[secdir] secdir review of draft-kanno-tls-camellia
Sandra Murphy <Sandra.Murphy@sparta.com> Tue, 12 April 2011 16:42 UTC
Return-Path: <Sandra.Murphy@cobham.com>
X-Original-To: secdir@ietfc.amsl.com
Delivered-To: secdir@ietfc.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfc.amsl.com (Postfix) with ESMTP id 9858FE0835; Tue, 12 Apr 2011 09:42:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([208.66.40.236]) by localhost (ietfc.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZSRSN9vVd5wl; Tue, 12 Apr 2011 09:42:25 -0700 (PDT)
Received: from M4.sparta.com (M4.sparta.com [157.185.61.2]) by ietfc.amsl.com (Postfix) with ESMTP id C3E51E072E; Tue, 12 Apr 2011 09:42:25 -0700 (PDT)
Received: from Beta5.sparta.com (beta5.sparta.com [157.185.63.21]) by M4.sparta.com (8.13.5/8.13.5) with ESMTP id p3CGgOuS032685; Tue, 12 Apr 2011 11:42:24 -0500
Received: from mailbin2.ads.sparta.com (mailbin.sparta.com [157.185.85.6]) by Beta5.sparta.com (8.13.8/8.13.8) with ESMTP id p3CGgO2t023897; Tue, 12 Apr 2011 11:42:25 -0500
Received: from SMURPHY-LT.columbia.ads.sparta.com ([65.38.193.21]) by mailbin2.ads.sparta.com over TLS secured channel with Microsoft SMTPSVC(6.0.3790.4675); Tue, 12 Apr 2011 12:42:24 -0400
Date: Tue, 12 Apr 2011 12:42:24 -0400
From: Sandra Murphy <Sandra.Murphy@sparta.com>
To: secdir@ietf.org, draft-kanno-tls-camellia@tools.ietf.org
Message-ID: <Pine.WNT.4.64.1104121206030.5412@SMURPHY-LT.columbia.ads.sparta.com>
X-X-Sender: sandy@mailbin.sparta.com
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"; format="flowed"
X-OriginalArrivalTime: 12 Apr 2011 16:42:24.0759 (UTC) FILETIME=[99FF6870:01CBF930]
Cc: iesg@ietf.org
Subject: [secdir] secdir review of draft-kanno-tls-camellia
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Apr 2011 16:42:26 -0000
I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG. These comments were written primarily for the benefit of the
security area directors. Document editors and WG chairs should treat
these comments just like any other last call comments.
This document adds new cipher suites to TLS that include the use of the
Camilla algorithm.
The document follows the format of other documents that have defined
cipher suites to TLS. In most cases the text just points to those other
documents.
It is entirely possible that with sufficient time to study the 9 or 10
references that point to the definition of other cipher suites being cited
as models for these cipher suites, I'd be able to view the document as
obvious. Unfortunately I had neither the experience nor the time for
sufficient study. So I found the text not clear about what other cipher
suites were being invoked as models for the suites here.
The security consideration section points to the sections in seven other
similar documents. I have not been able to review that list of security
considerations sections to see that they adequately cover the concers for
this algorithm. But as this document is not proposing any novel new
combinations of security features and (according to the document, not me)
Camilla is very similar to AES, I presume that security considerations are
adequately covered. I know of no security concerns specific to Camilla.
The language in section 3 (cipher suite definitions) makes frequent
mention of the way similar suites are defined elsewhere. As a person who
is not au courant on cipher suites, I did not find the language obvious.
Advanced Encryption Standard (AES) [20] authenticated encryption with
additional data algorithms, AEAD_AES_128_GCM and AEAD_AES_256_GCM are
described in RFC5116 [8]. And AES GCM cipher suites for TLS are
described in RFC5288 [10]. AES and Camellia share common
characteristics including key sizes and block length.
CAMELLIA_128_GCM and CAMELLIA_256_GCM are defined according as those
of AES.
I believe that the authors mean that the definitions of the Cammilla
suites are the same as in section 5.1 and 5.2 of 5116 and section 3 of
5288, with appropriate substitution of "Camilla" for "AES", but I am not
sure which of the cipher suites in 2.1, 2.2 and 2.3 of this document are
included. Particularly as the PSK suites listed in 2.3 would seem to be
described in section 3.4 with reference to entirely other documents.
Perhaps someone more experienced with cipher suites would think this was
obvious, but I could have used a more explicit mapping between the suites
defined here and the suites from which the descriptions are being
borrowed.
Section 3.4 is particularly opaque to my inexperienced eyes as to the
mapping between these cipher suites and the similar cipher suites whose
descriptiosn are being borrowed:
PSK cipher suites for TLS are described in RFC4279 [5], RFC4785 [7],
RFC5487 [12], and RFC5489 [13].
That is the complete description of the suites.
Which ref applies to which suite in this document?
--Sandy
- [secdir] secdir review of draft-kanno-tls-camellia Sandra Murphy
- Re: [secdir] secdir review of draft-kanno-tls-cam… Satoru Kanno