Re: [Gen-art] Gen-ART review of draft-ietf-hokey-erp-aak-07
Zhen Cao <zehn.cao@gmail.com> Fri, 03 February 2012 07:11 UTC
Return-Path: <zehn.cao@gmail.com>
X-Original-To: gen-art@ietfa.amsl.com
Delivered-To: gen-art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 47D8721F856F for <gen-art@ietfa.amsl.com>; Thu, 2 Feb 2012 23:11:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.388
X-Spam-Level:
X-Spam-Status: No, score=-3.388 tagged_above=-999 required=5 tests=[AWL=0.211, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0dcSN9c1zTsU for <gen-art@ietfa.amsl.com>; Thu, 2 Feb 2012 23:11:24 -0800 (PST)
Received: from mail-iy0-f172.google.com (mail-iy0-f172.google.com [209.85.210.172]) by ietfa.amsl.com (Postfix) with ESMTP id 7845921F85DF for <gen-art@ietf.org>; Thu, 2 Feb 2012 23:11:24 -0800 (PST)
Received: by iagf6 with SMTP id f6so5260249iag.31 for <gen-art@ietf.org>; Thu, 02 Feb 2012 23:11:24 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=fbEig1TJGAQpOR3GbZ8qyYf0HO9WAu1EhwGdG+70wmM=; b=xkJhwQCIz2FPrnmzgGQN+60hxcVuzeGVCs+S1gsKblgFPJ1uH5+Lf3CeBf0nzsPxCA hk9YSMuYGeY9WXchzp+EfnL44s5BUSBf8poPl2iAjANbcXgPb0nsP9lkjlmXNbbjl+Sw GT4gQcEKr05pO75zRKh5iHCxNEK04jvBrBwF8=
MIME-Version: 1.0
Received: by 10.43.51.66 with SMTP id vh2mr5439622icb.39.1328253084159; Thu, 02 Feb 2012 23:11:24 -0800 (PST)
Received: by 10.43.130.129 with HTTP; Thu, 2 Feb 2012 23:11:24 -0800 (PST)
In-Reply-To: <4F2AA2F8.4010004@ericsson.com>
References: <4F2AA2F8.4010004@ericsson.com>
Date: Fri, 03 Feb 2012 15:11:24 +0800
Message-ID: <CAProHATtfqmXk0-EVOSDbQZqpNW-nFtrchA56XAMP2XWpnd6oA@mail.gmail.com>
From: Zhen Cao <zehn.cao@gmail.com>
To: "Miguel A. Garcia" <Miguel.A.Garcia@ericsson.com>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Mailman-Approved-At: Fri, 03 Feb 2012 05:24:12 -0800
Cc: Hui Deng <denghui02@gmail.com>, General Area Review Team <gen-art@ietf.org>, sunseawq@huawei.com, Stephen Farrell <stephen.farrell@cs.tcd.ie>
Subject: Re: [Gen-art] Gen-ART review of draft-ietf-hokey-erp-aak-07
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/gen-art>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Feb 2012 07:11:25 -0000
Dear Miguel, Thanks for the valuable view, see our replies inline. Best regards, Zhen On Thu, Feb 2, 2012 at 10:51 PM, Miguel A. Garcia <Miguel.A.Garcia@ericsson.com> wrote: > I have been selected as the General Area Review Team (Gen-ART) > reviewer for this draft. For background on Gen-ART, please see the FAQ at > <http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq> > > Please resolve these comments along with any other comments you may receive. > > Document: draft-ietf-hokey-erp-aak-07 > Reviewer: Miguel Garcia <miguel.a.garcia@ericsson.com> > Review Date: 2011-01-02 > IETF LC End Date: 2012-02-07 > > Summary: This draft is on the right track but has open issues, described in > the review. > > Major issues: > > - None > > Minor issues: > > - The main problem I have with this draft is the lack of normative text (RFC > 2119 reserved words) in relevant paragraphs. If interoperability is to be > granted, an effort should be taken in adding quite a few more normative > statements. > > However, having said that, the section where I find more that there should > be more normative text, is Section 3, which is an "Overview" section. In > general, an overview section should use descriptive, but not normative text. > > For example, take the last paragraph in Page 5 (that continues to Page 6). > One possible change is to make normative the text and move it outside a > section whose title is "Overview". > > Upon receiving the message, the ERP/AAK server MUST first use the > keyName indicated in the keyName-NAI to look up the rIK and MUST > check the integrity and freshness of the message. Then the ERP/AAK > server MUST verify the identity of the peer by checking the username > portion of the KeyName-NAI. If any of the checks fail, the server > MUST send an early- authentication finish message (EAP-Finish/Re-auth > with E-flag set) with the Result flag set to '1'. Next, the server > MUST authorize the CAP specified in the CAP-Identifier TLV. In > success case, the server MUST derive a pMSK from the pRK for each CAP > carried in the the CAP-Identifier field using the sequence number > associated with CAP-Identifier as an input to the key derivation. > (see d. in the figure 1). > > Then the ERP/AAK server MUST transport the pMSK to the authorized CAP > via AAA Section 7 as described in figure 2 (see e.1,e.2 in the figure > 2). Note that key distribution in the figure 2 is one part of step d. > in the figure 1. > > The the last paragraph in Section 3 also contains an "Optionally", which I > believe should be replaced with a capitalized "OPTIONAL" [CZ]: Good suggestion, we will revise the draft to reflect this. > > Another instance: towards the end of Section 5.2, the text reads: > > HMAC-SHA256-128 is mandatory to implement and should be enabled in > the default configuration. > > and should probably be: > > HMAC-SHA256-128 is REQUIRED to be implemented and SHOULD be enabled in > the default configuration. [CZ] Okay. > > Similarly, the last paragraph in Section 5.2 reads: > > If the EAP-Initiate/Re-auth packet is not supported by the SAP, it is > discarded silently. > > and should probably be: > > If the EAP-Initiate/Re-auth packet is not supported by the SAP, it > SHOULD be discarded silently. > [CZ] Okay. > > - Another topic, Section 9 (IANA Considerations) reads: > > Further, this document registers a Early authentication usage label > from the "USRK Key Labels" name space with a value: > > EAP Early-Authentication Root Key@ietf.org > > > I am missing the sentence to name the master registry where the USRK Key > Labels subregistry is stored. This is the Extended Master Session Key (EMSK) > Parameters registry (I guess). And probably this comment is also valid for > the rest of the IANA actions: the main registry is not named, and it is hard > to find it. [CZ]: EMSK or DSRK lable is defined in the section 8.1 "Key Lables" of RFC5295. We will add reference to RFC5295 to fix this. Thanks. > > > /Miguel > -- > Miguel A. Garcia > +34-91-339-3608 > Ericsson Spain -- Best regards, Zhen
- [Gen-art] Gen-ART review of draft-ietf-hokey-erp-… Miguel A. Garcia
- Re: [Gen-art] Gen-ART review of draft-ietf-hokey-… Miguel A. Garcia
- Re: [Gen-art] Gen-ART review of draft-ietf-hokey-… Miguel A. Garcia
- Re: [Gen-art] Gen-ART review of draft-ietf-hokey-… Zhen Cao
- Re: [Gen-art] Gen-ART review of draft-ietf-hokey-… Qin Wu
- Re: [Gen-art] Gen-ART review of draft-ietf-hokey-… Qin Wu
- Re: [Gen-art] [HOKEY] Fwd: Gen-ART review of draf… Stephen Farrell