[secdir] SecDir review of draft-ietf-keyprov-pskc-05

Vincent Roca <vincent.roca@inrialpes.fr> Mon, 03 May 2010 20:16 UTC

Return-Path: <vincent.roca@inrialpes.fr>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost []) by core3.amsl.com (Postfix) with ESMTP id DAA973A695D; Mon, 3 May 2010 13:16:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.649
X-Spam-Status: No, score=-3.649 tagged_above=-999 required=5 tests=[BAYES_50=0.001, HELO_EQ_FR=0.35, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([]) by localhost (core3.amsl.com []) (amavisd-new, port 10024) with ESMTP id MwBbs05bpzjj; Mon, 3 May 2010 13:16:28 -0700 (PDT)
Received: from mail2-relais-roc.national.inria.fr (mail2-relais-roc.national.inria.fr []) by core3.amsl.com (Postfix) with ESMTP id 002DD3A6909; Mon, 3 May 2010 13:16:24 -0700 (PDT)
X-IronPort-AV: E=Sophos;i="4.52,321,1270418400"; d="scan'208";a="50343518"
Received: from dom38-1-82-236-155-50.fbx.proxad.net (HELO macbook-pro-de-roca.local) ([]) by mail2-relais-roc.national.inria.fr with ESMTP/TLS/DHE-RSA-CAMELLIA256-SHA; 03 May 2010 22:16:08 +0200
Message-ID: <4BDF2F06.2030406@inrialpes.fr>
Date: Mon, 03 May 2010 22:16:06 +0200
From: Vincent Roca <vincent.roca@inrialpes.fr>
Organization: INRIA
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; fr; rv: Gecko/20100317 Thunderbird/3.0.4
MIME-Version: 1.0
To: secdir@ietf.org, iesg@ietf.org
X-Enigmail-Version: 1.0.1
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Cc: draft-ietf-keyprov-pskc.all@tools.ietf.org
Subject: [secdir] SecDir review of draft-ietf-keyprov-pskc-05
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 03 May 2010 20:16:30 -0000


I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

1- section 13: about the use of the reserved keywords...
   On many places I have the feeling that the authors are not
   sufficiently directive. Two examples (others will follow):

   * introduction: must => MUST in sentence:
"This means that special care must be taken to ensure the

   * 13.1: before the last paragraph of the first solution, add:
"Additionally, it is strongly RECOMMENDED that practical
 implementations use PBESalt and PBEIterationCount when PBE
 encryption is used."

2- section 13, about the use of the term "payload" in titles:
   After reading the introduction of section 13, I understand that
   "payload" refers to "the information contained within [a PSKC

   However I have the feeling that the three desired security
   services are for the whole PSKC container, not only "the
   information contained within". The titles are therefore a
   little bit misleading IMHO.

3- section 13.1: rather than "one of the password-based encryption
   methods provided above", I suggest the authors add an explicit
   reference to section 6.2.

4- section 13.1: it is said:
"Different PBESalt value per key container should be used for best

   It's rather ambiguous. It's not clear to me whether it is
   recommended to use a different PBESalt for each PSKC container,
   or whether it is recommended to use a different PBESalt when a
   given PSKC container carries several keys, one PBESalt per key.

   Also: "should" => "SHOULD"

5- section 13.1:
   why isn't the IPsec/ESP not considered also as a third
   solution to provide the confidentiality, integrity and sender
   authentication services? Why do the authors only focus
   on PCKS integrated or TLS solutions? It's not clear.

6- section 13.1, last but one paragraph:
   The authors say that TLS offers extra security measures,
   especially when the digital signature does not encompass
   the entire payload. I agree, but section 13.1 is dedicated
   to confidentiality, not to integrity/authenticity verifications.
   Referring to digital signatures is meaningless in this section.

7- section 13.1, last paragraph:
   Instead of: "Validating the secure channel end-points"
   I'd rather say: "Authenticating".

8- sections 13.1, 13.2 and 13.3:
   It is mentioned on several places that TLS can be useful in
   situations where "the signature of the payload does not
   encompass the entire payload".

   Shouldn't the authors RECOMMEND that the digital signature
   encompass the whole payload instead? It would clarify...
   This is all the more true if TLS is not used, in which case
   this is strongly RECOMMENDED.

9- section 13.3: it is said:
"A weaker payload authenticity guarantee may be provided by the
 transport layer if it is configured to digest each message it

   Why is this feature necessarily weaker? The source can be
   authenticated with the same level of security as if it was
   done by the recipient end.


* section 13.1 (also section 3):
   Rather than saying "the portable key container", I suggest
   the authors either write everything in extenso, or use the
   PSKC acronym.

* section 6.3, first sentence: a comma is missing between
  "element information", making the sentence difficult to