Modes of Operation for Camellia for Use with IPsec
draft-kato-ipsec-camellia-modes-10

[Ballot discuss]
At a minimum, I'd like to see text in the document (or an IESG note)
pointing to the mandatory-to-implement cipher suites for IPsec (and
their successors), and pointing out they're necessary for interoperability
with other standards compliant IPsec software.

[Ballot comment]
Every time we add yet-another symmetric cipher on the standards track,
we create another code-path that could contain security bugs in deployed
software and we create new opportunities for interoperability failures.
While we should register code points for the various national algorithms
that are functionally equivalent to the the IETF mandatory-to-implement
algorithm, I'd prefer these not be on the standards track to make it
clear what's recommended for interoperability.

I observe RFC 4308 was necessary to address the IPsec security
algorithm smorgasbord problem and documents an IPsec WG consensus
to minimize the number of named suites.  I question if there is a
real IETF consensus to make Camellia one of the fully standardized
ciphers the IETF promotes.

[Ballot discuss]
Every time we add yet-another symmetric cipher on the standards track,
we create another code-path that could contain security bugs in deployed
software and we create new opportunities for interoperability failures.
While I do not object to registration of code points for what I consider
to be vanity ciphers (anything other than IETF mandatory to implement or
very widely deployed symmetric ciphers), the IANA registry for this is
expert review and does not require a standards track document.

I observe RFC 4308 was necessary to address the IPsec security
algorithm smorgasbord problem and documents an IPsec WG consensus
to minimize the number of named suites.  I question if there is a
real IETF consensus to make Camellia one of the fully standardized
ciphers the IETF promotes.

See also my discuss on draft-kato-camellia-ctrccm about cautionary
text.

[Ballot comment]
Idnits complains about unused references: [7], [8], [18], and [19]
are not cited anywhere in the text (and the first two are listed
as normative references!).

Section 3, the sentence "NIST has defined seven modes of operation...";
the number "seven" is already out of date, and will probably be
soon after this is published.

[Ballot discuss]
This document copies most of its text (over ten pages) verbatim from
RFC 4309 and 3686 -- and doesn't even acknowledge the source.
I'd *strongly* suggest not copying it, and instead using a reference
(basically compressing the ten pages to one paragraph, saying that Camellia in CTR and CCM modes is used in IPsec exactly the same way
as AES in RFCs 4309 and 3686).

The document also needs to clearly define its relationship to RFC
4312 (which already defines how to use Camellia with IPsec/ESP, and
how to negotiate it with IKEv1); it seems for CBC mode, the only
thing needed is the IANA assignment in the IKEv2 registry (IKEv1
registry already has it).

Process note: The document has a normative downref that wasn't called
out during the IETF Last Call, and isn't listed in the DownRef
registry. It was a normative reference in RFC 4312 and 4132, too,
so probably just updating the DownRef registry would be enough.

IANA Last Call comments:

Upon approval of this document, IANA understands that it must
complete a single action.

IANA will add five new values to the IKEv2 Parameters registry
located at:

http://www.iana.org/assignments/ikev2-parameters

In the registry named: "IKEv2 Transform Attribute Types" For
Transform Type 1 (Encryption Algorithm), the following five new
values will be added to the registry:

Number Name
------ ---------------------------------
tbd ENCR_CAMELLIA_CBC
tbd ENCR_CAMELLIA_CTR
tbd ENCR_CAMELLIA_CCM with an 8-octet ICV
tbd ENCR_CAMELLIA_CCM with a 12-octet ICV
tbd ENCR_CAMELLIA_CCM with a 16-octet ICV


IANA understands that the addition of these five values are the
complete set of IANA Actions for this document.

Proto writeup:

For draft-kato-ipsec-camellia-modes
--------------

(1.a)  Who is the Document Shepherd for this document?  Has the
      Document Shepherd personally reviewed this version of the
      document and, in particular, does he or she believe this
      version is ready for forwarding to the IESG for publication?

KATO Akihiro. Yes.

(1.b)  Has the document had adequate review both from key WG members
      and from key non-WG members?

The document was submitted IPsec ML. Tero Kivinen review and
commented our draft, other members did not have strong objection.

      Does the Document Shepherd have
      any concerns about the depth or breadth of the reviews that
      have been performed?

No concerns.

(1.c)  Does the Document Shepherd have concerns that the document
      needs more review from a particular or broader perspective,
      e.g., security, operational complexity, someone familiar with
      AAA, internationalization, or XML?

This document already had security experts review.  No
concerns for other area.

(1.d)  Does the Document Shepherd have any specific concerns or
      issues with this document that the Responsible Area Director
      and/or the IESG should be aware of?  For example, perhaps he
      or she is uncomfortable with certain parts of the document, or
      has concerns whether there really is a need for it.  In any
      event, if the WG has discussed those issues and has indicated
      that it still wishes to advance the document, detail those
      concerns here.

No concerns.

      Has an IPR disclosure related to this document been filed?
      If so, please include a reference to the disclosure and
      summarize the WG discussion and conclusion on this issue.

Yes.
http://www.ietf.org/ietf/IPR/mitsubishi-ntt-joint-ipr-disclosure.pdf
covers this draft. This ipr was not issued former IPsec WG.

(1.e)  How solid is the WG consensus behind this document?  Does it
      represent the strong concurrence of a few individuals, with
      others being silent, or does the WG as a whole understand and
      agree with it?

This is individual submition.

(1.f)  Has anyone threatened an appeal or otherwise indicated extreme
      discontent?  If so, please summarize the areas of conflict in
      separate email messages to the Responsible Area Director.  (It
      should be in a separate email because this questionnaire is
      entered into the ID Tracker.)

Nobody has threatened an appeal or otherwise indicated extreme
discontent.

(1.g)  Has the Document Shepherd personally verified that the
      document satisfies all ID nits?  (See
      http://www.ietf.org/ID-Checklist.html and
      http://tools.ietf.org/tools/idnits/.)  Boilerplate checks are
      not enough; this check needs to be thorough.

Yes, I have personally verified both the checklist and the idnits
tool output.

      Has the document met all formal review criteria it needs to,
      such as the MIB Doctor, media type, and URI type reviews?

No concerns.

      If the document does not already indicate its intended status
      at the top of the first page, please indicate the intended
      status here.

The intended status, Proposed Standard, is stated on the first page.

(1.h)  Has the document split its references into normative and
      informative?  Are there normative references to documents that
      are not ready for advancement or are otherwise in an unclear
      state?  If such normative references exist, what is the
      strategy for their completion?  Are there normative references
      that are downward references, as described in [RFC3967]?  If
      so, list these downward references to support the Area
      Director in the Last Call procedure for them [RFC3967].

References are split into normative and informative. Normative  all
normative references look acceptable.

(1.i)  Has the Document Shepherd verified that the document's IANA
      Considerations section exists and is consistent with the body
      of the document?  If the document specifies protocol
      extensions, are reservations requested in appropriate IANA
      registries?  Are the IANA registries clearly identified?  If
      the document creates a new registry, does it define the
      proposed initial contents of the registry and an allocation
      procedure for future registrations?  Does it suggest a
      reasonable name for the new registry?  See [RFC2434].  If the
      document describes an Expert Review process, has the Document
      Shepherd conferred with the Responsible Area Director so that
      the IESG can appoint the needed Expert during IESG Evaluation?

Yes. Everything looks OK here.

(1.j)  Has the Document Shepherd verified that sections of the
      document that are written in a formal language, such as XML
      code, BNF rules, MIB definitions, etc., validate correctly in
      an automated checker?

No concerns.

(1.k)  The IESG approval announcement includes a Document
      Announcement Write-Up.  Please provide such a Document
      Announcement Write-Up.  Recent examples can be found in the
      "Action" announcements for approved documents.  The approval
      announcement contains the following sections:

Technical Summary

  This document describes the use of the Camellia block cipher
  algorithm in Cipher Block Chaining (CBC) mode, Counter (CTR) mode and
  Counter with CBC-MAC (CCM) mode, as an IPsec Encapsulating Security
  Payload (ESP) mechanism to provide confidentiality, data origin
  authentication, and connectionless integrity.


Working Group Summary

  This is individual submition.

Document Quality

  There are at least two independant implementation of this Internet-Draft for generating and proofing test vectors.

Personnel

  The Document Shepherd for this document is Akihiro KATO, and
  the Responsible Area Director is Tim Polk.