GOST 28147-89: Encryption, Decryption, and Message Authentication Code (MAC) Algorithms
draft-dolmatov-cryptocom-gost2814789-08

State Change Notice email list have been change to igus@cryptocom.ru, dol@cryptocom.ru, kdb@cryptocom.ru, irene@cryptocom.ru, draft-dolmatov-cryptocom-gost2814789@tools.ietf.org, rfc-ise@rfc-editor.org from igus@cryptocom.ru, dol@cryptocom.ru, kdb@cryptocom.ru, irene@cryptocom.ru, draft-dolmatov-cryptocom-gost2814789@tools.ietf.org, rfc-editor@rfc-editor.org

[Ballot discuss]
First, let me state that I strongly support publication of this document.  However...

One of my colleagues, a Russian mathematician, reviewed the original Russian-language
specifications and the Internet drafts side-by-side.  His summary is that the textual translations
were very well done, and quite accurate, but that the translation of the mathematical expressions
from a format that supported subscripts, etc. into the IETF's ascii-format had introduced a
number of ambiguities.  As a result, I do not think the document is sufficient to produce
interoperable implementations.

[Ballot comment]
This may need editorial clarification:

4.7. The keys defining fillings of KDS and the substitution
    box K tables are secret elements and are provided in accordance
    with the established procedure.

    The filling of the substitution box K is described in GOST 28147-89
    as a long-term key element common for a whole computer network.
    Usually K is used as a parameter of algorithm, some possible sets
    of K are described in [RFC4357].

Here KDS is clear -- its the key. But what about K, the substitution
box? Is it a missing part of this standard, a negotiated value between
two peers, or a part of a standard for some context (e.g., when using
this algorithm in S/MIME K = something specific)?

Which established procedure are you referring to? Regular key management
procedures? Some other procedures to obtain secretly defined additional
standards for K?

Perhaps this is just ambiguous words in the document. If so, it would
be great to see the text be clearer about how it expects K to be
defined.

[Ballot discuss]
I'm glad to see these specifications as RFC. My main reason for reviewing
these specifications was to ensure that the specifications are complete,
i.e., that interoperable implementations can be done based on the RFCs
alone. I don't think we should publish RFCs on any track if they
do not provide complete information. However, I have now became uncertain
if this particular draft has all the necessary pieces. The draft says:

4.7. The keys defining fillings of KDS and the substitution
    box K tables are secret elements and are provided in accordance
    with the established procedure.

    The filling of the substitution box K is described in GOST 28147-89
    as a long-term key element common for a whole computer network.
    Usually K is used as a parameter of algorithm, some possible sets
    of K are described in [RFC4357].

Here KDS is clear -- its the key. But what about K, the substitution
box? Is it a missing part of this standard, a negotiated value between
two peers, or a part of a standard for some context (e.g., when using
this algorithm in S/MIME K = something specific)?

Which established procedure are you referring to? Regular key management
procedures? Some other procedures to obtain secretly defined additional
standards for K?

Perhaps this is just ambiguous words in the document. If so, it would
be great to see the text be clearer about how it expects K to be
defined.

I would like to discuss this issue on the IESG telechat before
recommending the approval of these RFCs.

These documents were submitted to the RFC Editor to be published as
Informational Independent Submissions:

draft-dolmatov-cryptocom-gost34102001-07.txt
draft-dolmatov-cryptocom-gost341194-06.txt
draft-dolmatov-cryptocom-gost2814789-06.txt

Please let us know if these documents conflict with the IETF standards
process or other work being done in the IETF community.

Five week timeout expires on 12 January 2010.
(Note that we included an additional week for review because of the
upcoming holidays.)

I-D: draft-dolmatov-cryptocom-gost2814789-06
Title: GOST 28147-89 encryption, decryption and MAC algorithms
Abstrac:
This document is intended to be a source of information about the
Russian Federal standard for electronic encryption, decryption,
and MAC algorithms (GOST 28147-89) [GOST28147], which is one of the
official standards in the cryptography used in Russian algorithms
(GOST algorithms). Recently, Russian cryptography started to be
used in applications intended to work with the OpenSSL
cryptographic library. Therefore, this document has been created as
information for users of Russian cryptography.