[secdir] secdir review of draft-kivinen-ipsecme-ikev2-rfc5996bis-02
"Scott G. Kelly" <scott@hyperthought.com> Fri, 18 April 2014 13:50 UTC
Return-Path: <scott@hyperthought.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6EDF71A0250 for <secdir@ietfa.amsl.com>; Fri, 18 Apr 2014 06:50:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.001
X-Spam-Level:
X-Spam-Status: No, score=-0.001 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=unavailable
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UmwrKpZe_CsP for <secdir@ietfa.amsl.com>; Fri, 18 Apr 2014 06:50:36 -0700 (PDT)
Received: from smtp82.iad3a.emailsrvr.com (smtp82.iad3a.emailsrvr.com [173.203.187.82]) by ietfa.amsl.com (Postfix) with ESMTP id 887491A024B for <secdir@ietf.org>; Fri, 18 Apr 2014 06:50:36 -0700 (PDT)
Received: from localhost (localhost.localdomain [127.0.0.1]) by smtp19.relay.iad3a.emailsrvr.com (SMTP Server) with ESMTP id 80ED22E80B9; Fri, 18 Apr 2014 09:50:32 -0400 (EDT)
X-Virus-Scanned: OK
Received: from app6.wa-webapps.iad3a (relay.iad3a.rsapps.net [172.27.255.110]) by smtp19.relay.iad3a.emailsrvr.com (SMTP Server) with ESMTP id 66E532E80B7; Fri, 18 Apr 2014 09:50:32 -0400 (EDT)
Received: from hyperthought.com (localhost.localdomain [127.0.0.1]) by app6.wa-webapps.iad3a (Postfix) with ESMTP id 5359280059; Fri, 18 Apr 2014 09:50:32 -0400 (EDT)
Received: by apps.rackspace.com (Authenticated sender: scott@hyperthought.com, from: scott@hyperthought.com) with HTTP; Fri, 18 Apr 2014 06:50:32 -0700 (PDT)
Date: Fri, 18 Apr 2014 06:50:32 -0700
From: "Scott G. Kelly" <scott@hyperthought.com>
To: "secdir@ietf.org" <secdir@ietf.org>, "iesg@ietf.org" <iesg@ietf.org>, draft-kivinen-ipsecme-ikev2-rfc5996bis.all@tools.ietf.org
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Importance: Normal
X-Priority: 3 (Normal)
X-Type: plain
Message-ID: <1397829032.33926049@apps.rackspace.com>
X-Mailer: webmail7.0
Archived-At: http://mailarchive.ietf.org/arch/msg/secdir/Us4t1JWZUaFxzSi6wOnaEnaJZUE
Subject: [secdir] secdir review of draft-kivinen-ipsecme-ikev2-rfc5996bis-02
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Apr 2014 13:50:37 -0000
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This is an update to RFC5996 (IKEv2). From the document, it makes the following changes: Fixed section 3.6 and 3.10 as specified in the RFC5996 errata 2707 and 3036. Removed Raw RSA Public keys. There is new work ongoing to replace that with more generic format for generic raw public keys. Added reference to the RFC6989 when using non Sophie-Germain Diffie- Hellman groups, or when reusing Diffie-Hellman Exponentials. Added reference to the RFC4945 in the Identification Payloads section. Added IANA Considerations section note about removing the Raw RSA Key, and removed the old contents which was already done during RFC5996 processing. Added note that IANA should update IKEv2 registry to point to this document instead of RFC5996. Clarified that the intended status of this document is Internet Standard both in abstract and Introduction section. Added name Last Substruc for the Proposal and Transform Substructure header for the 0 (last) or 2/3 (more) field. Based on the well known and well respected collection of authors, I think it is safe to conclude that ample consideration has been given to all things security in this one. I see nothing in the above list that makes me think otherwise. --Scott
- [secdir] secdir review of draft-kivinen-ipsecme-i… Scott G. Kelly