X-OriginalArrivalTime: 05 Jul 2013 15:11:43.0047 (UTC) FILETIME=[F5264D70:01CE7991]
X-Mailman-Approved-At: Fri, 05 Jul 2013 08:13:20 -0700
Cc: iesg@ietf.org, draft-merkle-tls-brainpool.all@tools.ietf.org, secdir@ietf.org
Subject: Re: [secdir] Review of draft-merkle-tls-brainpool-03
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Jul 2013 15:11:54 -0000
Simon,
thank you for the thorough and competent review. Some of your points nees discussion.
>
> I haven't verified the test vectors, but as an implementer I'm happy
> that they are present and they improve the credibility of the draft.
the test vectors are identical to those used in draft-merkle-ikev2-ke-brainpool and in RFC 6932, and they have been
verified by Dan Harkins.
> When I read the document, it seems to be missing its "gut". There is
> one section "Introduction" and then you would expect the actual
> specification. But instead comes the Security Considerations and the
> rest of the usual IETF boiler plate. The contribution of this document
> is hidden in the IANA Considerations.
If you have a look at version 01, you see that such a section 2 was present. Sean suggested to remove it. It seems that
your tastes as to the structure differ... I am willing to change the structure and wording as long as there is consensus
on that.
> --->>>
> 2. Brainpool NamedCurve Types
>
> This document adds three new NamedCurve types as follows.
>
> enum {
> brainpoolP256r1(TBD1),
> brainpoolP384r1(TBD2),
> brainpoolP512r1(TBD3)
> } NamedCurve;
>
> These curves are suitable for use with DTLS [RFC6347].
> <<<---
>
This is much less verbose as our previous section 2. Maybe this could be a compromise between Sean's preference of being
compact and your preference of the draft having "guts".
But isn't this syntax incorrect as there are already code points defined for namedCurve? Your text defines namedCurve as
comprising of three values which is not true.
--
Johannes
- [secdir] Review of draft-merkle-tls-brainpool-03 Simon Josefsson
- Re: [secdir] Review of draft-merkle-tls-brainpool… Johannes Merkle
- Re: [secdir] Review of draft-merkle-tls-brainpool… Simon Josefsson