Telechat Review of draft-ietf-karp-crypto-key-table-08
review-ietf-karp-crypto-key-table-08-secdir-telechat-wierenga-2013-08-08-00
Request | Review of | draft-ietf-karp-crypto-key-table |
---|---|---|
Requested revision | No specific revision (document currently at 10) | |
Type | Telechat Review | |
Team | Security Area Directorate (secdir) | |
Deadline | 2013-08-13 | |
Requested | 2013-08-02 | |
Authors | Tim Polk , Russ Housley , Sam Hartman , Dacheng Zhang | |
I-D last updated | 2013-08-08 | |
Completed reviews |
Genart Last Call review of -07
by David L. Black
(diff)
Genart Telechat review of -08 by David L. Black (diff) Secdir Telechat review of -08 by Klaas Wierenga (diff) Secdir Last Call review of -07 by Klaas Wierenga (diff) |
|
Assignment | Reviewer | Klaas Wierenga |
State | Completed | |
Request | Telechat review on draft-ietf-karp-crypto-key-table by Security Area Directorate Assigned | |
Reviewed revision | 08 (document currently at 10) | |
Result | Has nits | |
Completed | 2013-08-08 |
review-ietf-karp-crypto-key-table-08-secdir-telechat-wierenga-2013-08-08-00
Hi, After having reviewed version 07, I have only one (minor) nit for version 8, you write: KDF: A key derivation function is a one-way function that provides cryptographic separation of key material. The KDF MAY use inputs from the row in the key table and the message being sent or received but MUST NOT depend on other configuration state. I wonder whether that definition is correct. I have always considered forwarding secrecy a desirable but not necessary property for KDF's. For example the key may not have the necessary properties so a transformation may be needed (could be as simple as padding until a certain length). But if you can point me to a definition that includes one-way I stand corrected. Klaas