Skip to main content

Telechat Review of draft-ietf-ipsecme-ikev2-multiple-ke-10

Request Review of draft-ietf-ipsecme-ikev2-multiple-ke
Requested revision No specific revision (document currently at 12)
Type Telechat Review
Team Security Area Directorate (secdir)
Deadline 2022-11-29
Requested 2022-10-24
Authors C. Tjhai , M. Tomlinson , G. Bartlett , Scott Fluhrer , Daniel Van Geest , Oscar Garcia-Morchon , Valery Smyslov
I-D last updated 2022-11-28
Completed reviews Dnsdir Last Call review of -07 by Geoff Huston (diff)
Genart Last Call review of -07 by Russ Housley (diff)
Artart Last Call review of -08 by Russ Housley (diff)
Secdir Telechat review of -10 by Sean Turner (diff)
Assignment Reviewer Sean Turner
State Completed
Review review-ietf-ipsecme-ikev2-multiple-ke-10-secdir-telechat-turner-2022-11-28
Posted at
Reviewed revision 10 (document currently at 12)
Result Has nits
Completed 2022-11-28
Hi! Thanks for the well written draft. I really liked Appendix B that includes
the tried but discarded designs.

Issue worth discussing (and it might be a short discussion):

Are there any instructions that the DEs needs to make sure that this registry
is not populated with PQ-wanna-be Transforms? E.g., I show up my shiny new (and
supposedly) PQ resistant alg and the DE says ....


The use of “we” is a style thing that I would change, but if the WG/IESG are
good with it I can get on board too.

s1.2, last para: “require such a requirement” is a bit awkward. How about “have
such a requirement” or “levy such a requirement”?

s2, hybrid: I think you might want to include some words by what you mean by
“hybrid”? Maybe as simple as copy some of the text from the 1st para of s3.1
forward, “when multiple key exchanges are performed and the calculated shared
key depends on all of them”.

s3.1, s/Note that with this semantics,/Note that with these semantics,


s/must/MUST in the DE instructions?
s/addition,any/addition, any


s/dwarfed/ with thwart or mitigate
s/the data need to remain/the data needs to remain


s/as follows/as follows.
s/SKEYSEED(1)  …. )./SKEYSEED(1) … )
s/{SK_d(1) … SPIr)./{SK_d(1) … SPIr)

Is this missing:

 The updated SKEYSEED value is then used to derive the following
 keying materials

between these two lines:

 SKEYSEED(2) = prf(SK_d(1), SK(2) | Ni | Nr)
 {SK_d(2) | SK_ai(2) | SK_ar(2) | SK_ei(2) | SK_er(2) | SK_pi(2) |
    SK_pr(2)} = prf+ (SKEYSEED(2), Ni | Nr | SPIi | SPIr)

A.4:s/a security association/an IKE SA