Re: [tcpinc] Secdir telechat review of draft-ietf-tcpinc-tcpcrypt-09

Kathleen Moriarty <> Sun, 12 November 2017 05:19 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 2EA4A128B91; Sat, 11 Nov 2017 21:19:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id VJGjUdtB_E1s; Sat, 11 Nov 2017 21:19:29 -0800 (PST)
Received: from ( [IPv6:2607:f8b0:400e:c05::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 95B56128D3E; Sat, 11 Nov 2017 21:19:29 -0800 (PST)
Received: by with SMTP id l19so7784937pgo.2; Sat, 11 Nov 2017 21:19:29 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=5VpjUPYYERkVocaodmXPQR6SmYvPX70PyPIlHugKAOo=; b=ParOv9H3AIdhNpNeHqce1QnmVKIkwXTG1JgDbQcCgacP3KCuQzZrXdlu1gPUXCIXz4 ajJ+O8qtBeMp1vjfZ+zzfpiFAJnN9aWsmb2PwEEBJC+Fz3AWYs1e9go2qo6bs9S06iuB QPllVRh4WZvMo8NAPG4C7TVPqIEMkMjxnC/ACt/pg1llRwdpBu52Tdx4CSq+rmkBUD6+ NlnswiRLIxT0Rff6u2x8QO0yCKDoutyQTArgI1IWOdVkc6Rvo0J5PJZsgX/A9SPo8gd8 Rv8l1vBoR4SEh5RFwcNdaeVUUaQ20bbzZT1Jrfsz+7RnOeJrJaA7cFC9m7LTM5gk8fiF qOJw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=5VpjUPYYERkVocaodmXPQR6SmYvPX70PyPIlHugKAOo=; b=GRFtK4Dtf6JwkgOKUoBj8+L9hnBkD9pkxdi2FDkeDbWsztphdYv/jsRIMJLOtQavOg DRiYIG8AhND3Qo8TlIhAaTheEdh+pV2IrN+FY+LzfWsGaknGup32XFzn8QghoINhVkbe edAKkVdl+aLKflCJ1xK0wPA/JVsDRRG0IiT2ysplYKKDSxwjeup5+6yWBLUBlHHzr3bR QNw91GzVmcmva7E4lq/NtsIBMgzoCYtcVECgs+A1CGb2M/tZYWeIrxtb4TDm6XWQLj6F yAC11aAsf3w9aX4v9laMcr+g9SwKXsvEnX9Kwoct+Q6n/f7hgUdZJ4/xZ5/YQM0YzgM4 U+Ug==
X-Gm-Message-State: AJaThX7tzjM0AsiFOhW4IDhqrEq6jmQrxzUv9QTfdpcBNxxtsjjtoa+E UWA6IvFhyqEEQH9tZBhoLxd8vnBBFxmIYmlYsQk=
X-Google-Smtp-Source: AGs4zMbYT8WqH4t1dIj5eBcC4JVoS8nTzmESYgs7T53gDAMnPfwWkQnsVZkEhB01Vx+vWQ7RehkeCvCUwGRZaCZ5pag=
X-Received: by with SMTP id f6mr1725266pgn.339.1510463968997; Sat, 11 Nov 2017 21:19:28 -0800 (PST)
MIME-Version: 1.0
Received: by with HTTP; Sat, 11 Nov 2017 21:18:48 -0800 (PST)
In-Reply-To: <>
References: <>
From: Kathleen Moriarty <>
Date: Sun, 12 Nov 2017 00:18:48 -0500
Message-ID: <>
To: Barry Leiba <>, "" <>
Cc: "" <>,,, IETF <>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <>
Subject: Re: [tcpinc] Secdir telechat review of draft-ietf-tcpinc-tcpcrypt-09
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Working group mailing list for TCP Increased Security \(tcpinc\)" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sun, 12 Nov 2017 05:19:31 -0000


Thank you for your review.


On Sun, Nov 12, 2017 at 12:16 AM, Barry Leiba <> wrote:
> Reviewer: Barry Leiba
> Review result: Has Issues
> I’ve looked at Stephen Kent’s review and the discussion thereof, and have
> little to add to that.  A couple of small things:
> 1. Section 3 says that the subsections “describes the tcpcrypt protocol at an
> abstract level.”  There is no sense in which this description is abstract, and
> I’d prefer that we not try to say it is, because that gives a reader an
> expectation that it will be high-level, and perhaps even non-normative.  Maybe
> this?:
>    This section provides details of the operation of the tcpcrypt protocol.
>    The wire format of all messages is specified in Section 4.
> 2. In Section 7 (IANA), you say:
>    Tcpcrypt's TEP identifiers will need to be incorporated in IANA's
>    "TCP encryption protocol identifiers" registry under the
>    "Transmission Control Protocol (TCP) Parameters" registry
> I can find no such registry.  Can you help me here, maybe give me a URL?
> Also, with respect to the new “tcpcrypt AEAD Algorithm" registry:
>    Future assignments are to be made under the "RFC Required" policy
> Note that that policy allows for assignments to be made in any RFC stream,
> which includes the IRTF, the IAB, and the Independent Stream.  Do you really
> want people to be able to send documents to the Independent Stream Editor, and
> to have them published and make assignments with minimal review?
> You might consider whether “IETF Review” is more appropriate.  That allows RFCs
> of any type (Standards Track, Informational, Experimental, BCP), but requires
> that they be in the IETF stream and have a formal IETF last call.
> It will also help IANA if you make it clear what the valid range of values is
> for the “Value” column.  Is 0x0000 valid?  Is 0xFFFF the maximum?  Explicitly
> saying that values must be in the range 0x0001 to 0xFFFF inclusive will be
> helpful.  (I say this with particular note that you changed how the Value field
> is specified between -07 and -09, so this clearly has not even been clear to
> the spec developers.)
> _______________________________________________
> Tcpinc mailing list


Best regards,