Last Call Review of draft-ietf-lamps-hash-of-root-key-cert-extn-03
review-ietf-lamps-hash-of-root-key-cert-extn-03-secdir-lc-montville-2019-01-08-00
| Request | Review of | draft-ietf-lamps-hash-of-root-key-cert-extn |
|---|---|---|
| Requested revision | No specific revision (document currently at 07) | |
| Type | Last Call Review | |
| Team | Security Area Directorate (secdir) | |
| Deadline | 2019-01-10 | |
| Requested | 2018-12-27 | |
| Authors | Russ Housley | |
| Draft last updated | 2019-01-08 | |
| Completed reviews |
Secdir Last Call review of -03
by
Adam W. Montville
(diff)
Genart Last Call review of -03 by Joel M. Halpern (diff) Genart Telechat review of -05 by Joel M. Halpern (diff) Secdir Telechat review of -05 by Adam W. Montville (diff) |
|
| Assignment | Reviewer | Adam W. Montville |
| State | Completed | |
| Review |
review-ietf-lamps-hash-of-root-key-cert-extn-03-secdir-lc-montville-2019-01-08
|
|
| Reviewed revision | 03 (document currently at 07) | |
| Result | Ready | |
| Completed | 2019-01-08 |
review-ietf-lamps-hash-of-root-key-cert-extn-03-secdir-lc-montville-2019-01-08-00
This draft is ready. It's a clever (though not foolproof) way to prime the pump for root certificate updates. I'm not an ASN.1 expert, so I can't really opine on the structure in Section 3, but from what I can tell it looks sane. Operational considerations seems sane. Security considerations rely on those from RFC5280, and additionally addresses: 1) analysis before the next-generation root certificate is released, 2) key strength considerations (equal or greater than current), 3) unforeseen cryptoanalytic advances, 4) typical hash pre-image attacks, and 5) early release of the next-generation public key. One area in the security considerations that could be enhanced is the recommended action to take in the case of an early next-generation public key release. The language in the draft states: "The second transition occurs when the Root CA is confident that the population of relying parties have completed the first transition, and it takes the Root CA to the freshly generated key pair." The question that came to mind was: What might bring about such confidence? I'm not sure that it's possible to generalize an answer to that question, however. Kind regards, Adam