Hello. I have reviewed this document, and it looks to be in good shape. Two minor comments:
1) The security considerations should reference draft-irtf-cfrg-eddsa for security considerations. Both CFRG-EDDSA and RFC 7748 refer to the expected security level of Ed25519 as "around 128-bit" which reads somewhat better than "slightly under" in my mind. Citing only the security level characteristics (incorrectly) give the reader an impression that Ed448 is "more secure" than Ed25519. More, or less, context is required to give the reader a proper understanding. I suggest to reword the entire security considerations as follows. The third paragraph below is a direct quote from CFRG-EDDSA. Ed25519 and Ed448 offers improved security properties and implementation characteristics compared to RSA and ECDSA algorithms, and the introduction of these algorithms are thus expected to improve security of DNSSEC. The security considerations of [CFRG-EDDSA] and [RFC7748] are inherited in the usage of Ed25519 and Ed448 in DNSSEC. Ed25519 is intended to operate at around the 128-bit security level, and Ed448 at around the 224-bit security level. A sufficiently large quantum computer would be able to break both. Reasonable projections of the abilities of classical computers conclude that Ed25519 is perfectly safe. Ed448 is provided for those applications with relaxed performance requirements and where there is a desire to hedge against analytical attacks on elliptic curves. These assessments could, of course, change in the future if new attacks that work better than the ones known today are found. 2) Section 9 "Implementation Status" does not seem useful. Thanks, /Simon Ondřej Surý <ondrej.s...@nic.cz> writes: > Dear colleagues, > > this is just a refresh to keep the draft going > as we are still waiting for irtf-cfrg-eddsa, but > that looks like it's in IESG Review, so it might > be a good time to have a final look and send the > comments to /me or Robert or curdle WG mailing list. > > 1. https://datatracker.ietf.org/doc/draft-irtf-cfrg-eddsa/ > > Cheers, > -- > Ondřej Surý -- Technical Fellow > -------------------------------------------- > CZ.NIC, z.s.p.o. -- Laboratoře CZ.NIC > Milesovska 5, 130 00 Praha 3, Czech Republic > mailto:ondrej.s...@nic.cz https://nic.cz/ > -------------------------------------------- > > ----- Forwarded Message ----- > From: internet-dra...@ietf.org > To: i-d-annou...@ietf.org > Cc: cur...@ietf.org > Sent: Monday, 10 October, 2016 15:46:46 > Subject: [Curdle] I-D Action: draft-ietf-curdle-dnskey-eddsa-01.txt > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > This draft is a work item of the CURves, Deprecating and a Little more > Encryption of the IETF. > > Title : EdDSA for DNSSEC > Authors : Ondrej Sury > Robert Edmonds > Filename : draft-ietf-curdle-dnskey-eddsa-01.txt > Pages : 8 > Date : 2016-10-10 > > Abstract: > This document describes how to specify EdDSA keys and signatures in > DNS Security (DNSSEC). It uses the Edwards-curve Digital Security > Algorithm (EdDSA) with the choice of two curves, Ed25519 and Ed448. > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-curdle-dnskey-eddsa/ > > There's also a htmlized version available at: > https://tools.ietf.org/html/draft-ietf-curdle-dnskey-eddsa-01 > > A diff from the previous version is available at: > https://www.ietf.org/rfcdiff?url2=draft-ietf-curdle-dnskey-eddsa-01 > > > Please note that it may take a couple of minutes from the time of submission > until the htmlized version and diff are available at tools.ietf.org. > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > _______________________________________________ > Curdle mailing list > cur...@ietf.org > https://www.ietf.org/mailman/listinfo/curdle > > _______________________________________________ > Curdle mailing list > cur...@ietf.org > https://www.ietf.org/mailman/listinfo/curdle
signature.asc
Description: PGP signature
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop