Last Call Review of draft-ietf-ipsecme-eddsa-04

Request Review of draft-ietf-ipsecme-eddsa
Requested rev. no specific revision
Type Last Call Review
Team Ops Directorate (opsdir)
Deadline 2017-12-04
Requested 2017-11-12
Other Reviews Genart Last Call review of -04 by Christer Holmberg
Secdir Last Call review of -04 by Adam Montville
Review State Completed
Reviewer Joel Jaeggli
Review review-ietf-ipsecme-eddsa-04-opsdir-lc-jaeggli-2017-11-28
Posted at
Reviewed rev. 04
Review result Ready
Draft last updated 2017-11-28
Review completed: 2017-11-28


I reviewed  draft-ietf-ipsecme-eddsa on behalf of the opsdir during it's IETF Last call.

This standards track draft introduces an importance change in the IKE negotiation in that the sender can indicate that it hash algorithms which do not require prehashing and can instead operate on arbitrary length data.

It also goes on to make a more strong requirement then RFC 8032 (which is informational) that:

" The pre-hashed versions of Ed25519 and Ed448 (Ed25519ph and Ed448ph
   respectively) MUST NOT be used in IKE."

Changes to IKE negotiation require careful review, but I am satisfied that this explicit signal improves the handling of support for the edwards curves.