Skip to main content

Last Call Review of draft-ietf-lamps-x509-shbs-08
review-ietf-lamps-x509-shbs-08-secdir-lc-nystrom-2024-10-24-00

Request Review of draft-ietf-lamps-x509-shbs
Requested revision No specific revision (document currently at 12)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2024-10-25
Requested 2024-10-11
Authors Daniel Van Geest , Kaveh Bashiri , Scott Fluhrer , Stefan-Lukas Gazdag , Stavros Kousidis
I-D last updated 2024-10-24
Completed reviews Genart Last Call review of -08 by Stewart Bryant (diff)
Secdir Last Call review of -08 by Magnus Nyström (diff)
Assignment Reviewer Magnus Nyström
State Completed
Request Last Call review on draft-ietf-lamps-x509-shbs by Security Area Directorate Assigned
Posted at https://mailarchive.ietf.org/arch/msg/secdir/yAt8OjWXfAMHs43WnobfQCl2S5k
Reviewed revision 08 (document currently at 12)
Result Has nits
Completed 2024-10-24
review-ietf-lamps-x509-shbs-08-secdir-lc-nystrom-2024-10-24-00
Hi, I did not find any serious issues with this document but have the following
observations and questions:

a) The title is "Algorithm Identifiers for HSS and XMSS," however, the document
contains more than that - it contains usage recommendations and as such, I
think a title more similar to the title of RFC 8708 ("Use of the HSS/LMS
Hash-Based Signature Algorithm in [...]") would be better and more descriptive.
b) There is an OID under the old "rsadsi" PKCS #9 OID tree used here (though
not defined here). Did RSA (later EMC, later Dell, ...) transfer the ownership
/ maintenance of that OID tree to the IETF? I should know, since I was the
editor of the RFC version of PKCS #9, but it has been too long and I have
forgotten ... but just wanted to check such that there is no risk of
duplicative assignments. c) I don't know that there is a need to have the
essentially duplicative sections for "Algorithm Identifiers" and "Signature
Algorithms" as they specify the same OIDs. Or, alternatively, to be more
strict, the "Algorithm Identifiers" section could (or should?) specify "true"
ASN.1 Algorithm Identifiers (i.e., using the X.509 "ALGORITHM" class and, e.g.,
the common AlgorithmIdentifier type from PKCS #10 - see the ASN.1 module of RFC
2986.) d) I wonder, for completeness, if a Lamport signature scheme should be
defined like this too?