[Last-Call] Genart last call review of draft-ietf-stir-cert-delegation-03

Ines Robles via Datatracker <noreply@ietf.org> Wed, 26 August 2020 21:30 UTC

MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Ines Robles via Datatracker <noreply@ietf.org>
To: gen-art@ietf.org
Cc: last-call@ietf.org, stir@ietf.org, draft-ietf-stir-cert-delegation.all@ietf.org
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <159847741398.23291.8299604699001624244@ietfa.amsl.com>
Reply-To: Ines Robles <mariainesrobles@googlemail.com>
Date: Wed, 26 Aug 2020 14:30:14 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/last-call/CT1lxkzAyDA0bv00jOtYo7eP4_Q>
Subject: [Last-Call] Genart last call review of draft-ietf-stir-cert-delegation-03

Reviewer: Ines Robles
Review result: Ready with Issues

I am the assigned Gen-ART reviewer for this draft. The General Area
Review Team (Gen-ART) reviews all IETF documents being processed
by the IESG for the IETF Chair. Please treat these comments just
like any other last call comments.

For more information, please see the FAQ at

<https://trac.ietf.org/trac/gen/wiki/GenArtfaq>.

Document: draft-ietf-stir-cert-delegation-03
Reviewer: Ines Robles
Review Date: 2020-08-26
IETF LC End Date: 2020-08-26
IESG Telechat date: Not scheduled for a telechat

Summary:

This specification details how that authority can be delegated from a parent
certificate to a subordinate certificate. This supports a number of use cases
where callers want to use a particular calling number, but for whatever reason,
their outbound calls will not pass through the authentication service of the
service provider that controls that numbering resource, it includes also those
where service providers grant credentials to enterprises or other customers
capable of signing calls with Secure Telephone Identity Revisited (STIR).

I have some minor suggestions/questions to the authors.

Major issues: None

Minor issues:

1-Introduction Section:

"..., including various forms of robocalling, voicemail hacking, and
swatting..." --> should a reference to RFC7375 be added here?

2- It would be nice to add in Terminology section:

- delegation: the concept of delegation and its levels are defined in RFC8226.
- definition for "legitimate spoofing". I understand that the draft explain it
with an example.

3- It would be nice to add references to concepts, e.g. cA boolean --> cA
boolean [rfc5280#section-4.2.1.9]

"x5u" link -> "x5u" (X.509 URL) [RFC7515#section-4.1.5] link

4- Section 4: It would be nice to add graphics explaining the process.
E.g. can be used as a model the images displayed in
https://access.atis.org/apps/group_public/download.php/47134/IPNNI-2019-00043R000.pdf
or https://niccstandards.org.uk/wp-content/uploads/2019/03/ND1522V1.1.1.pdf

5- Section 5:"Authentication service behavior for delegate certificates is
little
changed from [RFC8224] STIR behavior" --> It is not clear to me what are the
little changes.

Additionally, how you quantify little/big changes?, maybe something like?:
"Authentication service behavior varies from STIR behavior [RFC8224] as
follows:...."

6- Section 8.1: Should the picture displayed in
https://www.ietf.org/proceedings/104/slides/slides-104-stir-certificate-delegation-00--Slide
5 be added here?

7- Security Consideration section: should a reference to RFC7375 be added here?

Nits/editorial comments:

8- Expand the first time: JWS -> JSON Web Signature (JWS)

Thank you for this document,

Ines.

[Last-Call] Genart last call review of draft-ietf… Ines Robles via Datatracker
Re: [Last-Call] [Gen-art] Genart last call review… Alissa Cooper
Re: [Last-Call] Genart last call review of draft-… Ines Robles
Re: [Last-Call] Genart last call review of draft-… Peterson, Jon