Last Call Review of draft-housley-suite-b-to-historic-04
review-housley-suite-b-to-historic-04-secdir-lc-yu-2018-04-23-00

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

The summary of the review is Ready with Nits.

It's not clear to me whether there are any replacement specs for the
crypto suites being declared Historic.  Are the remaining crypto suites
for these protocols of comparable strength and security properties?

More concretely, Section 5 says:

"5.  Impact of Reclassifying the Suite-B-related RFCs to Historic

   No interoperability or security concerns are raised by reclassifing
   the Suite-B-related RFCs to Historic Status."

It would be helpful to have some explanation.  For example, is it true
that none of the RFCs being moved to Historic Status is the sole
specification of an algorithm or an identifier for an algorithm that we
expect people to continue using?

Also there's a typo: "reclassifing" should be "reclassifying".

Similarly, in Section 7:

"7.  Security Considerations

   The CNSA Suite includes algorithms using the larger key sizes that
   are included in Suite B.  There are no interoperability or security
   concerns raised by reclassifying the Suite-B-related RFCs to Historic
   Status."

Will there be forthcoming specs for using CNSA Suite algorithms with
these protocols?

Best regards,
-Taylor