Re: [TLS] [Gen-art] Genart telechat review of draft-ietf-tls-ecdhe-psk-aead-04

Joseph Salowey <joe@salowey.net> Wed, 24 May 2017 21:29 UTC

Return-Path: <joe@salowey.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 301DD129BC6 for <tls@ietfa.amsl.com>; Wed, 24 May 2017 14:29:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=salowey-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OJ_rxOCsBrON for <tls@ietfa.amsl.com>; Wed, 24 May 2017 14:29:54 -0700 (PDT)
Received: from mail-pf0-x231.google.com (mail-pf0-x231.google.com [IPv6:2607:f8b0:400e:c00::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 12B02129BE8 for <tls@ietf.org>; Wed, 24 May 2017 14:29:54 -0700 (PDT)
Received: by mail-pf0-x231.google.com with SMTP id 9so147121440pfj.1 for <tls@ietf.org>; Wed, 24 May 2017 14:29:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=salowey-net.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=OByUJjmambhY4FaX9+dd+LdXW9Wee+F+eutB8WdeKm8=; b=f/N2IpNstluv+IFGqvRakdXcHUjJmH265khUY1ctLziolpaL8kI5I6SUuWqemZNIRf njMAsW97Vh6buqBJtRIgiPWXoopOAjktCnKdAcH9OEAuxA624KT2hbQApGThgd1EcvNb ZCBXKCRcloath+eAPYTkgJn7VjEARaEIkyFvjY47s07LmKYRRMaZTJzJsfsA07gJphHC gsbf2y7u7wdGUGHvgGwkxUe0kQxlQrQxfu276UpkoUJcArHlOOwEMsytJ9nl++8KFfBK YYqF6XHFarBKn6XY59Mq4XTMnoo0aQls1WIbfo69vcG7WBaf3whXte1RWQDKs4J+aiWJ wq0Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=OByUJjmambhY4FaX9+dd+LdXW9Wee+F+eutB8WdeKm8=; b=cFB3mixWL40LkXkM+mWxfWXnsJRusgavNv8Ut8EaDDHwSyiJWtBXeJEZbZDypgccPV CIe7DkWyBvc8yfg7qUXUHz0egV7IeHpIBVBbxkVidhP2m47qdSs7RciFtbo0XxvL/T6y YFeOZ58GT6AY9+Pogpw5qmFfCippNJd9LHIHxM/4LanpDKieWLQiwPeAsW5+c1/gVm/E ymedBgi1pLw6580ihfIGwfCp1SJHdMBCu3KRLc1L3KedB/49gQU4NLqE2Ku5KHI8FJEb 3+XjlpIV9sb68G5839s2rA+WzTFOH+gB8MwjApHOcCx5GaOz0+IyasodGSv5bbJQB6+h zFMA==
X-Gm-Message-State: AODbwcBlStl9DGHKpbwJOYkw8VGlVdMS9z/UjILf4kYAA7UOc68CaIPC OoAVFEw4fOb4I4ffmFdWuCSiCztMG63G
X-Received: by 10.98.216.198 with SMTP id e189mr40511431pfg.61.1495661393681; Wed, 24 May 2017 14:29:53 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.100.177.204 with HTTP; Wed, 24 May 2017 14:29:33 -0700 (PDT)
In-Reply-To: <34EDA6D1-71BA-4E4C-BB9F-5E8FD05786D9@cooperw.in>
References: <149523380739.28567.9584998643479497589@ietfa.amsl.com> <34EDA6D1-71BA-4E4C-BB9F-5E8FD05786D9@cooperw.in>
From: Joseph Salowey <joe@salowey.net>
Date: Wed, 24 May 2017 14:29:33 -0700
Message-ID: <CAOgPGoAJnvX3-ZWL73Og0qPnKwozf5yB772ZBs3oyxAG_Z6HiQ@mail.gmail.com>
To: Alissa Cooper <alissa@cooperw.in>
Cc: Dan Romascanu <dromasca@gmail.com>, "gen-art >> General area reviewing team" <gen-art@ietf.org>, draft-ietf-tls-ecdhe-psk-aead.all@ietf.org, "tls@ietf.org" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="001a1149494a13323c05504bcecb"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/DdX1jHRkxK5e99U290BrXDhc828>
Subject: Re: [TLS] [Gen-art] Genart telechat review of draft-ietf-tls-ecdhe-psk-aead-04
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 May 2017 21:29:56 -0000

Hi Dan and Alissa,

There has been some churn in the text of the document due to my oversight
when sending the document to the IESG.   The proposed new text provided
below show should also resolve your comment.  Please let me know if you see
any issues with this approach.

Thanks,

Joe

Replacing section 4:


   The cipher suites defined in this document MUST NOT be negotiated for
   any version of (D)TLS other than TLS 1.2.  Servers MUST NOT select
   one of these cipher suites when selecting TLS version other than TLS
   1.2.  A client MUST treat the selection of these cipher suites in
   combination with a different version of TLS as an error and generate
   a fatal 'illegal_parameter' TLS alert.

   Cipher suites TLS_AES_128_GCM_SHA256, TLS_AES_256_GCM_SHA384,
   TLS_AES_128_CCM_8_SHA256 and TLS_AES_128_CCM_SHA256 are used to
   support equivalent functionality in TLS 1.3 [I-D.ietf-tls-tls13].




On Wed, May 24, 2017 at 8:15 AM, Alissa Cooper <alissa@cooperw.in> wrote:

> Dan, thank you for your reviews of this document and thanks to the authors
> for providing clarifications. I have balloted No Objection.
>
> Alissa
>
> > On May 19, 2017, at 6:43 PM, Dan Romascanu <dromasca@gmail.com> wrote:
> >
> > Reviewer: Dan Romascanu
> > Review result: Ready
> >
> > I am the assigned Gen-ART reviewer for this draft. The General Area
> > Review Team (Gen-ART) reviews all IETF documents being processed
> > by the IESG for the IETF Chair. Please wait for direction from your
> > document shepherd or AD before posting a new version of the draft.
> >
> > For more information, please see the FAQ at
> >
> > <https://trac.ietf.org/trac/gen/wiki/GenArtfaq>.
> >
> > Document: draft-ietf-tls-ecdhe-psk-aead-??
> > Reviewer: Dan Romascanu
> > Review Date: 2017-05-19
> > IETF LC End Date: 2017-05-18
> > IESG Telechat date: 2017-05-25
> >
> > Summary:
> >
> > This is a straight-forward and clear document that defines several new
> > cipher suites for the Transport Layer Security (TLS) protocol version
> > 1.2 and higher, based on the Ephemeral Elliptic Curve Diffie-Hellman
> > with Pre-Shared Key (ECDHE_PSK) key exchange together with the
> > Authenticated Encryption with Associated Data (AEAD) algorithms
> > AES-GCM and AES-CCM. The document is well written and I appreciate the
> > effort to clarify in the Introduction the context, what was missing,
> > and why the document is necessary. One issue raised in my initial
> > review for draft-03 was addressed, discussed and draft-04 includes
> > useful clarification text.
> >
> > The document is Ready
> >
> > Major issues:
> >
> > Minor issues:
> >
> > Nits/editorial comments:
> >
> >
> > _______________________________________________
> > Gen-art mailing list
> > Gen-art@ietf.org
> > https://www.ietf.org/mailman/listinfo/gen-art
>
>