Suite B Profile for Internet Protocol Security (IPsec)
Note: This ballot was opened for revision 02 and is now closed.
(Sean Turner) Yes
(Ron Bonica) No Objection
(Stewart Bryant) No Objection
(Gonzalo Camarillo) No Objection
(Wesley Eddy) No Objection
(Adrian Farrel) No Objection
Comment (2011-08-06 for -)
I am balloting No Objection after a quick read and based on the support of the Responsible AD
(Stephen Farrell) (was Discuss) No Objection
(1) MUST is used before section 2 (2) What does "having" an X.509 cert mean for interop? I think you want to say use somewhere. (3) Saying "using the curves with foo" is a little unclear - maybe say "using the curves with foo specified in bar section baz" would be clearer. (4) "appear in the literature with different names" maybe give references (5) 4.2 says "each system MUST specify" but systems don't specify, specifications do. Suggest rewording. (6) The IPR declaration refers to a "Standard" so I've no idea if its relevant for this document or not. --- this used to be discuss point 1 (1) I'd like to be reassured that nothing here requires implementers to add some suite-B-specific, but non interoperable code to a node not trying to be suite-B conformant but otherwise doing all the right algorithms at the right sizes. If we had that problem then suite-B would no longer be a simple profile but would become something close to a national algorithm. (In terms of the non-interoperable aspects that would then exist.)
(David Harrington) No Objection
(Russ Housley) No Objection
Comment (2011-08-11 for -)
The Gen-ART Review by Alexey Melnikov includes one comment that has not been resolved. Please consider his comment. The document includes this sentence: > > The responder SHOULD accept the first Suite B UI suite offered by > the initiator that it can accommodate. > Alexey believes that use of SHOULD here is inappropriate. There are four Suite B UI suites, and in this case, any of the four will meet the security requirements. The initiator has provided them in their preferred order. Selecting any of the four choices that is offered by the initiator meets the security and interoperability requirements. The current wording says the responder SHOULD pick the initiator's preferred one, which may create additional testing for conformance.