Brian, Thank you for your review (attached).
This email is a response to the issue that you raised regarding cryptographic algorithms. Please let me know whether there is something I missed, as I want to ensure that we fully address your comment in the next update of the draft. Rather than have one document for the protocol and another for algorithms, we have relied on versioning the protocol. I propose making the following changes to the document: 1. Change Section 1.2 on "Versions" to read: "There is a provision made in the syntax for an explicit version number. Only version "1.0" is currently specified. The purpose for versioning the protocol is to provide a mechanism by which changes to required cryptographic algorithms (e.g., SHA-256) and attributes (e.g., key size) can be deployed without disrupting existing implementations; likewise out-dated implementations can be de-commissioned without disrupting operations involving newer protocol versions." 2. Add the following to the Security Considerations Section 10.6 on "Miscellaneous Considerations" "Many protocols need to be algorithm agile. One reason for this is that in the past many protocols had fixed sized fields for information such as hash outputs, keys, etc. This is not the case for DSKPP, except for the key size in the computation of DSKPP-PRF. Another reason was that protocols did not support algorithm negotiation. This is also not the case for DSKPP, except for the use of SHA-256 in the MAC confirmation message. Updating the key size for DSKPP-PRF or the MAC confirmation message algorithm will require a new version of the protocol, which is supported with the Version attribute." Andrea Doherty P.S. We will also address the Nits that you raised in the next update of the draft. -----Original Message----- From: Brian E Carpenter [mailto:brian.e.carpen...@gmail.com] Sent: Wednesday, April 21, 2010 8:57 PM To: draft-ietf-keyprov-dskpp....@tools.ietf.org; General Area Review Team Subject: Gen-ART LC review of draft-ietf-keyprov-dskpp-10.txt
I have been selected as the General Area Review Team (Gen-ART) reviewer for this draft (for background on Gen-ART, please see http://www.alvestrand.no/ietf/gen/art/gen-art-FAQ.html). Please resolve these comments along with any other Last Call comments you may receive. Document: draft-ietf-keyprov-dskpp-10.txt Reviewer: Brian Carpenter Review Date: 2010-04-22 IETF LC End Date: 2010-04-26 IESG Telechat date: Summary: Almost ready, one issue about algorithms. -------- Note: This is a long draft and I am not a cryptography or XML expert. I do not claim to have reviewed the draft in detail. Major issue: ------------ "3.4.3. The DSKPP Message Hash Algorithm When sending its last message in a protocol run, the DSKPP server generates a MAC that is used by the client for key confirmation. ... d. The resultant string is hashed using SHA-256 in accordance with [FIPS180-SHA]." I am concerned that this is rigidly bound to SHA-256. What happens when SHA-256 goes the way of MD-5? Shouldn't this be a pluggable algorithm? In fact there's another similar issue a few lines earlier: "For the purposes of this document, the secret key k MUST be at least 16 octets long." What would happen if that minimum needs to be raised? Looking at Section 9 (Conformance Requirements), which BTW seems to be extremely useful to implementors, I get the feeling that the point I'm raising is a bit more general. What is the method for adding and deprecating crypto algorithms in DSKPP? If the only method is by bumping up the DSKPP version number, is that going to be a blocking problem in years to come? Maybe Section 1.2 (Versions) should say something about the intent and methodology for versioning the protocol and its range of algorithms. (Full disclosure: I'm exercised about this as an author of draft-iab-extension-recs, in particular because of a pertinent recent comment that it "should specifically note that any protocol using cryptography needs to be designed to be algorithm-independent.") Nit: ---- == Using lowercase 'not' together with uppercase 'MUST', 'SHALL', 'SHOULD', or 'RECOMMENDED' is not an accepted usage according to RFC 2119. Please use uppercase 'NOT' together with RFC 2119 keywords (if that is what you mean). Found 'SHOULD not' in this paragraph: If keys generated in DSKPP will be associated with a particular...
_______________________________________________ Gen-art mailing list Gen-art@ietf.org https://www.ietf.org/mailman/listinfo/gen-art