Last Call Review of draft-burgin-ipsec-suiteb-profile-
review-burgin-ipsec-suiteb-profile-secdir-lc-lepinski-2011-08-01-00

I have reviewed this document as part of the security directorate's 


ongoing effort to review all IETF documents being processed by the


IESG.  These comments were written primarily for the benefit of the 


security area directors.  Document editors and WG chairs should treat



these comments just like any other last call comments.



This informational document defines a profile of behavior that IPsec 


implementations must adhere in order to be Suite B compliant. The 


authors claim that this profile does not introduce any new security 


concerns that are not already covered in existing RFCs on IPsec, IKE, 


and their use with ECDSA (i.e., RFCs 4303, 4754, 5759, 5996). After 


reviewing this document, I would agree with this assessment.




---------------------

The following are specific comments based on my review of the document:



In Section 3, there is a table that includes the heading "IANA assigned 


DH group #", which is a bit unclear. I would recommend inserting text 


below the table that indicates the specific IANA registry to which the 


table refers. In this case, it is the IANA registry of IKEv2 


Diffie-Hellman Group Transform IDs (Transform Type 4) ... see 


http://www.iana.org/assignments/ikev2-parameters








In the second paragraph of Section 5, in the context of implementations 


that are configured with a minimum level of security of 128 bits, the 


draft has the following text: "Suite-B-GCM-128 and Suite-B-GMAC-128, if 


offered, must appear in the IKEv2 and IPsec SA payloads before any 


offerings of Suite-B-GCM-256 and Suite-B-GMAC-256". This appears to be 


the only lower-case "must" in the document, and lower-case "must" in 


this type of specification can be confusing to implementers. There seems 


to be no security or interoperability reason why one would place the 128 


suites first. Indeed, the reason for this requirement seems to be to 


prevent systems with a minimum security level of 128 bits from agreeing 


on a 256 suite (which I would suppose is for efficiency reasons???). 


Therefore, I would suggest that the authors replace the lower-case 


"must" with a capital "SHOULD". Alternatively, if the authors believe 


that the use of normative language here is inappropriate, then I would 


recommend rephrasing the sentence so as to avoid the use of the word 


"must".






Since Suite B compliant IPsec implementations use Elliptic Curve 


Diffe-Hellman for key exchange within IKE, the authors should consider 


adding a reference to RFC 5903.






The IANA considerations section is currently listed as "TBD". I would 


recommend the authors include a sentence indicating that this document 


makes no requests of IANA (or else remove the section completely).