[kitten] John Scudder's No Objection on draft-ietf-kitten-krb-spake-preauth-11: (with COMMENT)

John Scudder via Datatracker <noreply@ietf.org> Wed, 17 January 2024 16:41 UTC

MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: John Scudder via Datatracker <noreply@ietf.org>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-kitten-krb-spake-preauth@ietf.org, kitten-chairs@ietf.org, kitten@ietf.org, Nicolas Williams <nico@cryptonector.com>, nico@cryptonector.com
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: John Scudder <jgs@juniper.net>
Message-ID: <170550971259.44795.14577927249974933402@ietfa.amsl.com>
Date: Wed, 17 Jan 2024 08:41:52 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/kitten/mVTJN4Y7xu5mo3FeHRrcWK3glRI>
Subject: [kitten] John Scudder's No Objection on draft-ietf-kitten-krb-spake-preauth-11: (with COMMENT)

John Scudder has entered the following ballot position for
draft-ietf-kitten-krb-spake-preauth-11: No Objection

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)

Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/
for more information about how to handle DISCUSS and COMMENT positions.

The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-kitten-krb-spake-preauth/

----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

Thanks for this document. To the extent I was able to follow it as a decided
non-expert, I found it clear and readable. I have just a few small notes that I
hope may be helpful.

- Section 4.3 ends with the line,

KEY_USAGE_SPAKE 65

I understand this to be, that you're providing the reader with the
IANA-assigned value. But without descriptive words around it, it's just
puzzling and lacking in context. I think you could safely delete the line,
since its information is included in Section 11 and in general it's
desirable, in my experience, to have only a single source of truth for this
kind of thing. Or otherwise, maybe you can work the information into the
prose more smoothly.

- Although RFC 7322 section 4.8.6 provides shockingly little guidance about how
to format your references, I still think you should try to do better than

[SPAKE] Abdalla, M. and D. Pointcheval, "Simple Password-Based
Encrypted Key Exchange Protocols", February 2005.

which omits some of the usual things like what publication it appeared in. A
few seconds of searching took me to
https://dl.acm.org/doi/10.1007/978-3-540-30574-3_14, so assuming that
authoritative perhaps something like the information provided there would be
suitable? ("CT-RSA'05: Proceedings of the 2005 international conference on
Topics in Cryptology February 2005 Pages 191–208")

- You might want to consider your usage of "man-in-the-middle" in light of
https://www.ietf.org/about/groups/iesg/statements/on-inclusive-language/.

[kitten] John Scudder's No Objection on draft-iet… John Scudder via Datatracker
Re: [kitten] John Scudder's No Objection on draft… Greg Hudson
Re: [kitten] John Scudder's No Objection on draft… John Scudder