[HOKEY] AD review of draft-ietf-hokey-rfc5296bis

Stephen Farrell <stephen.farrell@cs.tcd.ie> Wed, 08 February 2012 18:43 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: hokey@ietfa.amsl.com
Delivered-To: hokey@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0CA9C21F8575 for <hokey@ietfa.amsl.com>; Wed, 8 Feb 2012 10:43:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.299
X-Spam-Level:
X-Spam-Status: No, score=-101.299 tagged_above=-999 required=5 tests=[AWL=-1.000, BAYES_00=-2.599, MANGLED_LIST=2.3, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xMBj1eCPUeNO for <hokey@ietfa.amsl.com>; Wed, 8 Feb 2012 10:43:17 -0800 (PST)
Received: from scss.tcd.ie (hermes.cs.tcd.ie [IPv6:2001:770:10:200:889f:cdff:fe8d:ccd2]) by ietfa.amsl.com (Postfix) with ESMTP id 329C321F8562 for <hokey@ietf.org>; Wed, 8 Feb 2012 10:43:16 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by hermes.scss.tcd.ie (Postfix) with ESMTP id 49252171C91 for <hokey@ietf.org>; Wed, 8 Feb 2012 18:43:16 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; h= content-transfer-encoding:content-type:subject:mime-version :user-agent:from:date:message-id:received:received: x-virus-scanned; s=cs; t=1328726595; bh=kjhLScrP9RNfCwozIhsVpc10 2elP4UOhHxUtR93Omvc=; b=w1hpgCRaoIiaCThK5VuQm0MCzeIW8Md3itB+BbVg Q7q96bMMyrUrKY/xTNtUEtmj5aRuvRSsEddERdR094OmgoML5HwEqeYS4zXv3s2F N2lyI/QEgOl+Xs0Z9XENAGhnb8YIlvamCj/Dyw32by3Zx5E+9XH5JxEv5pEx224k fpIQx5W+cuTZ5ZVEFhG6ry7joJ4W0CRxTrFZodXXTvPJX0ibTMULZ1U1YjQTN0HL mdI5aU7nbKBzeY9CBkxUluj1XvMcnT9RdAvGwY9c7be7uE3Kgnp/2FmsjKFwB70M vEIlVLVX760lq6HojDiL9tqnkTXyYwbeKjAvch1GqPsE+g==
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from scss.tcd.ie ([127.0.0.1]) by localhost (scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10027) with ESMTP id HGW8hhoG60Ys for <hokey@ietf.org>; Wed, 8 Feb 2012 18:43:15 +0000 (GMT)
Received: from [134.226.36.180] (stephen-think.dsg.cs.tcd.ie [134.226.36.180]) by smtp.scss.tcd.ie (Postfix) with ESMTPSA id E7C33171C2F for <hokey@ietf.org>; Wed, 8 Feb 2012 18:43:15 +0000 (GMT)
Message-ID: <4F32C244.3020202@cs.tcd.ie>
Date: Wed, 08 Feb 2012 18:43:16 +0000
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux i686 on x86_64; rv:9.0) Gecko/20111222 Thunderbird/9.0.1
MIME-Version: 1.0
To: "hokey@ietf.org" <hokey@ietf.org>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: [HOKEY] AD review of draft-ietf-hokey-rfc5296bis
X-BeenThere: hokey@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: HOKEY WG Mailing List <hokey.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/hokey>, <mailto:hokey-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hokey>
List-Post: <mailto:hokey@ietf.org>
List-Help: <mailto:hokey-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hokey>, <mailto:hokey-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Feb 2012 18:43:18 -0000

Hi all,

My review on this is below. All of those comments
can be handled along with any other IETF LC comments
received and none is a big deal. However there is one
thing to sort out before we go ahead.

There is an IPR declaration for 5296 but none for this
document, which is very similar.

We should get that sorted out before IETF LC one way or
another. Best is to get a new declaration from the folks
who declared about 5296.

It may be that an additional short WGLC just to check
this would be useful for the record once the chairs
find out if a new IPR declaration will be forthcoming
in the near future. (I've asked Tina as shepherd to
handle this.)

Thanks,
S.

- Some references need updating, check ID-nits.
 
http://tools.ietf.org/idnits?url=http://tools.ietf.org/id/draft-ietf-hokey-rfc5296bis-06.txt

The next three comments are about stuff that didn't really
change since 5296, so consider them suggestions (i.e.
I won't insist on any changes being made).

- 3.2, 1st para: "The peer uses the domain name..." is that
the home or visited domain name?  Same thing in the 3rd last
para of 3.2 and various other places. Which domain name
is used when could be clearer throughout I think.

- p18, last bullet is not quite clear on when a message is
considered fresh. I think it means that any sequence number
greater than the last one used is ok, and any less is
considered a replay but I'm not 100% sure from this text, but
5.4 does seem to say that. Be good to be as clear here too.

- 8, "confidentiality of identity" - does the use of some of
the channel bindings not expose identity? If so, noting that
here would be good.

nits:

- DSRK is not expanded before 1st use in section 2.

- DS-rIK and DS-rRK are used with out expansion or
explanation. (last para before 3.1)

- 3.2, 1st para: s/out of home domain/out of the home domain/

- 5.1, 1st para: s/If ER capable.../If an ER capable.../

- 3.2 s/Figure 5shows/Figure 5 shows/