Skip to main content

Last Call Review of draft-ietf-lamps-rfc5990bis-05
review-ietf-lamps-rfc5990bis-05-opsdir-lc-dhody-2024-04-23-00

Request Review of draft-ietf-lamps-rfc5990bis
Requested revision No specific revision (document currently at 07)
Type Last Call Review
Team Ops Directorate (opsdir)
Deadline 2024-04-23
Requested 2024-04-09
Authors Russ Housley , Sean Turner
I-D last updated 2024-04-23
Completed reviews Genart Last Call review of -05 by Christer Holmberg (diff)
Secdir Last Call review of -05 by Donald E. Eastlake 3rd (diff)
Opsdir Last Call review of -05 by Dhruv Dhody (diff)
Assignment Reviewer Dhruv Dhody
State Completed
Request Last Call review on draft-ietf-lamps-rfc5990bis by Ops Directorate Assigned
Posted at https://mailarchive.ietf.org/arch/msg/ops-dir/wbCWUniCTdjHYrBYt8eNmiVbQC0
Reviewed revision 05 (document currently at 07)
Result Has nits
Completed 2024-04-23
review-ietf-lamps-rfc5990bis-05-opsdir-lc-dhody-2024-04-23-00
# OPSDIR review of draft-ietf-lamps-rfc5990bis-05

I have reviewed this document as part of the Operational directorate's ongoing
effort to review all IETF documents being processed by the IESG.  These
comments were written with the intent of improving the operational aspects of
the IETF drafts. Comments that are not addressed in the last call may be
included in AD reviews during the IESG review.  Document editors and WG chairs
should treat these comments just like any other last-call comments.

The document specifies the conventions for using the RSA-KEM Algorithm The
document is clear and well-written. The draft does not have any operational
text which is to be expected of such a document.  The document is almost ready
for publication, I have only minor concerns and nits.

## Minor

- It is unusual to mention a draft name in the abstract. Perhaps change that to
RFC XXXX and add a note to the RFC editor that XXXX should be replaced with the
RFC# assigned to the draft.

- Abstract should also note that the RFC 5990 is being obsoleted and highlight
the change/motivation.

- The text does not state what is e in "c = z^e mod n" or d in "z = ct^d mod
n", should it?

- Section 1.6; Once this I-D is published, the RFC 5990 will be obsoleted and
thus I suggest we rephrase "RFC 5990 uses...", "RFC 5990 includes", etc to
indicate RFC 5990 is in the past...

- Throughout the I-D there are various MUST conditions, it is unsure to me what
happens when those conditions are not met.

- Appendix A uses the notation "(C)" for ciphertext whereas the rest of the
text uses "ct". Is that okay?

- Section A.1, step 2 - "Encrypt the random integer Z..."; shouldn't this be z
instead of Z. I see RFC 5099 used z. Why was that changed?

## Nits

- s/with goal of providing/with the goal of providing/

- s/Decrypt the the ciphertext with the/Decrypt the ciphertext with the/

- Expand on first use - KDF

- s/used with with the RSA-KEM/used with the RSA-KEM/

- s/using the their private key/using their private key/

Thanks!
Dhruv