Hi Kelley,
Burgin, Kelley W. wrote:
Thank you for the review. Comments inline below, noted with [kwb].
Kelley
-----Original Message-----
From: Alexey Melnikov [mailto:[email protected]]
Sent: Friday, June 17, 2011 6:21 PM
To: [email protected]
Cc: [email protected]; [email protected]
Subject: [Gen-art] Gen-Art Last Call Review:
draft-burgin-ipsec-suiteb-profile-00
I am the assigned Gen-ART reviewer for this draft. For background on
Gen-ART, please see the FAQ at
<http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>.
Please resolve these comments along with any other Last Call comments
you may receive.
Document: draft-burgin-ipsec-suiteb-profile-00
Reviewer: Alexey Melnikov
Review Date: 17-June-2011
IETF LC End Date: 13-July-2011
IESG Telechat
Summary: not ready, but issues are not difficult to address
Major issues:
4.3. Suite B IKEv2 Authentication
If configured at a minimum level of security of 128 bits, a system
MUST use either ECDSA-256 or ECDSA-384 for IKE authentication. It
is allowable for one party to authenticate with ECDSA-256 and the
other party to authenticate with ECDSA-384. This flexibility will
allow interoperability between an initiator and a responder that
have different sizes of ECDSA authentication keys.
Initiators and responders in a system configured at a minimum level
of security of 128 bits MUST be able to verify ECDSA-256 signatures
and SHOULD be able to verify ECDSA-384 signatures.
The last SHOULD seems to mean that at the minimum level of security of
128 bits it is possible to have a situation when a responder might be unable
to verify ECDSA-384 signatures used by an initiator.
Is this truly desirable?
[kwb] Would we like minLOS_128 devices to be able to also support the
192 bit sure, but there might be cases where they simply can't. That's
why it's a SHOULD and not a MUST.
[...]
5. Suite B Security Associations (SAs) for IKEv2 and IPsec
An initiator in a system configured at a minimum level of security
of 128 bits MUST offer one or more of the four suites:
Suite-B-GCM-128, Suite-B-GMAC-128, Suite-B-GCM-256 or
Suite-B-GMAC-256 [RFC4869bis]. Suite-B-GCM-128 and
Suite-B-GMAC-128, if offered, must appear in the IKEv2 and IPsec SA
payloads before any offerings of Suite-B-GCM-256 and
Suite-B-GMAC-256.
Does this mean that the responder needs to support all 4?
I think it does (or otherwise there is a chance of non
interoperability),
but it would be better to state that explicitly.
[kwb] I will add "A responder configured in a system at a minimum level
of security of 128 bits MUST support Suite-B-GCM-128 and
Suite-B-GMAC-128 and SHOULD support Suite-B-GCM-256 and
Suite-B-GMAC-256." To the beginning of the following paragraph.
After seeing Paul's reply and thinking a bit more about this issue I
think your additional text is fine. As there are MUST-support
requirements, that is sufficient for interoperability.
_______________________________________________
Gen-art mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/gen-art
