Last Call Review of draft-ietf-ltans-dssc-
I have reviewed this document as part of the Security Directorate's
ongoing effort to review all IETF documents being processed by the
IESG. These comments were written primarily for the benefit of the
Security Area directors. Document editors and WG chairs should
treat these comments just like any other last call comments.
Doc: Data Structure for the Security Suitability of Cryptographic
Algorithms (DSSC) <draft-ietf-ltans-dssc-08.txt>
Track: Proposed Standard
Summary: Ready except for some nits.
The first paragraph in Section 4 refers to RFC 3447 and FIPS 186-1 for
RSA and DSA and further it goes on to say these algorithms can be
combined with SHA-1, SHA-224, SHA-256, SHA-384, SHA-512 and RIPEMD-160.
I believe these are the wrong references for DSA (and the link doesn't
work) and one of the RSA-SHA combos. FIPS 186-1 only specifies SHA-1
for use with DSA and only for certain key sizes. I think this is more
For 512-bit DSA with SHA-1 see [FIPS186-2] without Change Notice 1, for
1024-bit DSA with SHA-1 see [FIPS186-2] with Change Notice 1, for
1024-bit and above DSA with SHA-1, SHA-224, SHA-256, SHA-384, and
SHA-512 see [FIPS186-3].
I don't believe 512-bit DSA with SHA-224, SHA-256, SHA-384, and SHA-512
are defined. FIPS 186-2 with Change Notice 1 required key sizes be
1024-bit and FIPS 186-3 allowed key sizes from 1024-3072.
Where is DSA or RSA with RIPEMD-160 defined?
RFC 3447 doesn't specify RSA with SHA-224. Maybe pointing to RFC 4055
would be better?