Last Call Review of draft-ietf-jose-cfrg-curves-03
review-ietf-jose-cfrg-curves-03-secdir-lc-shore-2016-08-19-00

Request Review of draft-ietf-jose-cfrg-curves
Requested rev. no specific revision (document currently at 06)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2016-08-12
Requested 2016-08-04
Draft last updated 2016-08-19
Completed reviews Genart Last Call review of -05 by Roni Even (diff)
Genart Last Call review of -03 by Roni Even (diff)
Secdir Last Call review of -03 by Melinda Shore (diff)
Opsdir Last Call review of -03 by Sarah Banks (diff)
Assignment Reviewer Melinda Shore
State Completed
Review review-ietf-jose-cfrg-curves-03-secdir-lc-shore-2016-08-19
Reviewed rev. 03 (document currently at 06)
Review result Has Nits
Review completed: 2016-08-19

Review
review-ietf-jose-cfrg-curves-03-secdir-lc-shore-2016-08-19

[Note:  I was assigned draft-ietf-jose-cfrg-curves-03 but have
reviewed the most recent revision]

This document defines how to use the Diffie-Hellman algorithms
"X25519" and "X448" as well as the signature algorithms "Ed25519" and
"Ed448" from the IRTF CFRG elliptic curves work in JOSE, and in doing
so introduces new a key type and subtypes, and specifies registry
additions.  Section 3 specifies the application of the algorithms
within the JOSE framework.

Summary: ready, with very minor nits on formal publication
requirements

I do not have the cryptographic chops to perform a cryptographic
review of this draft.  The algorithms being added to JOSE in this
document are specified in a CFRG deliverable
(

https://datatracker.ietf.org/doc/draft-irtf-cfrg-eddsa/

), which is
currently under development (that is to say, mature but not
completed).  I am satisfied that this document pays heed to the
security considerations in the CFRG document.

The document appears complete and ready with respect to the needs
of someone implementing this specification.

Nits:

normative reference to an informational RFC (7748)
normative reference to an informational draft (draft-irtf-cfrg-eddsa)
later version of draft-irtf-cfrg-eddsa has been published
missing reference: "RFC-THIS" in IANA Considerations section

Melinda



Attachment:


signature.asc




Description:

 OpenPGP digital signature