IETF Logo Mail Archive

Re: [Gen-art] Gen-ART Last Call review of draft-ietf-kitten-cammac-00

Tom Yu <tlyu@mit.edu> Sat, 06 December 2014 02:02 UTC

Return-Path: <tlyu@mit.edu>
X-Original-To: gen-art@ietfa.amsl.com
Delivered-To: gen-art@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AADCC1A6FC8 for <gen-art@ietfa.amsl.com>; Fri, 5 Dec 2014 18:02:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.211
X-Spam-Level:
X-Spam-Status: No, score=-4.211 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MMb2kB65U5IX for <gen-art@ietfa.amsl.com>; Fri, 5 Dec 2014 18:02:15 -0800 (PST)
Received: from dmz-mailsec-scanner-6.mit.edu (dmz-mailsec-scanner-6.mit.edu [18.7.68.35]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EB24E1A6FC0 for <gen-art@ietf.org>; Fri, 5 Dec 2014 18:02:14 -0800 (PST)
X-AuditID: 12074423-f79b86d000000cf5-ec-548263a5a366
Received: from mailhub-auth-2.mit.edu ( [18.7.62.36]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-6.mit.edu (Symantec Messaging Gateway) with SMTP id 17.CA.03317.5A362845; Fri, 5 Dec 2014 21:02:13 -0500 (EST)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by mailhub-auth-2.mit.edu (8.13.8/8.9.2) with ESMTP id sB622CV0019236; Fri, 5 Dec 2014 21:02:13 -0500
Received: from localhost (sarnath.mit.edu [18.18.1.190]) (authenticated bits=0) (User authenticated as tlyu@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id sB622Bi0007808; Fri, 5 Dec 2014 21:02:12 -0500
From: Tom Yu <tlyu@mit.edu>
To: Meral Shirazipour <meral.shirazipour@ericsson.com>
References: <ABCAA4EF18F17B4FB619EA93DEF7939A330314A4@eusaamb107.ericsson.se>
Date: Fri, 05 Dec 2014 21:02:10 -0500
In-Reply-To: <ABCAA4EF18F17B4FB619EA93DEF7939A330314A4@eusaamb107.ericsson.se> (Meral Shirazipour's message of "Sat, 29 Nov 2014 08:43:20 +0000")
Message-ID: <ldvtx19tu1p.fsf@sarnath.mit.edu>
Lines: 42
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFnrLIsWRmVeSWpSXmKPExsUixG6nors0uSnE4MtpC4vtLx4zWVx99ZnF 4tLeR8wOzB6/vl5l81iy5CeTx5fLn9kCmKO4bFJSczLLUov07RK4MmY2zmctuCZQ8bevj7WB 8RBvFyMnh4SAicTMZX2MELaYxIV769m6GLk4hAQWM0ncXLSGCcLZwCgx6dUOKOc1o8SWZ39Y QVrYBKQljl/exQRiiwiYSUya8ZURpIhZYCKjxPFXH8ESwgIuEm/6z4PtEBLwlfjc848dxGYR UJU4dPwvO0gDp8BkRomdHw+zgCR4BXQlXjYvAGvmEeCUmH7jFitEXFDi5MwnYDXMAloSN/69 ZJrAKDALSWoWktQCRqZVjLIpuVW6uYmZOcWpybrFyYl5ealFumZ6uZkleqkppZsYwaHqoryD 8c9BpUOMAhyMSjy8KyQaQ4RYE8uKK3MPMUpyMCmJ8jIlNYUI8SXlp1RmJBZnxBeV5qQWH2KU 4GBWEuFNng1UzpuSWFmVWpQPk5LmYFES5930gy9ESCA9sSQ1OzW1ILUIJivDwaEkwSsPMlSw KDU9tSItM6cEIc3EwQkynAdouCRIDW9xQWJucWY6RP4Uo6KUOERCACSRUZoH1wtLJa8YxYFe EeZlAKniAaYhuO5XQIOZgAbfLQa5urgkESEl1cBYt/XNUrXv8ut+qy76F2yZnKSSev8wh7az 1rEZDGxxOof+XTtdeyfgZkG2r+ck7/S3W7StXY5EnPN2Y52/QTK0troh458p27P9CiH9nE7R k/UfHQmZeV5w3aPc+tWtVk0WCTobZ76+fLu7ibPMIlay833+255TUVx7Baf8DOrhKioPa/to KqTEUpyRaKjFXFScCABNmgSKAAMAAA==
Archived-At: http://mailarchive.ietf.org/arch/msg/gen-art/w9jMzsGG1Be5NMWgnuEPK_-pecU
X-Mailman-Approved-At: Fri, 05 Dec 2014 20:06:07 -0800
Cc: "draft-ietf-kitten-cammac.all@tools.ietf.org" <draft-ietf-kitten-cammac.all@tools.ietf.org>, "gen-art@ietf.org" <gen-art@ietf.org>
Subject: Re: [Gen-art] Gen-ART Last Call review of draft-ietf-kitten-cammac-00
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/gen-art/>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 06 Dec 2014 02:02:16 -0000

Thank you for your review.  I have written some responses below.

Meral Shirazipour <meral.shirazipour@ericsson.com> writes:

> Nits/editorial comments:

> [Page 1], Abstract section, please remove the duplication of the word abstract (first word of first sentence).

Thanks; fixed in next revision.

> [Page 1], Abstract, suggestion: the actual motivation should be briefly mentioned in the abstract. (e.g. that AD-KDC-ISSUED is not sufficient in cases where ...).

I think the motivation is too complicated to concisely summarize in the
abstract.  We could mention that AD-KDC-ISSUED has known shortcomings
that will be detailed in the document, if that helps.

> [Page 3], "The svc-verifier element of the CAMMAC", is svc newly introduced in this draft? If so it would be clearer to mention it, e.g. "The new svc-verifier element of the CAMMAC"

That paragraph indicates that the svc-verifier element of CAMMAC  takes
the same role as the ad-checksum element of AD-KDC-ISSUED.  I think it
doesn't qualify as new in this context.  Please let me know if there is
alternative wording that would make this more clear.

> [Page 3], same sentence as above, should it be "AD-CAMMAC" instead of "CAMMAC" ?

I think of CAMMAC as the abstract concept behind this authorization
data, and of AD-CAMMAC as the ASN.1 type.  If this usage is confusing,
we could change to use AD-CAMMAC more consistently throughout.

> [Page 3], "svc-verifier", does svc acronym stand for something? (service and the Key Distribution Center ? ) Both svc and should be spelled out at first use.

"svc" is a common abbreviation for "service", but we can expand it on
the first use if that helps.  KDC is spelled out on its first use in the
Introduction.

> [Page 6], Section 5, if an Application server does not recognize the AD-CAMMAC container and the latter was not enclosed in the AD-IF-RELEVENT,
>
> should the Application server send an error or ignore ?

RFC 4120 specifies that a server receiving unknown authorization data
MUST fail the authentication process.  Do you think this needs repeating
in this document?

v2.39.1 | Report a Bug | By Email | System Status