Last Call Review of draft-moonesamy-sshfp-ed25519-01
review-moonesamy-sshfp-ed25519-01-secdir-lc-salowey-2014-05-30-00
Request | Review of | draft-moonesamy-sshfp-ed25519 |
---|---|---|
Requested revision | No specific revision (document currently at 02) | |
Type | Last Call Review | |
Team | Security Area Directorate (secdir) | |
Deadline | 2014-05-29 | |
Requested | 2014-05-02 | |
Authors | S Moonesamy | |
I-D last updated | 2014-05-30 | |
Completed reviews |
Genart Last Call review of -01
by Tom Taylor
(diff)
Genart Telechat review of -02 by Tom Taylor Secdir Last Call review of -01 by Joseph A. Salowey (diff) Opsdir Last Call review of -01 by Dan Romascanu (diff) |
|
Assignment | Reviewer | Joseph A. Salowey |
State | Completed | |
Request | Last Call review on draft-moonesamy-sshfp-ed25519 by Security Area Directorate Assigned | |
Reviewed revision | 01 (document currently at 02) | |
Result | Has issues | |
Completed | 2014-05-30 |
review-moonesamy-sshfp-ed25519-01-secdir-lc-salowey-2014-05-30-00
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This document defines an SSHFP DNS record for ED25519 signature algorithm. The document is ready with issues: 1) This document describes how to store the fingerprint of a public key that can be used with the ed25519 signature algorithm. I do not see any reference as to how to use the ed25519 signature algorithm in SSH. Perhaps I am missing a reference somewhere, but it really seems that the use of the signature algorithm in SSH should be defined somewhere, preferably in an IETF document. I so not see the point of publishing the SSHFP record document without some reference as to how it will be used. 2) The examples in RFC 6594 include the OpenSSH formatted key that is decoded and hashed to obtain the resulting fingerprint. It would be better if the draft followed this aspect of 6594 and included the key used to generate the fingerprint. Joe