Document: draft-kato-ipsec-camellia-modes-07.txt Reviewer: Francis Dupont Review Date: 2008-05-23 IETF LC End Date: 2008-06-10 IESG Telechat date: unknown Summary: Not ready Comments: my main concern is about the organization of the different camellia mode/ipsec documents, for instance why the CTR and CCM modes are not only in draft-kato-camellia-ctrccm with only the application to IPsec in this one? (note: you copied the RFC 3686 so I can understand you don't expect my comments :-) Other comments: - title page 1: Its -> Their - ToC page 2: Acknowledgements -> Acknowledgments - 1 page 3: to -> by (in replacing block) - 1 page 3: lisences -> licenses - 1 page 3: Openssl -> OpenSSL - 1 page 3: Gran Paradiso -> Firefox Gran Paradiso (proposed clarification) - 2.3 page 5: i.e. -> i.e., - 2.5 page 5: the padding discussion doesn't apply for the Counter mode. I believe the problem is in the wording and is a side-effect of the mode + IPsec shaky structure of the document. - 3 page 7: there should be nothing about IPsec in this section. - 3.1 page 7: there *must* be a MUST about IVs in this section, you can't wait for the IPsec use! - 3.2 page 7: need not be -> needs not to be (nonce value) - 3.2 page 7: that is making use -> using - 3.2 pages 7 and 8: remove "academic paper" stuff From "Pipelining is..." to "...before the packet arrives." - 3.2 page 8: the IKE stuff is not at the right place. BTW how IKE can provide the nonce value? - 3.2 page 8: the last line (about [12]) just says either 3.2 is not normative and should not be there, or there are two competing specs of the same thing. Both very bad... - 3.3 page 10: same concern about the last sentence. - 3 pages 7-10: if there are some limits about the number of blocks in a mode, this is the right place. - 4.1 page 11: IMHO there should be only one MUST for the IV (and it should be "unpredictable" of course). - 4.2 page 12: the Authentication Data is not a part of the mode. - 4.2.1 page 13: need not be -> needs not to be - 4.2.1 page 13 (twice): beginning -> establishment - 4.2.2 page 13: this section is not at the right position (move it!) - 4.3.4 page 15: same that 4.2.1 (need, beginning (2)) - 5 page 17: use/using (bad wording) - 5 page 17: is camellia usable by IKE itself (if it is not (defined), please say it). - 5.1 page 17: explain where is the key length - 6 page 19: I don't believe it is useful to explain the IV issue, a reference should be enough. - 8 page 22: Acknowledgements -> Acknowledgments Regards Francis.Dupont@fdupont.fr PS: how to solve my main concern: I believe there are (at least) two solutions: either have a mode document and refer to it (with a copy of requirements) in an IPsec use separate document; or keep one document with both mode and IPsec use specs. In the second case, I believe a mode first IPsec details second organization for sections 3 and 4 is far better. And don't forget test vectors as an all-in-one document should be self contained.