Last Call Review of draft-ietf-kitten-pkinit-alg-agility-04
review-ietf-kitten-pkinit-alg-agility-04-secdir-lc-takahashi-2019-02-17-00

Request Review of draft-ietf-kitten-pkinit-alg-agility
Requested rev. no specific revision (document currently at 06)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2019-02-17
Requested 2019-02-03
Other Reviews Opsdir Last Call review of -04 by Scott Bradner (diff)
Genart Last Call review of -05 by Christer Holmberg (diff)
Genart Telechat review of -06 by Christer Holmberg
Review State Completed
Reviewer Takeshi Takahashi
Review review-ietf-kitten-pkinit-alg-agility-04-secdir-lc-takahashi-2019-02-17
Posted at https://mailarchive.ietf.org/arch/msg/secdir/qun0HUsEK68I3I9WhSf5NoMBkSo
Reviewed rev. 04 (document currently at 06)
Review result Ready
Draft last updated 2019-02-17
Review completed: 2019-02-17

Review
review-ietf-kitten-pkinit-alg-agility-04-secdir-lc-takahashi-2019-02-17

I do not see any serious issues on this draft and enjoyed reading it.
I have only minor questions for the purpose of deepening my understanding of the draft.

1. In section 5, regarding the The TD-CERT-DIGEST-ALGORITHMS-Data message, who embed the rejectedAlgorithm field? If it will be the KDC, why does the KDC need to fill and distribute this information to the others?

2. In section 8 (security consideration), it is stated that "to do otherwise allows an active attacker to perform a downgrade attack". In my understanding of the draft, arbitrary algorithm could be used (if the negotiation reaches agreements). I wonder if there is any mechanism that discourages the negotiation of using insecure algorithms.  For instance, the list of algorithms that must be treated with care could be listed somewhere?

Thank you, and kind regards,
Take