Document: draft-kanno-tls-camellia-00.txt Reviewer: Miguel Garcia Review Date: 2011-03-09 IETF LC End Date: 2011-03-23 IESG Telechat: 2011-04-14 Summary: The document is ready for publication as an informational RFC. Major issues: none Minor issues: none Nits: - It would be nice if the draft includes formal references to external document where appropriate. Let me provide a few examples where I believe those formal references are missing: + Section 1, Introduction, missing reference to the SHA-2 family. Probably the reference should be done towards NIST FIPS 180-3: The proposed cipher suites include variants using SHA-2 family of cryptographic hash functions and Galois counter mode (GCM) [11]. + Section 3.2, add reference to AES (FIPS 197) at the beginning of: AES authenticated encryption with additional data algorithms, AEAD_AES_128_GCM and AEAD_AES_256_GCM are described in RFC5116 [5]. + Section 3.3, add a reference TLS 1.2 (RFC 5246). The hash algorithms and PRF algorithms for TLS 1.2 SHALL be as follows: + Section 3.3, add a reference to HMAC-SHA-256/384, most likely RFC 2104. Also to SHA-356/384 (NIST FIPS 180-3=: a) The cipher suites ending with _SHA256 use HMAC-SHA-256 as the MAC algorithm, The PRF is the TLS PRF [6] with SHA-256 as the hash function, b) The cipher suites ending with _SHA384 use HMAC-SHA-384 as the MAC algorithm, The PRF is the TLS PRF [6] with SHA-384 as the hash function. + Section 3.3, add a reference to TLS versions prior to 1.2, for example RFC 2246, and RFC 4346: When used with TLS versions prior to 1.2, the PRF is calculated as specified in the appropriate version of the TLS specification. - Expand terms at first occurrence. This includes: AES, PRF - Introduction, the last sentence is already repeated and does not add any value. It can be safely deleted: The Camellia algorithm and its properties are described in [2].