Skip to main content

Last Call Review of draft-mcgrew-tls-aes-ccm-ecc-07

Request Review of draft-mcgrew-tls-aes-ccm-ecc
Requested revision No specific revision (document currently at 08)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2013-10-22
Requested 2013-09-19
Authors David McGrew , Daniel Bailey , Matthew Campagna , Robert Dugal
I-D last updated 2013-10-31
Completed reviews Genart Last Call review of -07 by Meral Shirazipour (diff)
Genart Telechat review of -07 by Meral Shirazipour (diff)
Secdir Last Call review of -07 by Donald E. Eastlake 3rd (diff)
Assignment Reviewer Donald E. Eastlake 3rd
State Completed Snapshot
Review review-mcgrew-tls-aes-ccm-ecc-07-secdir-lc-eastlake-2013-10-31
Reviewed revision 07 (document currently at 08)
Result Has Nits
Completed 2013-10-31
My apologies. I don't know that a review this late is useful but I
have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the

This document specifies the use of AES and ECC in CBC-MAC Mode (CCM)
for TLS 1.2. Further, it uses Ephemeral Elliptic Curve Diffie-Hellman
(ECDHE) to establish keys. The document is pretty short and to the
point. The Security Considerations section just mentions the benefit
of "perfect forward secrecy", the burden that the counter in AES-CCM
never be reused, and how that burden is met. I believe that, overall,
the document adequately covers needed security considerations when one
also takes into account material outside of the Security
Considerations section.


There are a number of SHOULDs in this draft with no indication of when
you might not do what is specified. For example "The client SHOULD
offer the elliptic_curves extension" If the specified crypto depends
on ECC, what happens if the client doesn't do that?


In standards track documents, I prefer to use "specifies" rather than
"describes", for example in the abstract and introduction.

 Donald E. Eastlake 3rd   +1-508-333-2270 (cell)
 155 Beaver Street, Milford, MA 01757 USA
 d3e3e3 at