[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: FIPS 186 and X9.42: One of these things is not like the other



John:

At 12:57 PM 11/22/99 -0800, John C. Kennedy wrote:
1. With all due respect, saying that I have been "out of the loop" is not
quite correct.  I have continued to track the output of both X9F1 and IETF
with regards to X9.42 and DH for the last couple of years. I have copies
of X9.42 drafts up through February 1999.  One does not have to be "in the
loop" to see the inconsistencies I have pointed out.

2. The PKIX "son-of-2459" work, of which mostly only the ASN.1 portion of
X9.42 is relevant, is probably correct.  What is a bigger problem is that
RFC 2631 (Diffie-Hellman Key Agreement Method) by Eric Rescorla references
a 1998 draft. The related drafts, <draft-ietf-smime-small-subgroup-02.txt>
and <draft-ietf-pkix-dhpop-02.txt>, reference RFC 2631.  Is there proper
alignment in these works with the current state of X9.42?  I don't think
so.  How would the larger IETF community know if they were?  Is ANSI
keeping all these authors "in the loop"?

3. FIPS 186-1 on DSA and rDSA is a good example.  If the X9.42
specification had been kept as simple as FIPS 186 we wouldn't be where we
are now.  It is unfortunate that crypto-politics and other machinations
did not allow NIST to handle this work independent of ANSI from the
beginning.
1. I apologize. You certainly have not taken an active role in the IETF or X9F1 for the last few years. I am glad to hear that you have kept current. I would encourage you to become actively involved again.

2. Once the IETF adopted X9.42, I worked diligently with X9F1 to ensure that none of the aspects of X9.42 that were adopted by the IETF were changed. We made a final comparison of the X9.42 draft and RFC 2631 just prior to publication of the RFC. I have commitment that the parts of X9.42 that are included in RFC 2631 will not be changed unless a security problem is discovered. If a security problem is discovered, then the IETF will want to update RFC 2631 anyway, so this is not a concern.

3. Agree.

Russ