Last Call Review of draft-ietf-ipsecme-eddsa-04
review-ietf-ipsecme-eddsa-04-opsdir-lc-jaeggli-2017-11-28-00
| Request | Review of | draft-ietf-ipsecme-eddsa |
|---|---|---|
| Requested revision | No specific revision (document currently at 04) | |
| Type | Last Call Review | |
| Team | Ops Directorate (opsdir) | |
| Deadline | 2017-12-04 | |
| Requested | 2017-11-12 | |
| Authors | Yoav Nir | |
| I-D last updated | 2017-11-28 | |
| Completed reviews |
Genart Last Call review of -04
by Christer Holmberg
Secdir Last Call review of -04 by Adam W. Montville Opsdir Last Call review of -04 by Joel Jaeggli |
|
| Assignment | Reviewer | Joel Jaeggli |
| State | Completed | |
| Request | Last Call review on draft-ietf-ipsecme-eddsa by Ops Directorate Assigned | |
| Reviewed revision | 04 | |
| Result | Ready | |
| Completed | 2017-11-28 |
review-ietf-ipsecme-eddsa-04-opsdir-lc-jaeggli-2017-11-28-00
I reviewed draft-ietf-ipsecme-eddsa on behalf of the opsdir during it's IETF Last call. This standards track draft introduces an importance change in the IKE negotiation in that the sender can indicate that it hash algorithms which do not require prehashing and can instead operate on arbitrary length data. It also goes on to make a more strong requirement then RFC 8032 (which is informational) that: " The pre-hashed versions of Ed25519 and Ed448 (Ed25519ph and Ed448ph respectively) MUST NOT be used in IKE." Changes to IKE negotiation require careful review, but I am satisfied that this explicit signal improves the handling of support for the edwards curves.