Last Call Review of draft-ietf-lamps-x509-shbs-08
review-ietf-lamps-x509-shbs-08-secdir-lc-nystrom-2024-10-24-00
Request | Review of | draft-ietf-lamps-x509-shbs |
---|---|---|
Requested revision | No specific revision (document currently at 12) | |
Type | Last Call Review | |
Team | Security Area Directorate (secdir) | |
Deadline | 2024-10-25 | |
Requested | 2024-10-11 | |
Authors | Daniel Van Geest , Kaveh Bashiri , Scott Fluhrer , Stefan-Lukas Gazdag , Stavros Kousidis | |
I-D last updated | 2024-10-24 | |
Completed reviews |
Genart Last Call review of -08
by Stewart Bryant
(diff)
Secdir Last Call review of -08 by Magnus Nyström (diff) |
|
Assignment | Reviewer | Magnus Nyström |
State | Completed | |
Request | Last Call review on draft-ietf-lamps-x509-shbs by Security Area Directorate Assigned | |
Posted at | https://mailarchive.ietf.org/arch/msg/secdir/yAt8OjWXfAMHs43WnobfQCl2S5k | |
Reviewed revision | 08 (document currently at 12) | |
Result | Has nits | |
Completed | 2024-10-24 |
review-ietf-lamps-x509-shbs-08-secdir-lc-nystrom-2024-10-24-00
Hi, I did not find any serious issues with this document but have the following observations and questions: a) The title is "Algorithm Identifiers for HSS and XMSS," however, the document contains more than that - it contains usage recommendations and as such, I think a title more similar to the title of RFC 8708 ("Use of the HSS/LMS Hash-Based Signature Algorithm in [...]") would be better and more descriptive. b) There is an OID under the old "rsadsi" PKCS #9 OID tree used here (though not defined here). Did RSA (later EMC, later Dell, ...) transfer the ownership / maintenance of that OID tree to the IETF? I should know, since I was the editor of the RFC version of PKCS #9, but it has been too long and I have forgotten ... but just wanted to check such that there is no risk of duplicative assignments. c) I don't know that there is a need to have the essentially duplicative sections for "Algorithm Identifiers" and "Signature Algorithms" as they specify the same OIDs. Or, alternatively, to be more strict, the "Algorithm Identifiers" section could (or should?) specify "true" ASN.1 Algorithm Identifiers (i.e., using the X.509 "ALGORITHM" class and, e.g., the common AlgorithmIdentifier type from PKCS #10 - see the ASN.1 module of RFC 2986.) d) I wonder, for completeness, if a Lamport signature scheme should be defined like this too?