IETF Logo Mail Archive

[KEYPROV] Review of draft-ietf-keyprov-portable-symmetric-key-container-02.txt

Hannes Tschofenig <Hannes.Tschofenig@gmx.net> Wed, 28 November 2007 20:38 UTC

Return-path: <keyprov-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IxTgI-0004PO-9R; Wed, 28 Nov 2007 15:38:50 -0500
Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IxTgH-0004Op-0Z for keyprov@ietf.org; Wed, 28 Nov 2007 15:38:49 -0500
Received: from mail.gmx.net ([213.165.64.20]) by chiedprmail1.ietf.org with smtp (Exim 4.43) id 1IxTgG-0006L8-19 for keyprov@ietf.org; Wed, 28 Nov 2007 15:38:48 -0500
Received: (qmail invoked by alias); 28 Nov 2007 20:38:46 -0000
Received: from p54984A75.dip.t-dialin.net (EHLO [192.168.1.5]) [84.152.74.117] by mail.gmx.net (mp021) with SMTP; 28 Nov 2007 21:38:46 +0100
X-Authenticated: #29516787
X-Provags-ID: V01U2FsdGVkX1+gtFE5LaygrP3xQ+ZT7nTeEqg79cBMB/BvVUEbNA UaqH8ToXbNPEGw
Message-ID: <474DD1D5.1000403@gmx.net>
Date: Wed, 28 Nov 2007 21:38:45 +0100
From: Hannes Tschofenig <Hannes.Tschofenig@gmx.net>
User-Agent: Thunderbird 2.0.0.9 (Windows/20071031)
MIME-Version: 1.0
To: keyprov@ietf.org
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Y-GMX-Trusted: 0
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 22bbb45ef41b733eb2d03ee71ece8243
Subject: [KEYPROV] Review of draft-ietf-keyprov-portable-symmetric-key-container-02.txt
X-BeenThere: keyprov@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Provisioning of Symmetric Keys \(keyprov\)" <keyprov.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/keyprov>, <mailto:keyprov-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/keyprov>
List-Post: <mailto:keyprov@ietf.org>
List-Help: <mailto:keyprov-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/keyprov>, <mailto:keyprov-request@ietf.org?subject=subscribe>
Errors-To: keyprov-bounces@ietf.org

Hi all,

I read through draft-ietf-keyprov-portable-symmetric-key-container-02.txt.
I have a couple of comments.

* There are a couple of editorial issues but I will provide them to the 
authors offline.

* Structure of the document

I believe the structure and presentation of the document could be 
improved by re-arranging
sections and paragraphs it a bit.

Proposal for a modified ToC:

 o Introduction
 o Terminology
 o Use Cases
 o Requirements
 o Key Container
 
 [This is the part that is a bit tricky since you want to describe the 
data model in a way
  that the reader actually understands it. You would have to describe 
all attributes and
  elements in this section but the presentation style needs some 
discussion. ]
 
    o Introduction
      This section starts with the high-level overview of the structure 
of the key container.
      There is text to re-use already in Section 6 (and the 
corresponding figure as well.)
      This text would, for example, indicate  
       * what is the semantic if there are multiple <EncryptionMethod> 
elements within the <KeyContainer> element
       * what is the semantic if there are multiple <Device> elements 
within the <KeyContainer> element
      The text about the <KeyContainer> element is already in Section 6.4.1.
    o Device Element
      Text from Section 5.1 goes in here.
      The <DeviceId>, <Key> and <User> elements are child elements of 
the <device> element.
    o EncryptionMethod Element
      Text from Section 5.1.8 (and Section 6.1.7) goes in here.
    o DigestMethod Element
      Text from Section 5.1.9 (and Section 6.1.8) goes in here.
    o Signature Element
 o XML Schema
 o Security Considerations
 o IANA Considerations
 o References
      
 
 * Why is the <user> element a child element of the <device> element?
   Looking at the figure in Section 6 one would rather get the 
impression that the <user> element
   is a child element of the <KeyContainer> element that happens to have 
a relationship to the
   <device> element.
 * The <data> element is a bit strange. It is the attempt to map a TLV 
or AVP into XML.
   Here is an example (code snippet):

     <Data Name="COUNTER">
        <Value>AAAAAAAAAAA=</Value>
     </Data>

   Depending on the setting of the 'Name' attribute the value is 
interpreted in a different fashion.
   This is a somewhat strange usage of XML. Why don't you just define a 
new type that may contain
   different elements? This would also make the assignment of the data 
types a lot easier and
   would also offer extensibility in a nice fashion.
 * Section 7 contains two XML schemas. I would put them in two separate 
sub-sections since you
   may need to reference them separately in the IANA consideration section.
 * The IANA consideration section for the namespace registration and the 
schema registration is missing.
 * There are internationalization considerations when some of the fields 
are supposed to be processed
   by humans. Is this the case?
 * The Logo schema is pretty complex but it is not really well described 
in the document.
 * Section 5 and section 6 have a lot of overlap. The style is also 
somewhat different.
   Section 6 describes XML schema snippets. This is not good practice 
and not so helpful
   given that Section 7 lists the full schema anyway. It might be more 
helpful to provide
   more examples, if necessary.
   Some elements/attributes that are listed in Section 6 are not listed 
in Section 5 although
   it would be very useful (example: 'expiry').
 * There is no description of the examples. You don't need to put the 
examples in the appendix.
   It is fine to leave them in the main section since many readers are 
for sure going to look
   at the examples; if not only at the examples.
 * Section 5 has each element listed as (OPTIONAL) or (MANDATORY). This 
seems like a nice idea
   but was not done in a consistent fashion nor does it work well when 
you have dependencies to
   the occurrence of other elements/attributes/values.
 * XML element and XML attribute names are not used consistently in the 
same fashion.
 * With regard to the algorithm URIs there is no reference provided to 
Phillip's document.
   Don't you think that would be needed/useful?
 * What exactly is the <UserType> element used for?
 * References: You need to split the references into normative and 
informative references.
   At least the following references are hopefully informative -- 
otherwise we run into problems:
    - [CAP]
    - [OATH]
    - [OATHRefArch]
    - [OCRA]
    - [Schneier]
   Please double-check the other references.
   The reference style is also a bit strange (see, for example, the 
[DSKPP] reference).
   Are you using XML2RFC to edit the document?
   
Ciao
Hannes


_______________________________________________
KEYPROV mailing list
KEYPROV@ietf.org
https://www1.ietf.org/mailman/listinfo/keyprov

v2.23.0 | Report a Bug | By Email