Skip to main content

Last Call Review of draft-moriarty-pkcs5-v2dot1-01
review-moriarty-pkcs5-v2dot1-01-secdir-lc-xia-2016-09-01-00

Request Review of draft-moriarty-pkcs5-v2dot1
Requested revision No specific revision (document currently at 04)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2016-09-02
Requested 2016-08-11
Authors Kathleen Moriarty , Burt Kaliski , Andreas Rusch
Draft last updated 2016-09-01
Completed reviews Secdir Last Call review of -01 by Liang Xia (diff)
Opsdir Last Call review of -01 by Bert Wijnen (diff)
Assignment Reviewer Liang Xia
State Completed
Review review-moriarty-pkcs5-v2dot1-01-secdir-lc-xia-2016-09-01
Reviewed revision 01 (document currently at 04)
Result Has Nits
Completed 2016-09-01
review-moriarty-pkcs5-v2dot1-01-secdir-lc-xia-2016-09-01-00

Hello,



I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG.  These
comments were written primarily for the benefit of the security area
 directors.  Document editors and WG chairs should treat these comments just
 like any other last call comments.





This document provides recommendations for the implementation of password-based
cryptography, covering key derivation functions, encryption schemes,
message-authentication schemes, and ASN.1 syntax identifying the techniques.
 And this document represents a republication of PKCS #5 v2.1 from RSA
 Laboratories’ Public-Key Cryptography Standards (PKCS) series. By publishing
 this RFC, change control is transferred to the IETF.





In general, this draft is based on [RFC2898] (PKCS #5) and RSA new released
PKCS #5 V2.1 specification, and includes some minor updates to them. So, it has
a solid security basis. Regarding to the new introduced contents,
 there are no more new security threats identified.





Summary: this document appears in reasonably good shape, with minor issues that
should be addressed before publication.





Below is a series of my comments, nits for your consideration.





comments:



Section 5.1

"S    salt, an eight-octet string": This sentence is not accurate. The Salt
used in the PBKDF1 algorithm should be an octet string with more than 8 bytes
length here;



section 5.2

"applied to the password P and the concatenation of the salt S and the block
index i:": this sentence seems to be not clear to explain the following series
of equations, for example:

1. how to use "i" in them?

2. how to use "Salt" in them?

Would you please clarify the issue and improve the content to be more clear?





nits:



Abstract

1. PKCS #8 should have a reference of [PKCS8][RFC5958];

2. The second "-" in "password-based-key" should be removed;

3. If there is PKCS #5 V2.1 specification, the reference of it should be added
after the content of "PKCS #5 V2.1";



Section 1

Please split the last two words of "compatibletechniques.".



Section 2

Miss "\xor" before "bit-wise exclusive-or of two octet strings".



Section 5.1

"DK = Tc<0..dkLen-1>": Tc should be T_c.



Section 5.2

1. The title of Section 5.2 should be "PBKDF2";

2. A calculation equation is missed here: "F (P, S, c, i) = U_1 \xor U_2 \xor
... \xor U_c".



Section 6.1.1

The title of the Section should be "PBES1 Encryption Operation".



Appendix A.1

"for PBES1" should be changed to "for PBKDF1".





Thanks!



B.R.

Frank