[secdir] secdir review of draft-housley-suite-b-to-historic-04
Taylor Yu <tlyu@mit.edu> Tue, 24 April 2018 03:51 UTC
Return-Path: <tlyu@mit.edu>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 35124126FDC; Mon, 23 Apr 2018 20:51:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XtJrTtfw9bDU; Mon, 23 Apr 2018 20:51:41 -0700 (PDT)
Received: from dmz-mailsec-scanner-1.mit.edu (dmz-mailsec-scanner-1.mit.edu [18.9.25.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 95028124B0A; Mon, 23 Apr 2018 20:51:38 -0700 (PDT)
X-AuditID: 1209190c-cedff70000000ad2-93-5adea9c9c00f
Received: from mailhub-auth-3.mit.edu ( [18.9.21.43]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-1.mit.edu (Symantec Messaging Gateway) with SMTP id B2.94.02770.9C9AEDA5; Mon, 23 Apr 2018 23:51:37 -0400 (EDT)
Received: from outgoing.mit.edu (OUTGOING-AUTH-1.MIT.EDU [18.9.28.11]) by mailhub-auth-3.mit.edu (8.13.8/8.9.2) with ESMTP id w3O3paWN024064; Mon, 23 Apr 2018 23:51:36 -0400
Received: from localhost (nyc-02.triskelion.com [162.243.175.178]) (authenticated bits=0) (User authenticated as tlyu@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id w3O3pY5W016858; Mon, 23 Apr 2018 23:51:35 -0400
From: Taylor Yu <tlyu@mit.edu>
To: iesg@ietf.org, secdir@ietf.org, draft-housley-suite-b-to-historic.all@ietf.org
Date: Tue, 24 Apr 2018 03:51:34 +0000
Message-ID: <ldv36zl5kjd.fsf@ubuntu-1gb-nyc1-01.localdomain>
Lines: 40
MIME-Version: 1.0
Content-Type: text/plain
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFtrJIsWRmVeSWpSXmKPExsUixCmqrXty5b0og4XX5C0WHBeymPFnIrPF h4UPWRyYPZYs+ckUwBjFZZOSmpNZllqkb5fAlXHjzFW2gi6eigdtt5gaGG9ydjFycEgImEj8 6LPrYuTiEBJYzCTR2PCHEcLZyCjx9nwnM4TzjVHiwYtj7CAdbAJyEpdvBXcxcnKICERLLLn9 hgXEFhawkzi35iY7iM0ioCqx4tY6NpByXgEbidn9EiBhHgFOiYcflzGC2LwCghInZz4Ba2UW kJA4+OIF8wRGnllIUrOQpBYwMq1ilE3JrdLNTczMKU5N1i1OTszLSy3SNdTLzSzRS00p3cQI DhVJnh2MZ954HWIU4GBU4uH98ftulBBrYllxZe4hRkkOJiVRXuP+e1FCfEn5KZUZicUZ8UWl OanFhxglOJiVRHj3ygHleFMSK6tSi/JhUtIcLErivIv2740SEkhPLEnNTk0tSC2CycpwcChJ 8H5dAdQoWJSanlqRlplTgpBm4uAEGc4DNFxqJcjw4oLE3OLMdIj8KUZdjmOXp/UwC7Hk5eel SonzBoEMEgApyijNg5sDivFFn9dvesUoDvSWMO8qkCoeYHqAm/QKaAkT0JIOyTsgS0oSEVJS DYzXGBY/XHVeotU8ST/3UOfenZlbj17N8Jz65fSq5ZalDAGy13nb/93VfurGK/l6+/onL1TV wpeXTJmQyGBQsYSNYXrzmfoNMWIa9bOag9vzV+7Xd77ren+t7C/B8u4Z1mFlD909w2U1/JZ0 bjI3/rD80sO5sfO2XjVVWMsWt6M47EFmwabcuHQlluKMREMt5qLiRAA710NfzAIAAA==
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/ny0xx3Z51h90_-EbQ9RfKvvbgck>
Subject: [secdir] secdir review of draft-housley-suite-b-to-historic-04
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Apr 2018 03:51:44 -0000
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. The summary of the review is Ready with Nits. It's not clear to me whether there are any replacement specs for the crypto suites being declared Historic. Are the remaining crypto suites for these protocols of comparable strength and security properties? More concretely, Section 5 says: "5. Impact of Reclassifying the Suite-B-related RFCs to Historic No interoperability or security concerns are raised by reclassifing the Suite-B-related RFCs to Historic Status." It would be helpful to have some explanation. For example, is it true that none of the RFCs being moved to Historic Status is the sole specification of an algorithm or an identifier for an algorithm that we expect people to continue using? Also there's a typo: "reclassifing" should be "reclassifying". Similarly, in Section 7: "7. Security Considerations The CNSA Suite includes algorithms using the larger key sizes that are included in Suite B. There are no interoperability or security concerns raised by reclassifying the Suite-B-related RFCs to Historic Status." Will there be forthcoming specs for using CNSA Suite algorithms with these protocols? Best regards, -Taylor
- [secdir] secdir review of draft-housley-suite-b-t… Taylor Yu
- Re: [secdir] secdir review of draft-housley-suite… Paul Wouters
- Re: [secdir] secdir review of draft-housley-suite… Russ Housley
- Re: [secdir] secdir review of draft-housley-suite… Russ Housley
- Re: [secdir] secdir review of draft-housley-suite… Paul Wouters