Discussion:
Review of draft-ietf-curdle-dnskey-eddsa-02 (Als was: Secdir review of draft-ietf-curdle-dnskey-eddsa-02)
Ondřej Surý
2016-12-12 09:38:35 UTC
Permalink
Magnus and Dan,

thanks for the review.

Magnus, you are right, I have removed the first full paragraph
about "security properties" from Security Considerations
from my git version as the security properties of EdDSA
are better described in Normative references anyway.

https://gitlab.labs.nic.cz/labs/ietf/commit/7b52c8e2bbe44042a279a81b960270fdd103d9a2

Dan,

good catches, I fixed the nits in the git:

https://gitlab.labs.nic.cz/labs/ietf/commit/bbfc7ce43fb1f46c91fb7f5de564d907d035aadf

I would be happy to upload next revision after Last Call
is finished or just let the RFC editors to fix it.

Cheers,
--
Ondřej Surý -- Technical Fellow
--------------------------------------------
CZ.NIC, z.s.p.o. -- Laboratoře CZ.NIC
Milesovska 5, 130 00 Praha 3, Czech Republic
mailto:***@nic.cz https://nic.cz/
--------------------------------------------

----- Original Message -----
Sent: Monday, 12 December, 2016 02:44:18
Subject: Secdir review of draft-ietf-curdle-dnskey-eddsa-02
I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG. These comments were written primarily for the benefit of the
security area directors. Document editors and WG chairs should treat
these comments just like any other last call comments.
This document describes how to use two two specific Edwards Curves
(Elliptic Curves) in conjunction with DNSSEC, namely ed25519 and
ed448.
The only comment I have on this document is that the Security
"Ed25519 and Ed448 offers improved security properties and
implementation characteristics compared to RSA and ECDSA algorithms"
I suggest either adding references to proofs of these statements or
alternatively just remove the sentence (since it doesn't really add
anything to the memo); the remaining paragraphs in the Security
Considerations section is what really covers what someone implementing
the memo should know or be aware of.
-- Magnus
~~~~

----- Original Message -----
Sent: Sunday, 11 December, 2016 12:21:25
Subject: Review of draft-ietf-curdle-dnskey-eddsa-02
Reviewer: Dan Romascanu
Review result: Ready with Nits
Summary: Ready, with nits
I am not an expert in this field, but the document seems to meet its
goals, it's clear and precise
1. Section 4: s/Section5.1.7/Sections 5.1.7/
2. Section 8: 'The following entry has been added to
the registry' - I may be wrong, but the section seems to define two
new entries in the registry rather than one
Stephen Farrell
2016-12-12 11:24:18 UTC
Permalink
Hi Ondřej,
Post by Ondřej Surý
I would be happy to upload next revision after Last Call
is finished or just let the RFC editors to fix it.
Please do upload a new version at the end of last call
with these and any other non-controversial changes.

Thabks,
S.
Dan Romascanu
2016-12-12 11:34:34 UTC
Permalink
Hi Ondrej,

Thanks for addressing my comments. The nits can be fixed at any time you
find more convenient before publication.

Regards,

Dan
Post by Ondřej Surý
Magnus and Dan,
thanks for the review.
Magnus, you are right, I have removed the first full paragraph
about "security properties" from Security Considerations
from my git version as the security properties of EdDSA
are better described in Normative references anyway.
https://gitlab.labs.nic.cz/labs/ietf/commit/7b52c8e2bbe44042a279a81b960270
fdd103d9a2
Dan,
https://gitlab.labs.nic.cz/labs/ietf/commit/bbfc7ce43fb1f46c91fb7f5de564d9
07d035aadf
I would be happy to upload next revision after Last Call
is finished or just let the RFC editors to fix it.
Cheers,
--
Ondřej SurÃœ -- Technical Fellow
--------------------------------------------
CZ.NIC, z.s.p.o. -- Laboratoře CZ.NIC
Milesovska 5, 130 00 Praha 3, Czech Republic
--------------------------------------------
----- Original Message -----
Sent: Monday, 12 December, 2016 02:44:18
Subject: Secdir review of draft-ietf-curdle-dnskey-eddsa-02
I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG. These comments were written primarily for the benefit of the
security area directors. Document editors and WG chairs should treat
these comments just like any other last call comments.
This document describes how to use two two specific Edwards Curves
(Elliptic Curves) in conjunction with DNSSEC, namely ed25519 and
ed448.
The only comment I have on this document is that the Security
"Ed25519 and Ed448 offers improved security properties and
implementation characteristics compared to RSA and ECDSA algorithms"
I suggest either adding references to proofs of these statements or
alternatively just remove the sentence (since it doesn't really add
anything to the memo); the remaining paragraphs in the Security
Considerations section is what really covers what someone implementing
the memo should know or be aware of.
-- Magnus
~~~~
----- Original Message -----
Cc: "draft-ietf-curdle-dnskey-eddsa all" <draft-ietf-curdle-dnskey-
Sent: Sunday, 11 December, 2016 12:21:25
Subject: Review of draft-ietf-curdle-dnskey-eddsa-02
Reviewer: Dan Romascanu
Review result: Ready with Nits
Summary: Ready, with nits
I am not an expert in this field, but the document seems to meet its
goals, it's clear and precise
1. Section 4: s/Section5.1.7/Sections 5.1.7/
2. Section 8: 'The following entry has been added to
the registry' - I may be wrong, but the section seems to define two
new entries in the registry rather than one
Ondřej Surý
2016-12-17 07:01:47 UTC
Permalink
Hi all,

the IETF review has ended, so I have uploaded -03 version.

Magnus, Dan,

the -03 version addresses all your comments.

Tim,

I left the irtf documents in Normative as per Stephan's comments.

I believe that Section 8 correctly references IANA registry:
http://www.iana.org/assignments/dns-sec-alg-numbers/dns-sec-alg-numbers.xhtml
by its name.

The paragraph with nit has been removed altogether per Magnus's request.

Thank you all very much for the reviews.

Cheers,
--
Ondřej Surý -- Technical Fellow
--------------------------------------------
CZ.NIC, z.s.p.o. -- Laboratoře CZ.NIC
Milesovska 5, 130 00 Praha 3, Czech Republic
mailto:***@nic.cz https://nic.cz/
--------------------------------------------

----- Original Message -----
Sent: Monday, 12 December, 2016 10:38:35
Subject: Re: Review of draft-ietf-curdle-dnskey-eddsa-02 (Als was: Secdir review of draft-ietf-curdle-dnskey-eddsa-02)
Magnus and Dan,
thanks for the review.
Magnus, you are right, I have removed the first full paragraph
about "security properties" from Security Considerations
from my git version as the security properties of EdDSA
are better described in Normative references anyway.
https://gitlab.labs.nic.cz/labs/ietf/commit/7b52c8e2bbe44042a279a81b960270fdd103d9a2
Dan,
https://gitlab.labs.nic.cz/labs/ietf/commit/bbfc7ce43fb1f46c91fb7f5de564d907d035aadf
I would be happy to upload next revision after Last Call
is finished or just let the RFC editors to fix it.
Cheers,
--
Ondřej Surý -- Technical Fellow
--------------------------------------------
CZ.NIC, z.s.p.o. -- Laboratoře CZ.NIC
Milesovska 5, 130 00 Praha 3, Czech Republic
--------------------------------------------
----- Original Message -----
Sent: Monday, 12 December, 2016 02:44:18
Subject: Secdir review of draft-ietf-curdle-dnskey-eddsa-02
I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG. These comments were written primarily for the benefit of the
security area directors. Document editors and WG chairs should treat
these comments just like any other last call comments.
This document describes how to use two two specific Edwards Curves
(Elliptic Curves) in conjunction with DNSSEC, namely ed25519 and
ed448.
The only comment I have on this document is that the Security
"Ed25519 and Ed448 offers improved security properties and
implementation characteristics compared to RSA and ECDSA algorithms"
I suggest either adding references to proofs of these statements or
alternatively just remove the sentence (since it doesn't really add
anything to the memo); the remaining paragraphs in the Security
Considerations section is what really covers what someone implementing
the memo should know or be aware of.
-- Magnus
~~~~
----- Original Message -----
Cc: "draft-ietf-curdle-dnskey-eddsa all"
Sent: Sunday, 11 December, 2016 12:21:25
Subject: Review of draft-ietf-curdle-dnskey-eddsa-02
Reviewer: Dan Romascanu
Review result: Ready with Nits
Summary: Ready, with nits
I am not an expert in this field, but the document seems to meet its
goals, it's clear and precise
1. Section 4: s/Section5.1.7/Sections 5.1.7/
2. Section 8: 'The following entry has been added to
the registry' - I may be wrong, but the section seems to define two
new entries in the registry rather than one
Dan Romascanu
2016-12-17 07:11:03 UTC
Permalink
Thank you for addressing my comments.

Regards,

Dan
Post by Ondřej Surý
Hi all,
the IETF review has ended, so I have uploaded -03 version.
Magnus, Dan,
the -03 version addresses all your comments.
Tim,
I left the irtf documents in Normative as per Stephan's comments.
http://www.iana.org/assignments/dns-sec-alg-numbers/dns-sec-alg-numbers.
xhtml
by its name.
The paragraph with nit has been removed altogether per Magnus's request.
Thank you all very much for the reviews.
Cheers,
--
Ondřej SurÃœ -- Technical Fellow
--------------------------------------------
CZ.NIC, z.s.p.o. -- Laboratoře CZ.NIC
Milesovska 5, 130 00 Praha 3, Czech Republic
--------------------------------------------
----- Original Message -----
Sent: Monday, 12 December, 2016 10:38:35
Secdir review of draft-ietf-curdle-dnskey-eddsa-02)
Magnus and Dan,
thanks for the review.
Magnus, you are right, I have removed the first full paragraph
about "security properties" from Security Considerations
from my git version as the security properties of EdDSA
are better described in Normative references anyway.
https://gitlab.labs.nic.cz/labs/ietf/commit/
7b52c8e2bbe44042a279a81b960270fdd103d9a2
Dan,
https://gitlab.labs.nic.cz/labs/ietf/commit/
bbfc7ce43fb1f46c91fb7f5de564d907d035aadf
I would be happy to upload next revision after Last Call
is finished or just let the RFC editors to fix it.
Cheers,
--
Ondřej SurÃœ -- Technical Fellow
--------------------------------------------
CZ.NIC, z.s.p.o. -- Laboratoře CZ.NIC
Milesovska 5, 130 00 Praha 3, Czech Republic
--------------------------------------------
----- Original Message -----
Sent: Monday, 12 December, 2016 02:44:18
Subject: Secdir review of draft-ietf-curdle-dnskey-eddsa-02
I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG. These comments were written primarily for the benefit of the
security area directors. Document editors and WG chairs should treat
these comments just like any other last call comments.
This document describes how to use two two specific Edwards Curves
(Elliptic Curves) in conjunction with DNSSEC, namely ed25519 and
ed448.
The only comment I have on this document is that the Security
"Ed25519 and Ed448 offers improved security properties and
implementation characteristics compared to RSA and ECDSA algorithms"
I suggest either adding references to proofs of these statements or
alternatively just remove the sentence (since it doesn't really add
anything to the memo); the remaining paragraphs in the Security
Considerations section is what really covers what someone implementing
the memo should know or be aware of.
-- Magnus
~~~~
----- Original Message -----
Cc: "draft-ietf-curdle-dnskey-eddsa all"
Sent: Sunday, 11 December, 2016 12:21:25
Subject: Review of draft-ietf-curdle-dnskey-eddsa-02
Reviewer: Dan Romascanu
Review result: Ready with Nits
Summary: Ready, with nits
I am not an expert in this field, but the document seems to meet its
goals, it's clear and precise
1. Section 4: s/Section5.1.7/Sections 5.1.7/
2. Section 8: 'The following entry has been added to
the registry' - I may be wrong, but the section seems to define two
new entries in the registry rather than one
Magnus Nyström
2016-12-17 17:13:52 UTC
Permalink
Same here. Thank you!
/M
Post by Dan Romascanu
Thank you for addressing my comments.
Regards,
Dan
Post by Ondřej Surý
Hi all,
the IETF review has ended, so I have uploaded -03 version.
Magnus, Dan,
the -03 version addresses all your comments.
Tim,
I left the irtf documents in Normative as per Stephan's comments.
http://www.iana.org/assignments/dns-sec-alg-numbers/dns-sec-alg-numbers.xhtml
by its name.
The paragraph with nit has been removed altogether per Magnus's request.
Thank you all very much for the reviews.
Cheers,
--
Ondřej Surý -- Technical Fellow
--------------------------------------------
CZ.NIC, z.s.p.o. -- Laboratoře CZ.NIC
Milesovska 5, 130 00 Praha 3, Czech Republic
--------------------------------------------
----- Original Message -----
Sent: Monday, 12 December, 2016 10:38:35
Secdir review of draft-ietf-curdle-dnskey-eddsa-02)
Magnus and Dan,
thanks for the review.
Magnus, you are right, I have removed the first full paragraph
about "security properties" from Security Considerations
from my git version as the security properties of EdDSA
are better described in Normative references anyway.
https://gitlab.labs.nic.cz/labs/ietf/commit/7b52c8e2bbe44042a279a81b960270fdd103d9a2
Dan,
https://gitlab.labs.nic.cz/labs/ietf/commit/bbfc7ce43fb1f46c91fb7f5de564d907d035aadf
I would be happy to upload next revision after Last Call
is finished or just let the RFC editors to fix it.
Cheers,
--
Ondřej Surý -- Technical Fellow
--------------------------------------------
CZ.NIC, z.s.p.o. -- Laboratoře CZ.NIC
Milesovska 5, 130 00 Praha 3, Czech Republic
--------------------------------------------
----- Original Message -----
Sent: Monday, 12 December, 2016 02:44:18
Subject: Secdir review of draft-ietf-curdle-dnskey-eddsa-02
I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG. These comments were written primarily for the benefit of the
security area directors. Document editors and WG chairs should treat
these comments just like any other last call comments.
This document describes how to use two two specific Edwards Curves
(Elliptic Curves) in conjunction with DNSSEC, namely ed25519 and
ed448.
The only comment I have on this document is that the Security
"Ed25519 and Ed448 offers improved security properties and
implementation characteristics compared to RSA and ECDSA algorithms"
I suggest either adding references to proofs of these statements or
alternatively just remove the sentence (since it doesn't really add
anything to the memo); the remaining paragraphs in the Security
Considerations section is what really covers what someone implementing
the memo should know or be aware of.
-- Magnus
~~~~
----- Original Message -----
Cc: "draft-ietf-curdle-dnskey-eddsa all"
Sent: Sunday, 11 December, 2016 12:21:25
Subject: Review of draft-ietf-curdle-dnskey-eddsa-02
Reviewer: Dan Romascanu
Review result: Ready with Nits
Summary: Ready, with nits
I am not an expert in this field, but the document seems to meet its
goals, it's clear and precise
1. Section 4: s/Section5.1.7/Sections 5.1.7/
2. Section 8: 'The following entry has been added to
the registry' - I may be wrong, but the section seems to define two
new entries in the registry rather than one
--
-- Magnus
Loading...