[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Ipsec] Last call comments about draft-ietf-ipsec-ike-ecc-groups-10

To: <iesg@xxxxxxxx>, <ipsec@xxxxxxxx>, <dbrown@xxxxxxxxxxxx>
Subject: [Ipsec] Last call comments about draft-ietf-ipsec-ike-ecc-groups-10
From: <Pasi.Eronen@xxxxxxxxx>
Date: Mon, 6 Nov 2006 20:09:38 +0200
Cc:
List-help: <mailto:ipsec-request@ietf.org?subject=help>
List-id: IP Security <ipsec.ietf.org>
List-post: <mailto:ipsec@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
Sender: owner-ietf-ipsec@xxxxxxxxxxxxx
Thread-index: AccBzrk1b8CijvrZSHih3OiH4viOeg==
Thread-topic: Last call comments about draft-ietf-ipsec-ike-ecc-groups-10

Summary: This document is on the right track but has open issues,
described below. Given the complexity of the issues (and the track 
record of getting things wrong with draft-ietf-ipsec-ike-ecp-groups...),

I'd strongly suggest making a new I-D version before proceeding
to IESG evaluation.

1) This document re-defines three groups (and their numbers)
that are defined in draft-ietf-ipsec-ike-ecp-groups-03 (which is
currently in RFC editor queue). Unless the intent is to obsolete
draft-ietf-ipsec-ike-ecp-groups, these three groups should be
removed from this document.

2) This draft uses a different method for point-to-octet string
conversion (in KEi/KEr payload) than draft-ietf-ipsec-ike-ecp-groups
(and thus reusing same numbers for some groups is especially bad idea,
since they won't be compatible). The conversion method is also
different from the one used in RFC2409 for Oakley groups 3 and 4.

I'd suggest either adopting the same method as in ecp-groups, or
explicitly noting this difference. In any case, a very specific
reference to the method is needed (e.g. "the data in the KE payload is
the point on the curve converted to octet string using the EC2OSP
primitive defined in [IEEE-1363] Section E.2.3.2.")

3) The IANA considerations section is very confusing (and does not
match the current state of the registries). I'd suggest rephrasing
along these lines:

   This document defines twelve new Diffie-Hellman groups, as
   described in Table 2. IANA is requested to update the definitions
   of groups 6..13 and add definitions of groups 22..26 in the "Group
   Description" registry defined in [RFC2409]. IANA is requested to
   add definitions of groups 6..13 and 22..26 in the "IKEv2
   Diffie-Hellman Transform IDs" registry defined in [RFC4306].

4) References are not split to informative and normative.

5) "RFC2409 [IKE] defines five standard Oakley Groups - three modular
exponentiation groups and two elliptic curve groups over GF[2^N]."
RFC2409 defines _four_ standard Oakley groups.

6) The document uses RFC 2119 keywords, but does not include
RFC 2119 as a reference.

7) Typos: s/RFC 3406/RFC 4306/, s/previousley/previously/,
s/ellipitc/elliptic/, s/classe/class/, s/generaotr/generator/.


Best regards,
Pasi

_______________________________________________
Ipsec mailing list
Ipsec@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ipsec

Prev by Date: meaning road Florida.
Next by Date: Be leaner and slimmer by next week
Previous by thread: meaning road Florida.
Next by thread: 0ver 3OO $tyles of Replica Watches!
Index(es):
- Date
- Thread