ietf
[Top] [All Lists]

Re: Review of draft-ietf-curdle-dnskey-eddsa-02 (Als was: Secdir review of draft-ietf-curdle-dnskey-eddsa-02)

2016-12-17 11:15:13
Same here. Thank you!
/M

On Fri, Dec 16, 2016 at 11:11 PM, Dan Romascanu <dromasca(_at_)gmail(_dot_)com> 
wrote:
Thank you for addressing my comments.

Regards,

Dan


On Sat, Dec 17, 2016 at 9:01 AM, Ondřej Surý 
<ondrej(_dot_)sury(_at_)nic(_dot_)cz> wrote:

Hi all,

the IETF review has ended, so I have uploaded -03 version.

Magnus, Dan,

the -03 version addresses all your comments.

Tim,

I left the irtf documents in Normative as per Stephan's comments.

I believe that Section 8 correctly references IANA registry:

http://www.iana.org/assignments/dns-sec-alg-numbers/dns-sec-alg-numbers.xhtml
by its name.

The paragraph with nit has been removed altogether per Magnus's request.

Thank you all very much for the reviews.

Cheers,
--
 Ondřej Surý -- Technical Fellow
 --------------------------------------------
 CZ.NIC, z.s.p.o.    --     Laboratoře CZ.NIC
 Milesovska 5, 130 00 Praha 3, Czech Republic
 mailto:ondrej(_dot_)sury(_at_)nic(_dot_)cz    https://nic.cz/
 --------------------------------------------

----- Original Message -----
From: "Ondřej Surý" <ondrej(_dot_)sury(_at_)nic(_dot_)cz>
To: "Magnus Nyström" <magnusn(_at_)gmail(_dot_)com>, "Dan Romascanu"
<dromasca(_at_)gmail(_dot_)com>
Cc: "secdir" <secdir(_at_)ietf(_dot_)org>, "draft-ietf-curdle-dnskey-eddsa"
<draft-ietf-curdle-dnskey-eddsa(_at_)ietf(_dot_)org>, "gen-art"
<gen-art(_at_)ietf(_dot_)org>, "ietf" <ietf(_at_)ietf(_dot_)org>, 
"curdle-chairs"
<curdle-chairs(_at_)ietf(_dot_)org>, "curdle" <curdle(_at_)ietf(_dot_)org>
Sent: Monday, 12 December, 2016 10:38:35
Subject: Re: Review of draft-ietf-curdle-dnskey-eddsa-02 (Als was:
Secdir review of draft-ietf-curdle-dnskey-eddsa-02)

Magnus and Dan,

thanks for the review.

Magnus, you are right, I have removed the first full paragraph
about "security properties" from Security Considerations
from my git version as the security properties of EdDSA
are better described in Normative references anyway.


https://gitlab.labs.nic.cz/labs/ietf/commit/7b52c8e2bbe44042a279a81b960270fdd103d9a2

Dan,

good catches, I fixed the nits in the git:


https://gitlab.labs.nic.cz/labs/ietf/commit/bbfc7ce43fb1f46c91fb7f5de564d907d035aadf

I would be happy to upload next revision after Last Call
is finished or just let the RFC editors to fix it.

Cheers,
--
Ondřej Surý -- Technical Fellow
--------------------------------------------
CZ.NIC, z.s.p.o.    --     Laboratoře CZ.NIC
Milesovska 5, 130 00 Praha 3, Czech Republic
mailto:ondrej(_dot_)sury(_at_)nic(_dot_)cz    https://nic.cz/
--------------------------------------------

----- Original Message -----
From: "Magnus Nyström" <magnusn(_at_)gmail(_dot_)com>
To: secdir(_at_)ietf(_dot_)org, "draft-ietf-curdle-dnskey-eddsa"
<draft-ietf-curdle-dnskey-eddsa(_at_)ietf(_dot_)org>
Sent: Monday, 12 December, 2016 02:44:18
Subject: Secdir review of draft-ietf-curdle-dnskey-eddsa-02

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG. These comments were written primarily for the benefit of the
security area directors. Document editors and WG chairs should treat
these comments just like any other last call comments.

This document describes how to use two two specific Edwards Curves
(Elliptic Curves) in conjunction with DNSSEC, namely ed25519 and
ed448.

The only comment I have on this document is that the Security
Considerations section plainly states, without any reference or proof:

"Ed25519 and Ed448 offers improved security properties and
implementation characteristics compared to RSA and ECDSA algorithms"

I suggest either adding references to proofs of these statements or
alternatively just remove the sentence (since it doesn't really add
anything to the memo); the remaining paragraphs in the Security
Considerations section is what really covers what someone implementing
the memo should know or be aware of.

-- Magnus

~~~~

----- Original Message -----
From: "Dan Romascanu" <dromasca(_at_)gmail(_dot_)com>
To: gen-art(_at_)ietf(_dot_)org
Cc: "draft-ietf-curdle-dnskey-eddsa all"
<draft-ietf-curdle-dnskey-eddsa(_dot_)all(_at_)ietf(_dot_)org>, "curdle"
<curdle(_at_)ietf(_dot_)org>,
ietf(_at_)ietf(_dot_)org
Sent: Sunday, 11 December, 2016 12:21:25
Subject: Review of draft-ietf-curdle-dnskey-eddsa-02

Reviewer: Dan Romascanu
Review result: Ready with Nits

Summary: Ready, with nits

I am not an expert in this field, but the document seems to meet its
goals, it's clear and precise

Major issues:

Minor issues:

Nits/editorial comments:

1. Section 4: s/Section5.1.7/Sections 5.1.7/

2. Section 8: 'The following entry has been added to
  the registry' - I may be wrong, but the section seems to define two
new entries in the registry rather than one





-- 
-- Magnus