Last Call Review of draft-ietf-ltans-dssc-

Request Review of draft-ietf-ltans-dssc
Requested rev. no specific revision (document currently at 12)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2009-06-16
Requested 2009-06-05
Authors Thomas Kunz, Susanne Okunick, Ulrich Pordesch
Draft last updated 2009-06-16
Completed reviews Secdir Last Call review of -?? by Sean Turner
Assignment Reviewer Sean Turner
State Completed
Review review-ietf-ltans-dssc-secdir-lc-turner-2009-06-16
Review completed: 2009-06-16


I have reviewed this document as part of the Security Directorate's
ongoing effort to review all IETF documents being processed by the
IESG. These comments were written primarily for the benefit of the
Security Area directors. Document editors and WG chairs should
treat these comments just like any other last call comments.

Doc: Data Structure for the Security Suitability of Cryptographic 

Algorithms (DSSC) <draft-ietf-ltans-dssc-08.txt>

Track: Proposed Standard

Summary: Ready except for some nits.

The first paragraph in Section 4 refers to RFC 3447 and FIPS 186-1 for 

RSA and DSA and further it goes on to say these algorithms can be 

combined with SHA-1, SHA-224, SHA-256, SHA-384, SHA-512 and RIPEMD-160. 

 I believe these are the wrong references for DSA (and the link doesn't 

work) and one of the RSA-SHA combos.  FIPS 186-1 only specifies SHA-1 

for use with DSA and only for certain key sizes. I think this is more 


For 512-bit DSA with SHA-1 see [FIPS186-2] without Change Notice 1, for 

1024-bit DSA with SHA-1 see [FIPS186-2] with Change Notice 1, for 

1024-bit and above DSA with SHA-1, SHA-224, SHA-256, SHA-384, and 

SHA-512 see [FIPS186-3].

I don't believe 512-bit DSA with SHA-224, SHA-256, SHA-384, and SHA-512 

are defined.  FIPS 186-2 with Change Notice 1 required key sizes be 

1024-bit and FIPS 186-3 allowed key sizes from 1024-3072.

Where is DSA or RSA with RIPEMD-160 defined?

RFC 3447 doesn't specify RSA with SHA-224.  Maybe pointing to RFC 4055 

would be better?