Review of draft-harkins-owe-06

Shucheng LIU <liushucheng@huawei.com> Mon, 06 February 2017 09:27 UTC

Return-Path: <liushucheng@huawei.com>
X-Original-To: ietf@ietf.org
Delivered-To: ietf@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 2BFCF127058; Mon, 6 Feb 2017 01:27:21 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: Shucheng LIU <liushucheng@huawei.com>
To: ops-dir@ietf.org
Subject: Review of draft-harkins-owe-06
X-Test-IDTracker: no
X-IETF-IDTracker: 6.42.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <148637324115.18869.12400409523655556669.idtracker@ietfa.amsl.com>
Date: Mon, 06 Feb 2017 01:27:21 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/g_SEgfUdj2HrGIDAtqwPEM78wvc>
Cc: ietf@ietf.org, draft-harkins-owe.all@ietf.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.17
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Feb 2017 09:27:21 -0000

Reviewer: Shucheng LIU
Review result: Has Nits

(testing. first time using the new website tool) 

Hi all,

Sorry for being late due to vacation. Here is my review. 

I have reviewed /draft-harkins-owe-06 as part of the Operational
directorate's ongoing effort to review all IETF documents being
processed by the IESG.  These comments were written with the intent of
improving the operational aspects of the IETF drafts. Comments that
are not addressed in last call may be included in AD reviews during
the IESG review.  Document editors and WG chairs should treat these
comments just like any other last call comments.

“This memo specifies an extension to IEEE Std 802.11 to provide for
   opportunistic (unauthenticated) encryption to the wireless media.”

My overall view of the document is 'Ready with nits' for publication.

Some small ones: 

**** Technical ****

* Section 1, page 1:

>	Opportunistic Wireless Encryption

“Opportunistic” is an odd word in this context the common English
definition is “to do at every opportunity” i.e. “whenever you can” if
this is the 6th draft it may be understood, but will raise questions
about when to apply it and when not to apply it.

* Section 1.3, page 3:
>	As the name implies, OWE provides opportunistic encryption, or
>	encryption of traffic without authentication of endpoints.  OWE was
>	presented to the IEEE 802.11 Working Group for consideration but an
>	"all or nothing" approach to cryptographic protection has been
>	adopted by that body, and OWE is a stop in between "all" and
>	"nothing".

Here explains the opportunity is defined by un-authenticated endpoints
this may define the title better but could lead to claims of once
hacked synthetic or hidden data for the hackers benefit is offered.

* Section 2, page 4:
Seems to contradict the sentence in 1.3; Implying the AP is trusted at
least by SSID. Clause 1.3 appears not totally correct. 

* Section 3, page 5:
This section makes sense to me but confirms it is not totally
opportunistic. As it is only applied when the SSID and BSSID are
confirmed and either open (not encrypted) or not fully trusted (or the
encryption may be known). Seems to contradict the sentence in 1.3.
Clause 1.3 appears need to say a bit more, it only to ask the reader
to read sections 2 & 3.

The technical details seem correct; It may protect against hacker
eavesdropping. 

This does not protect against AP spoofing or piggy-in-the-middle
attacks. It makes authorized eavesdropping harder. So once the AP is
copied it may be harder to find the culprit. Good business should
change the public SSID regularly or employ layer 3 end-to-end
encryption. 


**** Editorial ****

* Section 4.4, page 8:
s/concatentation/concatenation/

* Section 7, page 10:
s/wirless/wireless/


Regards,
Will