I have reviewed this document as part of the Security Directorate's
ongoing effort to review all IETF documents being processed by the
IESG. These comments were written primarily for the benefit of the
Security Area directors. Document editors and WG chairs should
treat these comments just like any other last call comments.



Doc: Data Structure for the Security Suitability of Cryptographic 


Algorithms (DSSC) <draft-ietf-ltans-dssc-08.txt>



Track: Proposed Standard

Summary: Ready except for some nits.



The first paragraph in Section 4 refers to RFC 3447 and FIPS 186-1 for 


RSA and DSA and further it goes on to say these algorithms can be 


combined with SHA-1, SHA-224, SHA-256, SHA-384, SHA-512 and RIPEMD-160. 


 I believe these are the wrong references for DSA (and the link doesn't 


work) and one of the RSA-SHA combos.  FIPS 186-1 only specifies SHA-1 


for use with DSA and only for certain key sizes. I think this is more 


correct:






For 512-bit DSA with SHA-1 see [FIPS186-2] without Change Notice 1, for 


1024-bit DSA with SHA-1 see [FIPS186-2] with Change Notice 1, for 


1024-bit and above DSA with SHA-1, SHA-224, SHA-256, SHA-384, and 


SHA-512 see [FIPS186-3].






I don't believe 512-bit DSA with SHA-224, SHA-256, SHA-384, and SHA-512 


are defined.  FIPS 186-2 with Change Notice 1 required key sizes be 


1024-bit and FIPS 186-3 allowed key sizes from 1024-3072.




Where is DSA or RSA with RIPEMD-160 defined?



RFC 3447 doesn't specify RSA with SHA-224.  Maybe pointing to RFC 4055 


would be better?




spt