[secdir] secdir review of draft-ietf-jose-cfrg-curves-05
Melinda Shore <melinda.shore@gmail.com> Fri, 12 August 2016 22:42 UTC
Return-Path: <melinda.shore@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D77C012D8FD; Fri, 12 Aug 2016 15:42:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EkCm_q0efTF3; Fri, 12 Aug 2016 15:42:00 -0700 (PDT)
Received: from mail-pa0-x230.google.com (mail-pa0-x230.google.com [IPv6:2607:f8b0:400e:c03::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CA9A812D843; Fri, 12 Aug 2016 15:42:00 -0700 (PDT)
Received: by mail-pa0-x230.google.com with SMTP id fi15so77821pac.1; Fri, 12 Aug 2016 15:42:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:subject:to:cc:message-id:date:user-agent:mime-version; bh=lgqfOCIHIKZ0d0Dirq6a+gGdba+DgVvXJCXsawAiR8U=; b=uLcNaDJGE8PLsH0IV3ppdBhgz/K6oypy3Sl/I8gqDfFz541bU2qOR+D+e/Gt+TaUv/ uNCmcE05OFCziwke1WAe03xNHhoSkCz1pKj0fMNBxumyE7D/oMw+LuvoZQOFC5Q2e7lT 2EunSwk1tCJyzNP4w1jDz1P+b6azSO5ckTQsYFwuyyAyxFCAA3DWNKtAWSeo9ssi1vIx VRFFawdppsHlDg5Te3FmSXj1Q7NpNCvvKsgIIN33N/gn68Zq02wQaYEY4k8ort8lfq8P ahG/mTzq5ZW9wE/HYG3baYJyq+nnq9lp5hl6mlFXKtnFBCNDot2KpSevrvygP/6hEu4s RnVQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:subject:to:cc:message-id:date:user-agent :mime-version; bh=lgqfOCIHIKZ0d0Dirq6a+gGdba+DgVvXJCXsawAiR8U=; b=jjKcznyoJ/y7hKRgbQ3eV306i1jeMzqaULOAZsTIZVkqtHUoW2L8FmrIOjtpjzH7sR vgSRFz76vs8wDLNsObc/ltkHPlPm5L4RrGotR98I25f2Y6H/jYejlwCeKam+QspNcQBi WLJ1MfKUCzrfIXYiztQT7jlPsO1vReBjVsRmiI8wqqsNr1qLWD85FgWTH3CKGGQH+9mk 0nmQiXLXFmT8PstcgKeEuUr+zmu/FFWZWQaJ7RkYwtouXrlqpgv9DH/vpyOteYISMiV3 8cvVq/EtUK+lDFk3enrWDc590JIul8KODGev9TkUZW2yrAknp4CnCptvBzY5tFbFPuYe xmHg==
X-Gm-Message-State: AEkoouv5XKwZbwn1vUXpgLl8fP/DFtYqSfNzfuUlSNsmCVpe2APhp655Morstw1Sqh3elg==
X-Received: by 10.66.25.135 with SMTP id c7mr30940474pag.24.1471041720234; Fri, 12 Aug 2016 15:42:00 -0700 (PDT)
Received: from Melindas-MacBook-Pro.local (216-67-79-200-radius.dynamic.acsalaska.net. [216.67.79.200]) by smtp.googlemail.com with ESMTPSA id i62sm15402756pfg.62.2016.08.12.15.41.58 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 12 Aug 2016 15:41:59 -0700 (PDT)
From: Melinda Shore <melinda.shore@gmail.com>
To: draft-ietf-jose-cfrg-curves.all@ietf.org
Message-ID: <ca99da3c-ff2e-798d-aa3a-27d435a4e096@gmail.com>
Date: Fri, 12 Aug 2016 14:41:56 -0800
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:45.0) Gecko/20100101 Thunderbird/45.2.0
MIME-Version: 1.0
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="AF63xiqGpvrh5rkxWOhUPVDSOSBD9TiMv"
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/vRIqq4C9A-3PJ4yghvJLbhPhuus>
Cc: secdir@ietf.org
Subject: [secdir] secdir review of draft-ietf-jose-cfrg-curves-05
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Aug 2016 22:42:03 -0000
[Note: I was assigned draft-ietf-jose-cfrg-curves-03 but have reviewed the most recent revision] This document defines how to use the Diffie-Hellman algorithms "X25519" and "X448" as well as the signature algorithms "Ed25519" and "Ed448" from the IRTF CFRG elliptic curves work in JOSE, and in doing so introduces new a key type and subtypes, and specifies registry additions. Section 3 specifies the application of the algorithms within the JOSE framework. Summary: ready, with very minor nits on formal publication requirements I do not have the cryptographic chops to perform a cryptographic review of this draft. The algorithms being added to JOSE in this document are specified in a CFRG deliverable (https://datatracker.ietf.org/doc/draft-irtf-cfrg-eddsa/), which is currently under development (that is to say, mature but not completed). I am satisfied that this document pays heed to the security considerations in the CFRG document. The document appears complete and ready with respect to the needs of someone implementing this specification. Nits: normative reference to an informational RFC (7748) normative reference to an informational draft (draft-irtf-cfrg-eddsa) later version of draft-irtf-cfrg-eddsa has been published missing reference: "RFC-THIS" in IANA Considerations section Melinda
- [secdir] secdir review of draft-ietf-jose-cfrg-cu… Melinda Shore