Skip to main content

Shepherd writeup

As required by RFC 4858, this is the current template for the Document
Shepherd Write-Up.

Changes are expected over time. This version is dated 24 February 2012.

(1) What type of RFC is being requested (BCP, Proposed Standard,
Internet Standard, Informational, Experimental, or Historic)?  Why
is this the proper type of RFC?  Is this type of RFC indicated in the
title page header?

The intended status is Standard track. This is the appropriated type
as the document defines conventions for using Edwards-curve Digital
 Signature Algorithm (EdDSA) for Curve25519 and Curve448 in the
Cryptographic Message Syntax (CMS).

(2) The IESG approval announcement includes a Document Announcement
Write-Up. Please provide such a Document Announcement Write-Up. Recent
examples can be found in the "Action" announcements for approved
documents. The approval announcement contains the following sections:

Technical Summary

  Relevant content can frequently be found in the abstract
  and/or introduction of the document. If not, this may be
  an indication that there are deficiencies in the abstract
  or introduction.

   This document specifies the conventions for using Edwards-curve
   Digital Signature Algorithm (EdDSA) for Curve25519 and Curve448 in
   the Cryptographic Message Syntax (CMS).  For each curve, EdDSA
   defines the PureEdDSA and HashEdDSA modes.  However, the HashEdDSA
   mode is not used with the CMS.  In addition, no context string is
   used with the CMS.

Working Group Summary

  Was there anything in WG process that is worth noting? For
  example, was there controversy about particular points or
  were there decisions where the consensus was particularly

The document has been reviewed and discussed on the mailing list.
The main scope of the discussion was the consideration for the pre-hash
version of EdDSA the consensus was that only the non pure EdDSA
variant will be considered.

Document Quality

  Are there existing implementations of the protocol? Have a
  significant number of vendors indicated their plan to
  implement the specification? Are there any reviewers that
  merit special mention as having done a thorough review,
  e.g., one that resulted in important changes or a
  conclusion that the document had no substantive issues? If
  there was a MIB Doctor, Media Type or other expert review,
  what was its course (briefly)? In the case of a Media Type
  review, on what date was the request posted?


  Who is the Document Shepherd? Who is the Responsible Area

Daniel Migault is the document shepherd. Eric Rescola is the Security Area

(3) Briefly describe the review of this document that was performed by
the Document Shepherd.  If this version of the document is not ready
for publication, please explain why the document is being forwarded to
the IESG.

The document shepherd reviewed the draft and provided comments.
Jim Schaad reviewed the different versions of the draft as well which
makes the WG confident the draft is ready for publication.

(4) Does the document Shepherd have any concerns about the depth or
breadth of the reviews that have been performed?


(5) Do portions of the document need review from a particular or from
broader perspective, e.g., security, operational complexity, AAA, DNS,
DHCP, XML, or internationalization? If so, describe the review that
took place.


(6) Describe any specific concerns or issues that the Document Shepherd
has with this document that the Responsible Area Director and/or the
IESG should be aware of? For example, perhaps he or she is uncomfortable
with certain parts of the document, or has concerns whether there really
is a need for it. In any event, if the WG has discussed those issues and
has indicated that it still wishes to advance the document, detail those
concerns here.

The discussions on the mailing list were:
* defining and assigning OIDs for hash SHAKE256/512.
* text clarification
* use of the prehash variant. This latest discussion was raised also in the
pkix draft and reached a WG consensus on the mailing list as well as during the
face to face meeting in Chicago.

(7) Has each author confirmed that any and all appropriate IPR
disclosures required for full conformance with the provisions of BCP 78
and BCP 79 have already been filed. If not, explain why.

The author has confirmed he is not aware of any IPR.

(8) Has an IPR disclosure been filed that references this document?
If so, summarize any WG discussion and conclusion regarding the IPR


(9) How solid is the WG consensus behind this document? Does it
represent the strong concurrence of a few individuals, with others
being silent, or does the WG as a whole understand and agree with it?

There were no controversy on the goal to achieved nor how to achieve it.
None object, and the draft has been carefully reviewed.

(10) Has anyone threatened an appeal or otherwise indicated extreme
discontent? If so, please summarise the areas of conflict in separate
email messages to the Responsible Area Director. (It should be in a
separate email because this questionnaire is publicly available.)


(11) Identify any ID nits the Document Shepherd has found in this
document. (See and the Internet-Drafts
Checklist). Boilerplate checks are not enough; this check needs to be

 Checking references for intended status: Proposed Standard

     (See RFCs 3967 and 4897 for information about using normative references
     to lower-maturity documents in RFCs)

  == Missing Reference: 'RFC5652' is mentioned on line 205, but not defined

  == Outdated reference: A later version (-04) exists of

  -- Possible downref: Normative reference to a draft: ref. 'CURDLE-PKIX'

  ** Downref: Normative reference to an Informational RFC: RFC 8032 (ref.

  -- Possible downref: Non-RFC (?) normative reference: ref. 'FIPS180'

  -- Possible downref: Non-RFC (?) normative reference: ref. 'FIPS202'

  -- Possible downref: Non-RFC (?) normative reference: ref. 'X680'

  -- Possible downref: Non-RFC (?) normative reference: ref. 'X690'

 RFC5652 is referenced in the text as well as in the reference under the
 reference [CMS]. Maybe the editor should fix that reference appears in teh
 same way in the text as well as the references.

draft-ietf-curdle-pkix-02 is outdated, but should be replaced by the rfc editor
its RFC value once published.

RFC8032 describes the elliptic curve signature scheme
Edwards-curve Digital Signature Algorithm (EdDSA).  The algorithm is
instantiated with recommended parameters for the edwards25519 and edwards448
curves. RFC 7748 specifies two elliptic curves over prime fields that offer a
high level of practical security in cryptographic applications: Curve25519 and

RFC 8032 is from the IRTF which does not define standards. The current document
describes the use of this algorithm.  The draft is in the RFC Editor Queue and
has been approved by the IESG.

The Downref is justified by RFC3967 as it falls into the following case:
   o  A standards track document may need to refer to a protocol or
      algorithm developed by an external body but modified, adapted, or
      profiled by an IETF informational RFC.

FIPS180, FIPS202, X680 and X690 are non IETF standard.

The Downref is justified by RFC3967 as it falls into the following case:
   o  A standards track document may need to refer to a protocol or
      algorithm developed by an external body but modified, adapted, or
      profiled by an IETF informational RFC.

(12) Describe how the document meets any required formal review
criteria, such as the MIB Doctor, media type, and URI type reviews.

The document has ASN1 description. This has been reviewed by Jim Schaad.

(13) Have all references within this document been identified as
either normative or informative?


(14) Are there normative references to documents that are not ready for
advancement or are otherwise in an unclear state? If such normative
references exist, what is the plan for their completion?

CURDLE-PKIX or draft-ietf-curdle-pkix : Josefsson, S., and J. Schaad,
"Algorithm Identifiers for Ed25519, Ed25519ph, Ed448, Ed448ph, X25519 and X448
for use in the Internet X.509 Public Key Infrastructure", Work-in-progress. is
normative, but will be submitted in parallel, and could be replaced with the
RFC assigned number by the RFC editor.

(15) Are there downward normative references references (see RFC 3967)?
If so, list these downward references to support the Area Director in
the Last Call procedure.

See question 11.

(16) Will publication of this document change the status of any
existing RFCs? Are those RFCs listed on the title page header, listed
in the abstract, and discussed in the introduction? If the RFCs are not
listed in the Abstract and Introduction, explain why, and point to the
part of the document where the relationship of this document to the
other RFCs is discussed. If this information is not in the document,
explain why the WG considers it unnecessary.


(17) Describe the Document Shepherd's review of the IANA considerations
section, especially with regard to its consistency with the body of the
document. Confirm that all protocol extensions that the document makes
are associated with the appropriate reservations in IANA registries.
Confirm that any referenced IANA registries have been clearly
identified. Confirm that newly created IANA registries include a
detailed specification of the initial contents for the registry, that
allocations procedures for future registrations are defined, and a
reasonable name for the new registry has been suggested (see RFC 5226).

There is no IANA registries.

(18) List any new IANA registries that require Expert Review for future
allocations. Provide any public guidance that the IESG would find
useful in selecting the IANA Experts for these new registries.

see question 17

(19) Describe reviews and automated checks performed by the Document
Shepherd to validate sections of the document written in a formal
language, such as XML code, BNF rules, MIB definitions, etc.