[secdir] Secdir review of draft-ietf-karp-crypto-key-table-08.txt

"Klaas Wierenga (kwiereng)" <kwiereng@cisco.com> Wed, 07 August 2013 13:52 UTC

Return-Path: <kwiereng@cisco.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7F6EF21E8127; Wed, 7 Aug 2013 06:52:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.599
X-Spam-Level:
X-Spam-Status: No, score=-10.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eBrgLk7YwTzH; Wed, 7 Aug 2013 06:52:26 -0700 (PDT)
Received: from rcdn-iport-2.cisco.com (rcdn-iport-2.cisco.com [173.37.86.73]) by ietfa.amsl.com (Postfix) with ESMTP id E98B821E812A; Wed, 7 Aug 2013 06:52:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=779; q=dns/txt; s=iport; t=1375883546; x=1377093146; h=from:to:cc:subject:date:message-id:content-id: content-transfer-encoding:mime-version; bh=ZYXXiAfHSDJUT09WLTKRYOzYEVLwclWcY4NLCCMN28I=; b=mTBDSqEu/9pOn0JKPt3iXEz5/0NgYDfISJJMnvjNnqv/jGdpnjKt4hxQ 2YC+OaR0p0qLiDiFg7Yf8CTWFYdA0Gc23royehn2Z50qrcarnKNJBKi09 LZyvNiJeTT2PHSUGLecbU2U3Zsxxb4428betcCAS3/cp/hvU7BMvRA7OT c=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: Ag0FAJhQAlKtJV2b/2dsb2JhbABbgwaBBb5HgRwWdIImAQQ6PxIBKhRCJwQODYgIuFSPaTGDIXQDqTCDF4Iq
X-IronPort-AV: E=Sophos;i="4.89,833,1367971200"; d="scan'208";a="244529063"
Received: from rcdn-core-4.cisco.com ([173.37.93.155]) by rcdn-iport-2.cisco.com with ESMTP; 07 Aug 2013 13:52:25 +0000
Received: from xhc-rcd-x11.cisco.com (xhc-rcd-x11.cisco.com [173.37.183.85]) by rcdn-core-4.cisco.com (8.14.5/8.14.5) with ESMTP id r77DqPjY009436 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Wed, 7 Aug 2013 13:52:25 GMT
Received: from xmb-aln-x12.cisco.com ([169.254.7.38]) by xhc-rcd-x11.cisco.com ([173.37.183.85]) with mapi id 14.02.0318.004; Wed, 7 Aug 2013 08:52:25 -0500
From: "Klaas Wierenga (kwiereng)" <kwiereng@cisco.com>
To: "draft-ietf-karp-crypto-key-table.all@tools.ietf.org" <draft-ietf-karp-crypto-key-table.all@tools.ietf.org>
Thread-Topic: Secdir review of draft-ietf-karp-crypto-key-table-08.txt
Thread-Index: AQHOk3VYEg4BbEukoUS8XGc9hcW1Og==
Date: Wed, 7 Aug 2013 13:52:24 +0000
Message-ID: <7E1636E02F313F4BA69A428B314B77C708CA7638@xmb-aln-x12.cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.61.98.115]
Content-Type: text/plain; charset="us-ascii"
Content-ID: <24DA3405CA1AA642B4A8C08C8E06E55F@emea.cisco.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: The IESG <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
Subject: [secdir] Secdir review of draft-ietf-karp-crypto-key-table-08.txt
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Aug 2013 13:52:31 -0000

Hi,

After having reviewed version 07, I have only one (minor) nit for version 8, you write:

KDF: A key
       derivation function is a one-way function that provides
       cryptographic separation of key material.  The KDF MAY use
       inputs from the row in the key table and the message being sent
       or received but MUST NOT depend on other configuration state.

I wonder whether that definition is correct. I have always considered forwarding secrecy a desirable but not necessary property for KDF's. For example the key may not have the necessary properties so a transformation may be needed (could be as simple as padding until a certain length). But if you can point me to a definition that includes one-way I stand corrected.

Klaas