On Wed, 21 Feb 2018, Russ Housley wrote:
I just posted draft-housley-suite-b-to-historic-04, which add two sentences to state that the standards-track status of RFC 6605 and RFC 8253 are unchanged.
I'm fine with the document, although it is a little confusing to have something as Historic, while the technology described in it is not historic in the sense of: https://www.ietf.org/iesg/statement/designating-rfcs-as-historic.html A document is labelled Historic when what it describes is no longer considered current: no longer recommended for use. Since suite B is AES_GCM and AES_GMAC they are both current and still recommended for use. I wonder if that could be more clearly indicated. Something along the lines of "While some algorithms in Suite B are still recommend for use within the IETF and its related industries, the term "Suite B" for a collection of these has been obsoleted" I guess "Suites" or "profiles" from certain goverments or organisations really do not belong in an IETF RFC. For that reason, I wonder if the following paragraph should be cut: In July 2015, NSA published the Committee for National Security Systems Advisory Memorandum 02-15 as the first step in replacing Suite B with NSA's Commercial National Security Algorithm (CNSA) Suite. Information about the CNSA Suite can be found in [CNSA]. While I agree it is helpful to point them to the successor of Suite B, it sets up the scenario for a new RFC with the finalised successor of Suite B. I'd rather leave that to the publications of governments and other industries. Now some nits unrelated to this document but triggered by it: Another example of our bug in the tools site missing updating links: https://tools.ietf.org/html/draft-housley-suite-b-to-historic-03 This does not show there is a version -04, even though there is. I really hope our tools team can find the time to work on this repeatedly occuring bug, and go through the existing site to find them all and fix their references. Its not just a brief time period from publishing either, as the 01 version doesn't indicate that there is -02 -03 or -04 now and -01 was published 20 days ago. And amusingly, I cannot visit: https://www.iad.gov/iad/programs/iad-initiatives/cnsa-suite.cfm without an error: www.iad.gov uses an invalid security certificate. The certificate is not trusted because the issuer certificate is unknown. It seems my browsers does not trust "DOD ID SW CA-37" (neither firefox with the system CA store, nor google-chrome with its builtin CA store) Paul
