Last Call Review of draft-housley-aes-key-wrap-with-pad-
review-housley-aes-key-wrap-with-pad-secdir-lc-cridland-2009-06-22-00

I have reviewed this document as part of the security directorate's  


ongoing effort to review all IETF documents being processed by the  


IESG. These comments were written primarily for the benefit of the  


security area directors. Document editors and WG chairs should treat  


these comments just like any other last call comments.






This document is not within my expertise, but I felt it was mostly  


adequately clear for someone not fully familiar with the underlying  


cryptography. The Security Considerations in particular cover  


everything I was expecting to see, and some information I'd not  


previously been aware of.




However, the 7th paragraph is somewhat surprising to me, beginning:

  The key wrapping technique specified in this document requires the
  length of the key data to be at least nine octets because a single


  application of the AES codebook is sufficient to protect up to  


eight


  octets of key data.  In particular, if the key data consists of  


eight



  or fewer octets, then a 64-bit integrity check value could be
  prepended to the key data to form a single 128-bit block.  For

Was this intended to be:



  [...] application of the AES codebook is INsufficient to protect  


up to eight [...]




Otherwise, the paragraph doesn't fully make sense to me.



Aside from this, the document is clear and, in my opionion, suitable  


for publication.




Dave.