Last Call Review of draft-housley-suite-b-to-historic-04
review-housley-suite-b-to-historic-04-secdir-lc-yu-2018-04-23-00

Request Review of draft-housley-suite-b-to-historic
Requested rev. no specific revision (document currently at 05)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2018-03-16
Requested 2018-02-16
Draft last updated 2018-04-23
Completed reviews Opsdir Last Call review of -04 by Susan Hares (diff)
Secdir Last Call review of -04 by Taylor Yu (diff)
Genart Last Call review of -04 by Francis Dupont (diff)
Assignment Reviewer Taylor Yu
State Completed
Review review-housley-suite-b-to-historic-04-secdir-lc-yu-2018-04-23
Reviewed rev. 04 (document currently at 05)
Review result Has Nits
Review completed: 2018-04-23

Review
review-housley-suite-b-to-historic-04-secdir-lc-yu-2018-04-23

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

The summary of the review is Ready with Nits.

It's not clear to me whether there are any replacement specs for the
crypto suites being declared Historic.  Are the remaining crypto suites
for these protocols of comparable strength and security properties?

More concretely, Section 5 says:

"5.  Impact of Reclassifying the Suite-B-related RFCs to Historic

   No interoperability or security concerns are raised by reclassifing
   the Suite-B-related RFCs to Historic Status."

It would be helpful to have some explanation.  For example, is it true
that none of the RFCs being moved to Historic Status is the sole
specification of an algorithm or an identifier for an algorithm that we
expect people to continue using?

Also there's a typo: "reclassifing" should be "reclassifying".

Similarly, in Section 7:

"7.  Security Considerations

   The CNSA Suite includes algorithms using the larger key sizes that
   are included in Suite B.  There are no interoperability or security
   concerns raised by reclassifying the Suite-B-related RFCs to Historic
   Status."

Will there be forthcoming specs for using CNSA Suite algorithms with
these protocols?

Best regards,
-Taylor