[saag] AD review of draft-iab-crypto-alg-agility-06

Stephen Farrell <stephen.farrell@cs.tcd.ie> Fri, 17 July 2015 17:18 UTC

Message-ID: <55A938F1.9090404@cs.tcd.ie>
Date: Fri, 17 Jul 2015 18:18:41 +0100
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.7.0
MIME-Version: 1.0
To: "saag@ietf.org" <saag@ietf.org>
OpenPGP: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url=
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/260I2fxhfeX3tBd-cc355tI8Y0Y>
Subject: [saag] AD review of draft-iab-crypto-alg-agility-06
Precedence: list

Hiya,

Russ has asked me to start IETF last call for this draft and I
plan to do that shortly. For WG drafts I usually post an AD
review before doing so, and that's below. I don't think any of
my comments need to be processed before starting LC so these
should be considered along with other last call comments
received.

Cheers,
S.

[1] https://tools.ietf.org/html/draft-iab-crypto-alg-agility-06


Don't be put off by the filename, this is being proposed for the
IETF stream as a BCP.

intro, 3rd para: are we saying that agility is achieved when a
protocol (specification) can easliy migrate from one suite to a
better one, or when a deployment can easily migrate? The current
text implies the former, but I'm not sure if we'd be better off
aiming more for the latter.

2.1: "Algorithm identifiers, on the other hand, impose a burden on
implementations by forcing a determination at run-time regarding
which algorithm combinations are acceptable." Here you mean IPsec
style or chinese menu style alg ids. Do we need to make sure that
alg id and suite id are used consistently throughout as one or the
other but not both, and do we need a new term that means either? (I
find this clear enough, but I'm not sure if it might confuse some
readers.)

2.3: "a mechanism is needed to determine whether the new algorithm
has been deployed" I think that's overstated, maybe
s/needed/desirable/ would be better?  (maybe with a bit more
wordsmithing)

2.4: The SHOULD for integrity only applies when the negotiation is
done over the network, but some "selection" methods might not need
protocol integrity mechanisms. Maybe drop "selection" there?

2.4: Maybe join paras 2 and 3, para 2 alone reads a little oddly

2.9: I'm not really a fan of blessing weaker algs for OS, but I lost
that argument before. I wonder if we would get consensus if this
said that weak algs are better than no encryption but still MUST be
deprecated as soon as feasible?

3.1, 1st para: I think this could do with some more editing.

3.2: "some people say" is a bit too weasel-wordy

3.2: the second para here is repetition, I think you could delete
all or almost all of that

4: "eliminate the cruft" - yes, I like that:-)

general: there are some typos throughout, another pass to fix those
would be good but I didn't have time to note them all sorry

[saag] AD review of draft-iab-crypto-alg-agility-… Stephen Farrell
Re: [saag] AD review of draft-iab-crypto-alg-agil… Paul Hoffman
Re: [saag] AD review of draft-iab-crypto-alg-agil… Black, David
Re: [saag] AD review of draft-iab-crypto-alg-agil… Kathleen Moriarty
Re: [saag] AD review of draft-iab-crypto-alg-agil… Eliot Lear
Re: [saag] AD review of draft-iab-crypto-alg-agil… Derek Atkins
Re: [saag] AD review of draft-iab-crypto-alg-agil… Watson Ladd
Re: [saag] AD review of draft-iab-crypto-alg-agil… Viktor Dukhovni
Re: [saag] AD review of draft-iab-crypto-alg-agil… ianG
Re: [saag] AD review of draft-iab-crypto-alg-agil… Black, David
Re: [saag] AD review of draft-iab-crypto-alg-agil… Black, David
Re: [saag] AD review of draft-iab-crypto-alg-agil… Viktor Dukhovni
Re: [saag] AD review of draft-iab-crypto-alg-agil… Viktor Dukhovni
Re: [saag] AD review of draft-iab-crypto-alg-agil… Nico Williams
Re: [saag] AD review of draft-iab-crypto-alg-agil… Stephen Farrell
Re: [saag] AD review of draft-iab-crypto-alg-agil… Viktor Dukhovni
Re: [saag] AD review of draft-iab-crypto-alg-agil… Nico Williams
Re: [saag] AD review of draft-iab-crypto-alg-agil… Nico Williams
Re: [saag] AD review of draft-iab-crypto-alg-agil… Viktor Dukhovni
Re: [saag] AD review of draft-iab-crypto-alg-agil… Stephen Farrell
Re: [saag] AD review of draft-iab-crypto-alg-agil… Nico Williams
Re: [saag] AD review of draft-iab-crypto-alg-agil… Viktor Dukhovni
Re: [saag] AD review of draft-iab-crypto-alg-agil… Stephen Farrell
Re: [saag] AD review of draft-iab-crypto-alg-agil… Stephen Farrell
Re: [saag] AD review of draft-iab-crypto-alg-agil… Nico Williams
Re: [saag] AD review of draft-iab-crypto-alg-agil… Stephen Farrell
Re: [saag] AD review of draft-iab-crypto-alg-agil… Salz, Rich
Re: [saag] AD review of draft-iab-crypto-alg-agil… Nico Williams
Re: [saag] AD review of draft-iab-crypto-alg-agil… ianG
Re: [saag] AD review of draft-iab-crypto-alg-agil… Viktor Dukhovni
Re: [saag] AD review of draft-iab-crypto-alg-agil… Christian Huitema
Re: [saag] AD review of draft-iab-crypto-alg-agil… Viktor Dukhovni
Re: [saag] AD review of draft-iab-crypto-alg-agil… Kathleen Moriarty
Re: [saag] AD review of draft-iab-crypto-alg-agil… Martin Thomson
Re: [saag] AD review of draft-iab-crypto-alg-agil… Viktor Dukhovni
Re: [saag] AD review of draft-iab-crypto-alg-agil… Salz, Rich
Re: [saag] AD review of draft-iab-crypto-alg-agil… Kathleen Moriarty
Re: [saag] AD review of draft-iab-crypto-alg-agil… Salz, Rich
Re: [saag] AD review of draft-iab-crypto-alg-agil… Stephen Farrell
Re: [saag] AD review of draft-iab-crypto-alg-agil… Viktor Dukhovni
Re: [saag] AD review of draft-iab-crypto-alg-agil… Viktor Dukhovni
Re: [saag] AD review of draft-iab-crypto-alg-agil… Salz, Rich
Re: [saag] AD review of draft-iab-crypto-alg-agil… David Misell
Re: [saag] AD review of draft-iab-crypto-alg-agil… Peter Gutmann
Re: [saag] AD review of draft-iab-crypto-alg-agil… Viktor Dukhovni
Re: [saag] AD review of draft-iab-crypto-alg-agil… Peter Gutmann
Re: [saag] AD review of draft-iab-crypto-alg-agil… Viktor Dukhovni
Re: [saag] AD review of draft-iab-crypto-alg-agil… Peter Gutmann
Re: [saag] AD review of draft-iab-crypto-alg-agil… Salz, Rich
Re: [saag] AD review of draft-iab-crypto-alg-agil… Viktor Dukhovni
Re: [saag] AD review of draft-iab-crypto-alg-agil… Stephen Farrell
Re: [saag] AD review of draft-iab-crypto-alg-agil… Salz, Rich
Re: [saag] AD review of draft-iab-crypto-alg-agil… Kathleen Moriarty
Re: [saag] AD review of draft-iab-crypto-alg-agil… Viktor Dukhovni
Re: [saag] AD review of draft-iab-crypto-alg-agil… Viktor Dukhovni
Re: [saag] AD review of draft-iab-crypto-alg-agil… Kathleen Moriarty
Re: [saag] AD review of draft-iab-crypto-alg-agil… Martin Thomson
Re: [saag] AD review of draft-iab-crypto-alg-agil… Viktor Dukhovni
Re: [saag] AD review of draft-iab-crypto-alg-agil… Viktor Dukhovni
Re: [saag] AD review of draft-iab-crypto-alg-agil… Yoav Nir
Re: [saag] AD review of draft-iab-crypto-alg-agil… Stephen Farrell
Re: [saag] AD review of draft-iab-crypto-alg-agil… Paterson, Kenny
Re: [saag] AD review of draft-iab-crypto-alg-agil… Nico Williams
Re: [saag] AD review of draft-iab-crypto-alg-agil… Stephen Farrell
Re: [saag] AD review of draft-iab-crypto-alg-agil… Stephen Farrell
Re: [saag] AD review of draft-iab-crypto-alg-agil… Paterson, Kenny
Re: [saag] AD review of draft-iab-crypto-alg-agil… Peter Gutmann
Re: [saag] AD review of draft-iab-crypto-alg-agil… Eliot Lear
Re: [saag] AD review of draft-iab-crypto-alg-agil… Viktor Dukhovni
Re: [saag] AD review of draft-iab-crypto-alg-agil… Nico Williams
Re: [saag] AD review of draft-iab-crypto-alg-agil… Derek Atkins
Re: [saag] AD review of draft-iab-crypto-alg-agil… Martin Thomson
Re: [saag] AD review of draft-iab-crypto-alg-agil… Watson Ladd
Re: [saag] AD review of draft-iab-crypto-alg-agil… Viktor Dukhovni
Re: [saag] AD review of draft-iab-crypto-alg-agil… Martin Thomson
Re: [saag] AD review of draft-iab-crypto-alg-agil… Salz, Rich
Re: [saag] AD review of draft-iab-crypto-alg-agil… Joel Sing
Re: [saag] AD review of draft-iab-crypto-alg-agil… Viktor Dukhovni
Re: [saag] AD review of draft-iab-crypto-alg-agil… Russ Housley
Re: [saag] AD review of draft-iab-crypto-alg-agil… Russ Housley
Re: [saag] AD review of draft-iab-crypto-alg-agil… Viktor Dukhovni
Re: [saag] AD review of draft-iab-crypto-alg-agil… Viktor Dukhovni
Re: [saag] AD review of draft-iab-crypto-alg-agil… Eliot Lear
Re: [saag] AD review of draft-iab-crypto-alg-agil… Eliot Lear
Re: [saag] AD review of draft-iab-crypto-alg-agil… Russ Housley
Re: [saag] AD review of draft-iab-crypto-alg-agil… Eliot Lear
Re: [saag] AD review of draft-iab-crypto-alg-agil… Viktor Dukhovni
Re: [saag] AD review of draft-iab-crypto-alg-agil… Russ Housley
Re: [saag] AD review of draft-iab-crypto-alg-agil… Russ Housley
Re: [saag] AD review of draft-iab-crypto-alg-agil… Salz, Rich
Re: [saag] AD review of draft-iab-crypto-alg-agil… Viktor Dukhovni
Re: [saag] AD review of draft-iab-crypto-alg-agil… Salz, Rich
Re: [saag] AD review of draft-iab-crypto-alg-agil… Nico Williams
Re: [saag] AD review of draft-iab-crypto-alg-agil… Christian Huitema
Re: [saag] AD review of draft-iab-crypto-alg-agil… Viktor Dukhovni
Re: [saag] AD review of draft-iab-crypto-alg-agil… Watson Ladd
Re: [saag] AD review of draft-iab-crypto-alg-agil… Nico Williams
Re: [saag] AD review of draft-iab-crypto-alg-agil… Viktor Dukhovni
Re: [saag] AD review of draft-iab-crypto-alg-agil… Derek Atkins
Re: [saag] AD review of draft-iab-crypto-alg-agil… Russ Housley
Re: [saag] AD review of draft-iab-crypto-alg-agil… Russ Housley
Re: [saag] AD review of draft-iab-crypto-alg-agil… Viktor Dukhovni
Re: [saag] AD review of draft-iab-crypto-alg-agil… Russ Housley