Last Call Review of draft-ietf-avt-seed-srtp-
review-ietf-avt-seed-srtp-secdir-lc-canetti-2009-06-05-00

Request Review of draft-ietf-avt-seed-srtp
Requested rev. no specific revision (document currently at 14)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2009-06-02
Requested 2009-03-06
Draft last updated 2009-06-05
Completed reviews Secdir Last Call review of -?? by Ran Canetti
Assignment Reviewer Ran Canetti
State Completed
Review review-ietf-avt-seed-srtp-secdir-lc-canetti-2009-06-05
Review completed: 2009-06-05

Review
review-ietf-avt-seed-srtp-secdir-lc-canetti-2009-06-05

***   I have reviewed this document as part of the security directorate's
***   ongoing effort to review all IETF documents being processed by the
***   IESG.  These comments were written primarily for the benefit of the
***   security area directors.  Document editors and WG chairs should treat
***   these comments just like any other last call comments.


The draft describes the use of the SEED cipher (RFC 4269) within the SRTP 
protocol. The document is well written and thorough. I see no problems with it.

My only potential concern is regarding the use of SEED itself. SEED is a 
cipher that's apparently very popular in Korea and less so elsewhere. While 
no weaknesses have been found afaik, it did not receive the level of 
scrutiny that AES did.  Thus, the question arises whether the IETF should 
standardize (and thereby implicitly endorse) the use of this cipher as an 
alternative to AES.

I personally see no problem here, as long as a security comparison is made 
clear in the document. Still, others may feel differently.
In fact, for this purpose I cc'ed the cfrg RG on this evaluation.


Best,
Ran



_______________________________________________
secdir mailing list
secdir at mit.edu


https://mailman.mit.edu/mailman/listinfo/secdir
RFC Editor IASA & IETF LLC IETF Trust IRTF IETF IESG IAB IANA Privacy Statement IETF Tools