Re: [Last-Call] Secdir telechat review of draft-ietf-drip-arch-24

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi Shuai,

 

this addition resolves my concern. Thank you!

 

Regards,

Valery.

 

From: last-call [mailto:last-call-bounces@xxxxxxxx] On Behalf Of shuai zhao
Sent: Tuesday, June 21, 2022 2:11 AM
To: Valery Smyslov; secdir@xxxxxxxx
Cc: draft-ietf-drip-arch.all@xxxxxxxx; last-call@xxxxxxxx; tm-rid@xxxxxxxx
Subject: Re: [Last-Call] Secdir telechat review of draft-ietf-drip-arch-24

 

Hi Valery,

 

After discussion with Bob, we would like to add the green-marked text into Section 8 to address your concerns… Hopefully this is agreeable,..

 

 

8.  Security Considerations

 

   The size of the public key hash in the HHIT is vulnerable to a

   second-image attack, especially as the size of the public key hash in the HHIT
is short (e.g. 64-bits)……

 

 

Best

Shuai

 

From: Valery Smyslov via Datatracker <noreply@xxxxxxxx>
Date: Monday, June 20, 2022 at 7:47 AM
To: secdir@xxxxxxxx <secdir@xxxxxxxx>
Cc: draft-ietf-drip-arch.all@xxxxxxxx <draft-ietf-drip-arch.all@xxxxxxxx>, last-call@xxxxxxxx <last-call@xxxxxxxx>, tm-rid@xxxxxxxx <tm-rid@xxxxxxxx>
Subject: Secdir telechat review of draft-ietf-drip-arch-24

Reviewer: Valery Smyslov
Review result: Has Nits

I reviewed earlier the -22 version of the draft. The current -24 version
addresses most of my concerns. However, one piece of text that I thought we
have agreed upon with the authors (based on mail exchange
https://mailarchive.ietf.org/arch/msg/secdir/BMK4BuVWfECtHu34qikE9XmKTK0/) is
still missing in this version.

More specific: assertion that "It is well within current server array
technology to compute another key pair that hashes to the same HHIT." is only
true if the size of the the public key hash is small. I understand that this is
probably the case for the DRIP architecture, but the assertion in the draft is
generic with no mention of the actual hash size. I asked the authors to prepend
the sentence with the text like "If the size of the public key hash in the HHIT
is not large enough,", but for some reason this text didn't get into the -24
version.

I don't think this is a serious issue, but I would prefer the assertions in the
draft to be accurate.

-- 
last-call mailing list
last-call@xxxxxxxx
https://www.ietf.org/mailman/listinfo/last-call
[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux