[http-auth] Benoit Claise's No Objection on draft-ietf-httpauth-mutual-10: (with COMMENT)

"Benoit Claise" <bclaise@cisco.com> Tue, 01 November 2016 21:54 UTC

Return-Path: <bclaise@cisco.com>
X-Original-To: http-auth@ietf.org
Delivered-To: http-auth@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 672D712955C; Tue, 1 Nov 2016 14:54:22 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: Benoit Claise <bclaise@cisco.com>
To: The IESG <iesg@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 6.37.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <147803726238.23936.13603337353694114557.idtracker@ietfa.amsl.com>
Date: Tue, 01 Nov 2016 14:54:22 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/http-auth/w3zANNUabRbHaBZdpnmxMPc8lPc>
Cc: http-auth@ietf.org, draft-ietf-httpauth-mutual@ietf.org, httpauth-chairs@ietf.org, bill.wu@huawei.com
Subject: [http-auth] Benoit Claise's No Objection on draft-ietf-httpauth-mutual-10: (with COMMENT)
X-BeenThere: http-auth@ietf.org
X-Mailman-Version: 2.1.17
List-Id: HTTP authentication methods <http-auth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-auth>, <mailto:http-auth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/http-auth/>
List-Post: <mailto:http-auth@ietf.org>
List-Help: <mailto:http-auth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-auth>, <mailto:http-auth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Nov 2016 21:54:22 -0000

Benoit Claise has entered the following ballot position for
draft-ietf-httpauth-mutual-10: No Objection

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)

Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.

The document, along with other ballot positions, can be found here:


Some editorial comments from our OPS-DIR reviewer, Qin Wu.

I believe this document is ready for publication. Here are a few
editorial comments I like to ask authors to consider:

Minor issues:

1.       Section 1.1 said:


When a natural

   number output is required, the notation INT(H(s)) is used.



I will see INT(H(s)) as a formula to convert H(s) into natural number

2.       Section 2, 1st paragraph:

What is DL-based notations? Can you expand DL? Is it Description Logic or
something else?

You can consider to add acronym and abbreviation section.

3.Section 2, 2nd paragraph and the figure that describe protocol exchange
for four value

Where you define the first two messages in this draft? Are you referred
to the first messages that contain ID, K_c1 and K_s1 respectively in the
figure? I don’t see you specify message format or give a message name? I
don’t see you related text with the message shown in the figure?


In addition, where the last two message defined in
[I-D.ietf-httpauth-mutual]? Can you provide section number?

By reading [[I-D.ietf-httpauth-mutual], I see K_c1, K_s1, VK_c,VK_s has
already been defined in [[I-D.ietf-httpauth-mutual], I feel confused and
am wondering if this draft really defines the first two messages? Or four
message shown in the figure are all defined in the


4.Section 3.1, 3rd paragraph said:


The functions named octet(), OCTETS(), and INT() are those defined in

the core specification [I-D.ietf-httpauth-mutual].


Is the core specification [I-D.ietf-httpauth-mutual]the core document
mentioned in section 3? If yes, please make them consistent.


5.Section 3.3, symbol “G”

g: for "the generator" associated with the group.

How the symobol “G” is different from symbol “g”in the section 3.2? Does
G stand for the generator associated with the defined group? What do you
mean “the defined point”? Would be great to clarify the difference
between G and g.


6.Section 5.2 said:


In the EC setting, r has to be

prime.  Defining a variation of this algorithm using a different

domain parameter SHOULD be attentive to these conditions.


What is EC setting? Please expand EC? Elliptic Curve? Please make this
clear or add this abbreviation into abbreviation section.



1.Section 1,1st paragraph

s/ use withMutual authentication protocol/ use with Mutual authentication

2.Section 5.2

s/ mixing values from from two/ mixing values from two