Review of draft-harkins-owe-05

Lucy Yong <> Fri, 09 December 2016 17:17 UTC

Return-Path: <>
Received: from (localhost [IPv6:::1]) by (Postfix) with ESMTP id 87E4C1298C5; Fri, 9 Dec 2016 09:17:05 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Lucy Yong <>
Subject: Review of draft-harkins-owe-05
X-Test-IDTracker: no
X-IETF-IDTracker: 6.39.1
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <>
Date: Fri, 09 Dec 2016 09:17:05 -0800
Archived-At: <>
X-Mailman-Version: 2.1.17
List-Id: IETF-Discussion <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 09 Dec 2016 17:17:05 -0000

Reviewer: Lucy Yong
Review result: Ready with Nits

The draft is nearly ready for the publication.
Minor comment: Suggest adding this in security considerations: OWE
provides encryption over the wireless medium, i.e., Wi-Fi without
authentication. Thus it does not provide security for end-to-end
traffic.  users should still use application level security such as
VPN for end-to-end security. In this case, use of OWE prevents VPN
authentication info. to be spoofed in open public Wi-Fi.
one question: Will a user notices if OWE is used or not?  This may be
important for some users. 

nit: r/encryption of the wireless medium/encryption over the wireless