IETF Logo Mail Archive

Re: [Gen-art] Gen-ART LC review of draft-ietf-keyprov-dskpp-10.txt

Brian E Carpenter <brian.e.carpenter@gmail.com> Fri, 23 April 2010 21:06 UTC

Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: gen-art@core3.amsl.com
Delivered-To: gen-art@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 5EC973A6876 for <gen-art@core3.amsl.com>; Fri, 23 Apr 2010 14:06:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.342
X-Spam-Level:
X-Spam-Status: No, score=-2.342 tagged_above=-999 required=5 tests=[AWL=0.257, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HSVliAJ3e5jx for <gen-art@core3.amsl.com>; Fri, 23 Apr 2010 14:06:14 -0700 (PDT)
Received: from mail-pw0-f44.google.com (mail-pw0-f44.google.com [209.85.160.44]) by core3.amsl.com (Postfix) with ESMTP id 098653A6844 for <gen-art@ietf.org>; Fri, 23 Apr 2010 14:06:07 -0700 (PDT)
Received: by pwj2 with SMTP id 2so7279669pwj.31 for <gen-art@ietf.org>; Fri, 23 Apr 2010 14:05:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from :organization:user-agent:mime-version:to:cc:subject:references :in-reply-to:content-type:content-transfer-encoding; bh=D0p0jnLPcde52vz3xp2J7orSpLVmtuipl/UKSvZeohA=; b=L9zBiQmfguBi80bvWVhjgXdFPkUd5/X9Mv5hCqMZTGfNeM+UA29B6xDp4WMb+s7x9B 12jI6p4pqFupsc7nqtfUhj4bmwqFLBDE1UFeYfJSj+5tepklOm5JKB41D9mTAm6st66m wJ1tVemVooz47QIbFSLxCXKh+zaOVn2c5s/io=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:organization:user-agent:mime-version:to:cc :subject:references:in-reply-to:content-type :content-transfer-encoding; b=HkvVjmr3YAP5FwJW6XcGIlIh6TDDtBc3CYivQ+o+Mx7EgvucYXtKSQo9Vuec9R44hE vmw/x3EtrP+igCO5KKqttZ2s9dkGRTwQblxtl2DcMwR19Da+L0wPDgvFqU2iTeoeRQkA IKlOXANAc3MrezAvwygAmql4jZfpmm/FHETM8=
Received: by 10.143.20.30 with SMTP id x30mr472125wfi.57.1272056753896; Fri, 23 Apr 2010 14:05:53 -0700 (PDT)
Received: from [10.1.1.4] ([121.98.142.15]) by mx.google.com with ESMTPS id v41sm382491wfh.9.2010.04.23.14.05.50 (version=SSLv3 cipher=RC4-MD5); Fri, 23 Apr 2010 14:05:52 -0700 (PDT)
Message-ID: <4BD20BA9.1020008@gmail.com>
Date: Sat, 24 Apr 2010 09:05:45 +1200
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Organization: University of Auckland
User-Agent: Thunderbird 2.0.0.6 (Windows/20070728)
MIME-Version: 1.0
To: andrea.doherty@rsa.com
References: <4BCF9EEC.3080004@gmail.com> <9ED76AB595E4944BB33D8998DE448D110968C3C9@CORPUSMX10B.corp.emc.com>
In-Reply-To: <9ED76AB595E4944BB33D8998DE448D110968C3C9@CORPUSMX10B.corp.emc.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Cc: gen-art@ietf.org, draft-ietf-keyprov-dskpp.all@tools.ietf.org
Subject: Re: [Gen-art] Gen-ART LC review of draft-ietf-keyprov-dskpp-10.txt
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/gen-art>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 23 Apr 2010 21:06:15 -0000

Andrea,

That would help a lot, in my opinion.

The one remaining question is whether anything can be said about
backwards compatibility. But as we know from (e.g.) SSL/TLS experience,
allowing negotiation down to deprecated algorithms can be viewed
as a weakness. Maybe there is nothing useful you can say in Version 1
about backwards compatibility for Version 2.

Thanks
   Brian

On 2010-04-24 08:48, andrea.doherty@rsa.com wrote:
> Brian,
> 
> Thank you for your review (attached).  
> 
> This email is a response to the issue that you raised regarding cryptographic algorithms.  Please let me know whether there is something I missed, as I want to ensure that we fully address your comment in the next update of the draft.
> 
> Rather than have one document for the protocol and another for algorithms, we have relied on versioning the protocol. I propose making the following changes to the document:
> 
> 1. Change Section 1.2 on "Versions" to read:
> 
> "There is a provision made in the syntax for an explicit version number.  Only version "1.0" is currently specified.
> 
> The purpose for versioning the protocol is to provide a mechanism by which changes to required cryptographic algorithms (e.g., SHA-256) and attributes (e.g., key size) can be deployed without disrupting existing implementations; likewise out-dated implementations can be de-commissioned without disrupting operations involving newer protocol versions."
> 
> 2. Add the following to the Security Considerations Section 10.6 on "Miscellaneous Considerations"
> 
> "Many protocols need to be algorithm agile.  One reason for this is that in the past many protocols had fixed sized fields for information such as hash outputs, keys, etc.  This is not the case for DSKPP, except for the key size in the computation of DSKPP-PRF. Another reason was that protocols did not support algorithm negotiation.  This is also not the case for DSKPP, except for the use of SHA-256 in the MAC confirmation message.  Updating the key size for DSKPP-PRF or the MAC confirmation message algorithm will require a new version of the protocol, which is supported with the Version attribute."
> 
> Andrea Doherty
> P.S. We will also address the Nits that you raised in the next update of the draft.
> 
> -----Original Message-----
> From: Brian E Carpenter [mailto:brian.e.carpenter@gmail.com] 
> Sent: Wednesday, April 21, 2010 8:57 PM
> To: draft-ietf-keyprov-dskpp.all@tools.ietf.org; General Area Review Team
> Subject: Gen-ART LC review of draft-ietf-keyprov-dskpp-10.txt
> 
> 
> 
>

v2.23.0 | Report a Bug | By Email