Last Call Review of draft-burgin-ipsec-suiteb-profile-
I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG. These comments were written primarily for the benefit of the
security area directors. Document editors and WG chairs should treat
these comments just like any other last call comments.
This informational document defines a profile of behavior that IPsec
implementations must adhere in order to be Suite B compliant. The
authors claim that this profile does not introduce any new security
concerns that are not already covered in existing RFCs on IPsec, IKE,
and their use with ECDSA (i.e., RFCs 4303, 4754, 5759, 5996). After
reviewing this document, I would agree with this assessment.
The following are specific comments based on my review of the document:
In Section 3, there is a table that includes the heading "IANA assigned
DH group #", which is a bit unclear. I would recommend inserting text
below the table that indicates the specific IANA registry to which the
table refers. In this case, it is the IANA registry of IKEv2
Diffie-Hellman Group Transform IDs (Transform Type 4) ... see
In the second paragraph of Section 5, in the context of implementations
that are configured with a minimum level of security of 128 bits, the
draft has the following text: "Suite-B-GCM-128 and Suite-B-GMAC-128, if
offered, must appear in the IKEv2 and IPsec SA payloads before any
offerings of Suite-B-GCM-256 and Suite-B-GMAC-256". This appears to be
the only lower-case "must" in the document, and lower-case "must" in
this type of specification can be confusing to implementers. There seems
to be no security or interoperability reason why one would place the 128
suites first. Indeed, the reason for this requirement seems to be to
prevent systems with a minimum security level of 128 bits from agreeing
on a 256 suite (which I would suppose is for efficiency reasons???).
Therefore, I would suggest that the authors replace the lower-case
"must" with a capital "SHOULD". Alternatively, if the authors believe
that the use of normative language here is inappropriate, then I would
recommend rephrasing the sentence so as to avoid the use of the word
Since Suite B compliant IPsec implementations use Elliptic Curve
Diffe-Hellman for key exchange within IKE, the authors should consider
adding a reference to RFC 5903.
The IANA considerations section is currently listed as "TBD". I would
recommend the authors include a sentence indicating that this document
makes no requests of IANA (or else remove the section completely).