[Gen-art] Genart last call review of draft-ietf-stir-passport-shaken-04

Francesca Palombini <francesca.palombini@ericsson.com> Fri, 02 November 2018 16:14 UTC

Return-Path: <francesca.palombini@ericsson.com>
X-Original-To: gen-art@ietf.org
Delivered-To: gen-art@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 016CC123FFD; Fri, 2 Nov 2018 09:14:48 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Francesca Palombini <francesca.palombini@ericsson.com>
To: <gen-art@ietf.org>
Cc: draft-ietf-stir-passport-shaken.all@ietf.org, stir@ietf.org, ietf@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.87.2
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <154117528787.7013.6199833371829068074@ietfa.amsl.com>
Date: Fri, 02 Nov 2018 09:14:47 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/gen-art/vF0GlDKSXmdF9oVrZkwPVPJ6AAE>
Subject: [Gen-art] Genart last call review of draft-ietf-stir-passport-shaken-04
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.29
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/gen-art/>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 02 Nov 2018 16:14:48 -0000

Reviewer: Francesca Palombini
Review result: Ready with Issues

I am the assigned Gen-ART reviewer for this draft. The General Area
Review Team (Gen-ART) reviews all IETF documents being processed
by the IESG for the IETF Chair.  Please treat these comments just
like any other last call comments.

For more information, please see the FAQ at


Document: draft-ietf-stir-passport-shaken-04
Reviewer: Francesca Palombini
Review Date: 2018-11-02
IETF LC End Date: 2018-11-02
IESG Telechat date: Not scheduled for a telechat

Summary: This draft is on the right track but has open issues, described in the

Major issues:

* This draft defines the new claim "origid" for the Personal Attestation Token
used in the SHAKEN framework, but does not give any privacy considerations
about it and its use. [RFC6973] suggests that the privacy considerations of
IETF protocols be documented. As required by [RFC7258], work on IETF protocols
needs to consider the effects of pervasive monitoring and mitigate them when
possible. I don't know SHAKEN well enough to comment on privacy issues on that,
but this draft, as part of the IETF work, should have privacy considerations,
particularly considering the "origid" claim.

Minor issues:

* Section 4: the term "verified association" is not defined in this document,
nor in [RFC8225], nor in the SHAKEN spec referenced. Is there a way to clarify
what is meant by it? It could be a reference.

Nits/editorial comments:

* Terminology: I would have appreciated a short sentence mentioning [RFC8225]
in the Terminology section.

* Section 9: [RFC8224] appears without link.

* Acknowledgements: "The authors would like
   acknowledge the work of the ATIS/SIP Forum IP-NNI Task Force to
   develop the concepts behind this document." -> The authors would like to
   acknowledge ...

I do not repeat nits and editorials reported by Adam Roach in his review of
this version of the document (11-19-2018,
https://mailarchive.ietf.org/arch/msg/stir/HxVSCLPGfSgwFuvqLkWSVNI0PtQ )