Hello Russ,
thank you for the review. Comments:
> I think that a better title for this document would be:
> Use of RSA Keys with SHA-256 and SHA-512 in Secure Shell (SSH)I can make this change, but I should note this is not universally agreed on. In a previous specification, which became RFC 6668:
... the original draft called for e.g. "hmac-sha256", but there were immediate concerns about ambiguity which led to "hmac-sha2-256" and "hmac-sha2-512" being specified.
> The current wording seems to include SHA-224 and SHA-384,
> and that is not the intent of the author.True, but in this case as well, I point out RFC 6668, where we have the title:
"SHA-2 Data Integrity Verification for the Secure Shell (SSH) Transport Layer Protocol"
... even though the document only specifies "hmac-sha2-256" and "hmac-sha2-512".
It appears to me that it may not be necessary for a document to specify use of all versions of SHA-2, in order to be accurately described as specifying the use of SHA-2 in a context.
> I did not propose changing the strings in case people have
> already implemented against this specification. If no one
> has implemented yet, then I would change those too.
This intuition is correct. It has been widely implemented and is deployed on, very possibly, millions of systems. One can launch an off-the-shelf Amazon instance that has a long-term-support edition of Ubuntu with a version of OpenSSH that implements this.
> Section 5.1 should be expanded to say that following the NIST
> advice on key sizes and SHA-1 outside the US Government is
> prudent.
I can do this.
As instructed, I await instructions from the document shepherd.
denis
On Fri, Sep 1, 2017 at 8:55 AM, Russ Housley <housley@xxxxxxxxxxxx> wrote:
Reviewer: Russ Housley
Review result: Almost Ready
I am the assigned Gen-ART reviewer for this draft. The General Area
Review Team (Gen-ART) reviews all IETF documents being processed
by the IESG for the IETF Chair. Please wait for direction from your
document shepherd or AD before posting a new version of the draft.
For more information, please see the FAQ at
<http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq >.
Document: draft-ietf-curdle-rsa-sha2-10
Reviewer: Russ Housley
Review Date: 2017-09-01
IETF LC End Date: 2017-09-11
IESG Telechat date: unknown
Summary: Almost Ready
Major Concerns: None
Minor Concerns:
I think that a better title for this document would be:
Use of RSA Keys with SHA-256 and SHA-512 in Secure Shell (SSH)
These are two of the hash function in the SHA2 family, and there is no
ambiguity about them being part of the SHA3 family. Similarly, I think
that the Abstract and Section 1 should explicitly names these two hash
functions. The current wording seems to include SHA-224 and SHA-384,
and that is not the intent of the author.
In Section 3, I suggest:
s/using SHA-2 [SHS] as hash./using SHA-256 or SHA-512 [SHS] as hash./
s/the hash used is SHA-2 256./the hash used is SHA-256./
s/the hash used is SHA-2 512./the hash used is SHA-512./
Note: I did not propose changing the strings in case people have already
implemented against this specification. If no one has implemented yet,
then I would change those too.
Section 5.1 should be expanded to say that following the NIST advice on
key sizes and SHA-1 outside the US Government is prudent.
Nits: None
_______________________________________________
Curdle mailing list
Curdle@xxxxxxxx
https://www.ietf.org/mailman/listinfo/curdle