Shepherd writeup
rfc7914-05

1. This is an informational RFC, as indicated in the page header. It is documenting an algorithm in common use; having it as an informational RFC removes a barrier to more widespread IETF adoption.

2a Technical Summary: This document specifies the password-based key derivation function scrypt.  The function derives one or more secret keys from a secret string.  It is based on memory-hard functions which offer added protection against attacks using custom hardware.
2B Working Group Summary: This was an individual effort to document an external algorithm. It was presented at the CFRG in IETF-92; there is no controversy.
2C Document Quality: It is a good, well-written document; it includes test vectors.  An interoperable implementation was written for OpenSSL based on this document.
2D Personal: Stephen Farrell is AD; Rich Salz is the shepherd

3. I did a careful reading of the document.  I examined an ran the OpenSSL code.  I did not very all the test vectors for all the crypto suites.

4. I strongly believe this document is ready to be published and doing so will be of benefit to the IETF community.

5. The algorithm is fairly well known, and no other review is needed. The primary concern is if the document is sufficient to write an implementation, and we have proof of that.

6. I am not aware of any concerns.

7. There are no outstanding IPR issues.

8. There are no IPR disclosures related to this document.

9. Those who have an opinion are in favor; no objections have been brought forth.

10. I am not aware of any discontent.

11.  idnits flagged the use of some RFC 2119 keywords, but that is mistaken
since they are part of the ASN.1  There are no other errors.

12.  There are no formal review criteria that need to be met.

13.  All references are properly identified as normative or informative.

14.  Of the normative references, two are RFC's, and two are PDF's of crypto papers, with links.  At some point, a diligent author may want to perform a similar activity to "RFC'ize the algorithm" of those papers, but this is not required.

15. There are no downward normative references.

16. No existing RFC is impacted by the publication of this document.

17. The "IANA Considerations" says "None"

18. There are no new registries.

19.  The only potential machine-readable part of the document is the ASN.1, which was carefully reviewed by hand.  I would object to the inconsistent placement of the curly braces, but that is all. :)
Back