I am the assigned Gen-ART reviewer for this draft. For background on
Gen-ART, please see the FAQ at
<

http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>.

Please resolve these comments along with any other Last Call comments
you may receive.

Document: draft-kivinen-ipsecme-signature-auth-06.txt
Reviewer: Brian Carpenter
Review Date: 2014-07-07
IETF LC End Date: 2014-07-15
IESG Telechat date:

Summary:  Almost ready
--------

Minor issues:
-------------

In the Security Considerations, it says:

   This means that the security of the authentication method is the
   security of the weakest component (signature algorithm, hash
   algorithm, or curve).  This complicates the security analysis of the
   system.  Note that this kind of mixing of security levels can be
   disallowed by policy.

As a security ignoramus, I would have liked to see some discussion of
downgrade attacks here. Also, the remark about "policy" seems incomplete.
Is it an implementation requirement that some sort of policy must be
supported? Is there a recommended default policy?

Nits:
-----

I found this sentence unnecessarily nested and hard to read:

   o  The RSA digital signature format in IKEv2 is specified to use
      RSASSA-PKCS1-v1_5 padding, but "Additional Algorithms and
      Identifiers for RSA Cryptography for use in PKIX Profile"
      ([RFC4055])) recommends the use of the newer RSASSA_PSS (See
      section 5 of [RFC4055]) instead.

Why not

   o  The RSA digital signature format in IKEv2 is specified to use
      RSASSA-PKCS1-v1_5 padding, but section 5 of "Additional Algorithms
      and Identifiers for RSA Cryptography for use in PKIX Profile"
      [RFC4055] recommends the use of the newer RSASSA_PSS instead.