Re: [HOKEY] Fwd: Gen-ART review of draft-ietf-hokey-erp-aak-07

Stephen Farrell <stephen.farrell@cs.tcd.ie> Wed, 08 February 2012 11:41 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: hokey@ietfa.amsl.com
Delivered-To: hokey@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1197E21F869C for <hokey@ietfa.amsl.com>; Wed, 8 Feb 2012 03:41:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.999
X-Spam-Level:
X-Spam-Status: No, score=-101.999 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, J_CHICKENPOX_23=0.6, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QdY0RJ8AAiCw for <hokey@ietfa.amsl.com>; Wed, 8 Feb 2012 03:41:55 -0800 (PST)
Received: from scss.tcd.ie (hermes.cs.tcd.ie [IPv6:2001:770:10:200:889f:cdff:fe8d:ccd2]) by ietfa.amsl.com (Postfix) with ESMTP id 1C5DF21F869A for <hokey@ietf.org>; Wed, 8 Feb 2012 03:41:54 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by hermes.scss.tcd.ie (Postfix) with ESMTP id DAFD1153C0E; Wed, 8 Feb 2012 11:41:53 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; h= content-transfer-encoding:content-type:in-reply-to:references :subject:mime-version:user-agent:from:date:message-id:received :received:x-virus-scanned; s=cs; t=1328701313; bh=YsOJK1uPlvV3sL xnYu38Pb8UXmalLI3SCdPSwlYZvys=; b=jCbZJb3UsADLxT8ocv2cVbrR7ZtiqE XETdvBEexkyp8X3mSVLA2fVa43ipBhz+dh68k/lZGy8S8oavYggynerjqbAorlKT cgcYdlMkewGr/nzYZMPXUGWeLvBnaVqS+bvyv6LpIJkrE1ck2WEb2+3BweIZq2D3 5vbkk/vq3PBfAQrFLqCkbp9pnFpyqFlRnXCY+Fd4MbGk/2fFaf24UaHMNMQ9IPbz s62YpoBQhW5qpTgSOCv6hgmod8toxC5DfvZ51vYZrBoEAlY7smjuxLMs9hrcW7ts SAx+FB0Z1b8WSB6GB8TByhqd2xO+Y7zw2hQYgKACXH6EnaJ4qmL7gWYg==
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from scss.tcd.ie ([127.0.0.1]) by localhost (scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10027) with ESMTP id AlyUd3eyHxwO; Wed, 8 Feb 2012 11:41:53 +0000 (GMT)
Received: from [IPv6:2001:770:10:203:a288:b4ff:fe9c:bc5c] (unknown [IPv6:2001:770:10:203:a288:b4ff:fe9c:bc5c]) by smtp.scss.tcd.ie (Postfix) with ESMTPSA id E3038171C2F; Wed, 8 Feb 2012 11:41:52 +0000 (GMT)
Message-ID: <4F325F78.5070701@cs.tcd.ie>
Date: Wed, 08 Feb 2012 11:41:44 +0000
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux i686 on x86_64; rv:9.0) Gecko/20111222 Thunderbird/9.0.1
MIME-Version: 1.0
To: Tina TSOU <Tina.Tsou.Zouting@huawei.com>
References: <4F2AA2F8.4010004@ericsson.com> <4F2AA5E2.2040106@cs.tcd.ie> <20857042-B4A9-4861-8AC2-5E7324DFEE16@huawei.com>
In-Reply-To: <20857042-B4A9-4861-8AC2-5E7324DFEE16@huawei.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: "miguel.a.garcia@ericsson.com" <miguel.a.garcia@ericsson.com>, "hokey@ietf.org" <hokey@ietf.org>
Subject: Re: [HOKEY] Fwd: Gen-ART review of draft-ietf-hokey-erp-aak-07
X-BeenThere: hokey@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: HOKEY WG Mailing List <hokey.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/hokey>, <mailto:hokey-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hokey>
List-Post: <mailto:hokey@ietf.org>
List-Help: <mailto:hokey-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hokey>, <mailto:hokey-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Feb 2012 11:41:56 -0000

Hi,

IETF LC is ended for this.

I think the only comment I saw a gen-art review (is
that right?) but that there are changes resulting from
that so I've marked this as revised I-D needed. Please
submit a -08 that includes the changes needed. (I'm not
sure if any of those will require something different
from IANA, but if they do please also respond to IANA's
mail, cc'ing me, if their actions are changed.)

As soon as we have that I can put this on an IESG
telechat agenda,

Thanks,
Stephen.


On 02/04/2012 07:21 PM, Tina TSOU wrote:
> Good catch. Thank u, Miguel.
>
> Sent from my iPad
>
> On Feb 2, 2012, at 7:04 AM, "Stephen Farrell"<stephen.farrell@cs.tcd.ie>  wrote:
>
>>
>> FYI
>>
>> -------- Original Message --------
>> Subject: Gen-ART review of draft-ietf-hokey-erp-aak-07
>> Date: Thu, 2 Feb 2012 15:51:36 +0100
>> From: Miguel A. Garcia<Miguel.A.Garcia@ericsson.com>
>> To: Zhen Cao<zehn.cao@gmail.com>om>, Hui Deng<denghui02@gmail.com>om>, sunseawq@huawei.com, Stephen Farrell<stephen.farrell@cs.tcd.ie>
>> CC: General Area Review Team<gen-art@ietf.org>
>>
>> I have been selected as the General Area Review Team (Gen-ART)
>> reviewer for this draft. For background on Gen-ART, please see the FAQ at
>> <http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>
>>
>> Please resolve these comments along with any other comments you may receive.
>>
>> Document: draft-ietf-hokey-erp-aak-07
>> Reviewer: Miguel Garcia<miguel.a.garcia@ericsson.com>
>> Review Date: 2011-01-02
>> IETF LC End Date: 2012-02-07
>>
>> Summary: This draft is on the right track but has open issues, described
>> in the review.
>>
>> Major issues:
>>
>> - None
>>
>> Minor issues:
>>
>> - The main problem I have with this draft is the lack of normative text
>> (RFC 2119 reserved words) in relevant paragraphs. If interoperability is
>> to be granted, an effort should be taken in adding quite a few more
>> normative statements.
>>
>> However, having said that, the section where I find more that there
>> should be more normative text, is Section 3, which is an "Overview"
>> section. In general, an overview section should use descriptive, but not
>> normative text.
>>
>> For example, take the last paragraph in Page 5 (that continues to Page
>> 6). One possible change is to make normative the text and move it outside
>> a section whose title is "Overview".
>>
>>    Upon receiving the message, the ERP/AAK server MUST first use the
>>    keyName indicated in the keyName-NAI to look up the rIK and MUST
>>    check the integrity and freshness of the message. Then the ERP/AAK
>>    server MUST verify the identity of the peer by checking the username
>>    portion of the KeyName-NAI.  If any of the checks fail, the server
>>    MUST send an early- authentication finish message (EAP-Finish/Re-auth
>>    with E-flag set) with the Result flag set to '1'.  Next, the server
>>    MUST authorize the CAP specified in the CAP-Identifier TLV.  In
>>    success case, the server MUST derive a pMSK from the pRK for each CAP
>>    carried in the the CAP-Identifier field using the sequence number
>>    associated with CAP-Identifier as an input to the key derivation.
>>    (see d. in the figure 1).
>>
>>    Then the ERP/AAK server MUST transport the pMSK to the authorized CAP
>>    via AAA Section 7 as described in figure 2 (see e.1,e.2 in the figure
>>    2). Note that key distribution in the figure 2 is one part of step d.
>>    in the figure 1.
>>
>> The the last paragraph in Section 3 also contains an "Optionally", which
>> I believe should be replaced with a capitalized "OPTIONAL"
>>
>> Another instance: towards the end of Section 5.2, the text reads:
>>
>>    HMAC-SHA256-128 is mandatory to implement and should be enabled in
>>    the default configuration.
>>
>> and should probably be:
>>
>>    HMAC-SHA256-128 is REQUIRED to be implemented and SHOULD be enabled in
>>    the default configuration.
>>
>> Similarly, the last paragraph in Section 5.2 reads:
>>
>>    If the EAP-Initiate/Re-auth packet is not supported by the SAP, it is
>>    discarded silently.
>>
>> and should probably be:
>>
>>    If the EAP-Initiate/Re-auth packet is not supported by the SAP, it
>>    SHOULD be discarded silently.
>>
>>
>>
>> - Another topic, Section 9 (IANA Considerations) reads:
>>
>>    Further, this document registers a Early authentication usage label
>>    from the "USRK Key Labels" name space with a value:
>>
>>       EAP Early-Authentication Root Key@ietf.org
>>
>>
>> I am missing the sentence to name the master registry where the USRK Key
>> Labels subregistry is stored. This is the Extended Master Session Key
>> (EMSK) Parameters registry (I guess). And probably this comment is also
>> valid for the rest of the IANA actions: the main registry is not named,
>> and it is hard to find it.
>>
>>
>> /Miguel
>> --
>> Miguel A. Garcia
>> +34-91-339-3608
>> Ericsson Spain
>> _______________________________________________
>> HOKEY mailing list
>> HOKEY@ietf.org
>> https://www.ietf.org/mailman/listinfo/hokey
>