Last Call Review of draft-burgin-ipsec-suiteb-profile-

Request Review of draft-burgin-ipsec-suiteb-profile
Requested rev. no specific revision (document currently at 02)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2011-08-09
Requested 2011-06-17
Authors Kelley Burgin, Michael Peck
Draft last updated 2011-08-01
Completed reviews Secdir Last Call review of -?? by Matt Lepinski
Secdir Last Call review of -?? by Matt Lepinski
Assignment Reviewer Matt Lepinski
State Completed
Review review-burgin-ipsec-suiteb-profile-secdir-lc-lepinski-2011-08-01
Review completed: 2011-08-01


I have reviewed this document as part of the security directorate's 

ongoing effort to review all IETF documents being processed by the

IESG.  These comments were written primarily for the benefit of the 

security area directors.  Document editors and WG chairs should treat

these comments just like any other last call comments.

This informational document defines a profile of behavior that IPsec 

implementations must adhere in order to be Suite B compliant. The 

authors claim that this profile does not introduce any new security 

concerns that are not already covered in existing RFCs on IPsec, IKE, 

and their use with ECDSA (i.e., RFCs 4303, 4754, 5759, 5996). After 

reviewing this document, I would agree with this assessment.


The following are specific comments based on my review of the document:

In Section 3, there is a table that includes the heading "IANA assigned 

DH group #", which is a bit unclear. I would recommend inserting text 

below the table that indicates the specific IANA registry to which the 

table refers. In this case, it is the IANA registry of IKEv2 

Diffie-Hellman Group Transform IDs (Transform Type 4) ... see

In the second paragraph of Section 5, in the context of implementations 

that are configured with a minimum level of security of 128 bits, the 

draft has the following text: "Suite-B-GCM-128 and Suite-B-GMAC-128, if 

offered, must appear in the IKEv2 and IPsec SA payloads before any 

offerings of Suite-B-GCM-256 and Suite-B-GMAC-256". This appears to be 

the only lower-case "must" in the document, and lower-case "must" in 

this type of specification can be confusing to implementers. There seems 

to be no security or interoperability reason why one would place the 128 

suites first. Indeed, the reason for this requirement seems to be to 

prevent systems with a minimum security level of 128 bits from agreeing 

on a 256 suite (which I would suppose is for efficiency reasons???). 

Therefore, I would suggest that the authors replace the lower-case 

"must" with a capital "SHOULD". Alternatively, if the authors believe 

that the use of normative language here is inappropriate, then I would 

recommend rephrasing the sentence so as to avoid the use of the word 


Since Suite B compliant IPsec implementations use Elliptic Curve 

Diffe-Hellman for key exchange within IKE, the authors should consider 

adding a reference to RFC 5903.

The IANA considerations section is currently listed as "TBD". I would 

recommend the authors include a sentence indicating that this document 

makes no requests of IANA (or else remove the section completely).