Re: I-D Action:draft-ietf-ltans-dssc-06.txt

[TSG <tglassey@xxxxxxxxxxxxx>]

Carl Wallace wrote:
> A new WG last call will commence for this draft starting today and
> ending two weeks from tomorrow.
>
>   
> > -----Original Message-----
> > From: owner-ietf-ltans@xxxxxxxxxxxx 
> > [mailto:owner-ietf-ltans@xxxxxxxxxxxx] On Behalf Of 
> > Internet-Drafts@xxxxxxxx
> > Sent: Tuesday, January 20, 2009 12:00 PM
> > To: i-d-announce@xxxxxxxx
> > Cc: ietf-ltans@xxxxxxx
> > Subject: I-D Action:draft-ietf-ltans-dssc-06.txt 
> >     

Good stuff. Especially the Policy Control Structures. My concerns simply 
are that the IETF should not be specifying the actual standards for use 
inside this. Those must be approved and supported by those that use 
them.  For instance there are a number of non-public crypto services 
which will want to be interchanged with these, to do that the selection 
of the crypto type needs to be interchangeable.

Also in the MOTIVE section there are several statement's which create 
specific requirements in the use models, but the use models are missing, 
so I would suggest changing the two key control statements in the MOTIVE 
section so they are not specific to "MUST DO" without defining what it 
is that must be done.

Todd Glassey
> > A New Internet-Draft is available from the on-line 
> > Internet-Drafts directories.
> > This draft is a work item of the Long-Term Archive and Notary 
> > Services Working Group of the IETF.
> >
> >
> > 	Title           : Data Structure for the Security 
> > Suitability of Cryptographic Algorithms (DSSC)
> > 	Author(s)       : T. Kunz, et al.
> > 	Filename        : draft-ietf-ltans-dssc-06.txt
> > 	Pages           : 41
> > 	Date            : 2009-01-20
> >
> > Since cryptographic algorithms can become weak over the 
> > years, it is necessary to evaluate their security 
> > suitability.  When signing or verifying data, or when 
> > encrypting or decrypting data, these evaluations must be 
> > considered.  This document specifies a data structure that 
> > enables an automated analysis of the security suitability of 
> > a given cryptographic algorithm at a given point of time 
> > which may be in the past, at the present time or in the 
> > future.Conventions used in this document
> >
> > The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL 
> > NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and 
> > "OPTIONAL" in this document are to be interpreted as 
> > described in [RFC2119].
> >
> > A URL for this Internet-Draft is:
> > http://www.ietf.org/internet-drafts/draft-ietf-ltans-dssc-06.txt
> >
> > Internet-Drafts are also available by anonymous FTP at:
> > ftp://ftp.ietf.org/internet-drafts/
> >
> > Below is the data which will enable a MIME compliant mail 
> > reader implementation to automatically retrieve the ASCII 
> > version of the Internet-Draft.
> >
> >     
> > ------------------------------------------------------------------------
> >
> >
> > Internal Virus Database is out of date.
> > Checked by AVG - http://www.avg.com 
> > Version: 8.0.176 / Virus Database: 270.10.8/1898 - Release Date: 1/16/2009 3:09 PM
> >
> >