GOST 28147-89: Encryption, Decryption, and Message Authentication Code (MAC) Algorithms
Note: This ballot was opened for revision 08 and is now closed.
(Russ Housley) Yes
(Jari Arkko) (was Discuss) No Objection
This may need editorial clarification: 4.7. The keys defining fillings of KDS and the substitution box K tables are secret elements and are provided in accordance with the established procedure. The filling of the substitution box K is described in GOST 28147-89 as a long-term key element common for a whole computer network. Usually K is used as a parameter of algorithm, some possible sets of K are described in [RFC4357]. Here KDS is clear -- its the key. But what about K, the substitution box? Is it a missing part of this standard, a negotiated value between two peers, or a part of a standard for some context (e.g., when using this algorithm in S/MIME K = something specific)? Which established procedure are you referring to? Regular key management procedures? Some other procedures to obtain secretly defined additional standards for K? Perhaps this is just ambiguous words in the document. If so, it would be great to see the text be clearer about how it expects K to be defined.