Last Call Review of draft-ietf-avt-seed-srtp-
*** I have reviewed this document as part of the security directorate's
*** ongoing effort to review all IETF documents being processed by the
*** IESG. These comments were written primarily for the benefit of the
*** security area directors. Document editors and WG chairs should treat
*** these comments just like any other last call comments.
The draft describes the use of the SEED cipher (RFC 4269) within the SRTP
protocol. The document is well written and thorough. I see no problems with it.
My only potential concern is regarding the use of SEED itself. SEED is a
cipher that's apparently very popular in Korea and less so elsewhere. While
no weaknesses have been found afaik, it did not receive the level of
scrutiny that AES did. Thus, the question arises whether the IETF should
standardize (and thereby implicitly endorse) the use of this cipher as an
alternative to AES.
I personally see no problem here, as long as a security comparison is made
clear in the document. Still, others may feel differently.
In fact, for this purpose I cc'ed the cfrg RG on this evaluation.
secdir mailing list
secdir at mit.edu