Gen-ART review of draft-seokung-msec-mikey-seed-03

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I have been selected as the General Area Review Team (Gen-ART) reviewer for
this draft (for background on Gen-ART, please see
http://www.alvestrand.no/ietf/gen/art/gen-art-FAQ.html).

Please wait for direction from your document shepherd or AD before posting a
new version of the draft.

Document: draft-seokung-msec-mikey-seed-03
Reviewer: Spencer Dawkins
IETF LC End Date: 2009-08-07
Review Date: 2009-08-03
IESG Telechat date: (not known)

Summary: This document is almost ready for publication as an Informational RFC. I have some questions (marked as "Spencer (minor):") that would be nits if they weren't in the Security Considerations section.

    Addition of the new values to use the SEED Cipher Algorithm in the
                   Multimedia Internet KEYing (MIKEY)

Spencer (clarity): I would suggest a possible title change to something like "IANA Registry Update for SEED Cipher Algorithm Support in "Multimedia Internet KEYing (MIKEY)" - it wasn't clear that this was an IANA request until I was about halfway through the draft. Please check this with your document shepherd, before submitting an update with a new title!

Abstract

  This document proposes the addition of new values to use the SEED
  block cipher algorithm for the Secure Real-time Transport Protocol
  (SRTP) and the secure Real-time Transport Control Protocol (SRTCP) in
  Multimedia Internet KEYing (MIKEY).

Spencer (clarity): I would suggest something like s/This document proposes the addition of new values to use/This document updates IANA registries to support/, both here and in the Introduction (same paragraph, with references added, so same comment).

1. Introduction

  This document proposes the addition of new values to use the SEED
  [RFC4269] block cipher algorithm for the Secure Real-time Transport
  Protocol (SRTP) and the Secure Real-time Transport Control Protocol
  (SRTCP) [RFC3711] in Multimedia Internet KEYing (MIKEY) [RFC3830].

1.1. SEED

  SEED is a Korean National Industrial Association standard and is
  widely used in South Korea for electronic commerce and various
  security products such as firewall, VPN, and so on.

Spencer (clarity): I think the following paragraph should be the first paragraph in this section (the previous paragraph is fine, but the following paragraph is the most helpful to the reader).

  SEED is a 128-bit symmetric key block cipher that has been developed
  by KISA (Korea Information Security Agency) and a group of experts
  since 1998. The input/output block size of SEED is 128-bit and the
  key length is also 128-bit. SEED has a 16-round Feistel structure.


2.1. Modified Table 6.10.1.b from [RFC3830]

  For the Encryption algorithm, a one byte length is enough. The

Spencer (clarity): I'm not sure what you mean by "a one byte length is enough" - is this saying that space is available in the registry table? Or something else? I have the same comment about the same text in section 2.2.

  currently defined possible values are:

  SRTP encr alg | Value
--------------------- NULL | 0
  AES-CM        |     1
  AES-F8        |     2
  SEED-CTR      |     3 (NEW)
  SEED-CCM      |     4 (NEW)
  SEED-GCM      |     5 (NEW)

  Figure 1: Table 6.10.1.b from [RFC3830] (Revised)


2.2. Modified Table 6.10.1.d from [RFC3830]

  For the SRTP pseudo-random function, a one byte length is also
  enough. The currently defined possible values are:

  SRTP PRF      | Value
--------------------- AES-CM | 0
  SEED-CTR      |     1 (NEW)

  Figure 2: Table 6.10.1.d from [RFC3830] (Revised)

3. Security Considerations

  No security problem has been found on SEED. SEED is secure against
  all known attacks including Differential cryptanalysis, linear

Spencer (minor): I would suggest dropping the first sentence.

  cryptanalysis, and related key attacks. The best known attack is only

Spencer (minor): should this be "The only known attack is an exhaustive search for the key"?

  an exhaustive search for the key. For further security
considerations, the reader is encouraged to read [SEED-EVAL].
_______________________________________________

Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]