Re: [secdir] review of draft-ietf-hokey-arch-design-08
Glen Zorn <glenzorn@gmail.com> Tue, 22 November 2011 08:10 UTC
Return-Path: <glenzorn@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0AE6921F8557; Tue, 22 Nov 2011 00:10:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.449
X-Spam-Level:
X-Spam-Status: No, score=-3.449 tagged_above=-999 required=5 tests=[AWL=-0.150, BAYES_00=-2.599, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jhenNO0aObiI; Tue, 22 Nov 2011 00:10:51 -0800 (PST)
Received: from mail-iy0-f172.google.com (mail-iy0-f172.google.com [209.85.210.172]) by ietfa.amsl.com (Postfix) with ESMTP id 46A8721F8551; Tue, 22 Nov 2011 00:10:51 -0800 (PST)
Received: by iaeo4 with SMTP id o4so10075599iae.31 for <multiple recipients>; Tue, 22 Nov 2011 00:10:50 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=dSwQEInK09dWGaLApAOWqRxkZeMqeOlU7uqgIFHjt+I=; b=sHZrgTSFlT5brjGz5rK4BfpJXVKGBzs5thgCuZ1e9KcmGk+wlbk+HVa75XTejkzyK+ LbRpv/vaTuGUhIMdMEEjfLXw9j1YfBUR66Iv3VOgn+ZmRZjbGJVc82pdnlgtl0xwN+2f hnYT4X7r+M3jGyHoevfzAvq1ijbiMcn16Eoz4=
Received: by 10.50.85.129 with SMTP id h1mr18513274igz.47.1321949450946; Tue, 22 Nov 2011 00:10:50 -0800 (PST)
Received: from [192.168.1.98] (ppp-171-96-13-213.revip8.asianet.co.th. [171.96.13.213]) by mx.google.com with ESMTPS id z10sm56859561ibv.9.2011.11.22.00.10.40 (version=SSLv3 cipher=OTHER); Tue, 22 Nov 2011 00:10:49 -0800 (PST)
Message-ID: <4ECB58FC.4030702@gmail.com>
Date: Tue, 22 Nov 2011 15:10:36 +0700
From: Glen Zorn <glenzorn@gmail.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:8.0) Gecko/20111105 Thunderbird/8.0
MIME-Version: 1.0
To: Ondřej Surý <ondrej.sury@nic.cz>
References: <13B04C3C-8B22-45CA-A9FE-356F44AE2E2E@nic.cz>
In-Reply-To: <13B04C3C-8B22-45CA-A9FE-356F44AE2E2E@nic.cz>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 8bit
Cc: draft-ietf-hokey-arch-design.all@tools.ietf.org, The IESG <iesg@ietf.org>, secdir@ietf.org
Subject: Re: [secdir] review of draft-ietf-hokey-arch-design-08
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Nov 2011 08:10:52 -0000
On 11/14/2011 5:01 PM, Ondřej Surý wrote:
> Hi,
>
> I have reviewed this document as part of the security directorate's
> ongoing effort to review all IETF documents being processed by the
> IESG. These comments were written primarily for the benefit of the
> security area directors. Document editors and WG chairs should treat
> these comments just like any other last call comments.
>
> I haven't been following HOKEY at all, so the comments are basically
> from innocent bystander who knows as much about EAP as needed to type
> the password for WiFi in the 802.1x (and is user of eduroam network).
>
> The HOKEY architectural document seems to be clearly written and can
> be understood even by me. It does not introduce neither any new protocol
> nor security issues and is just a summary of existing standards or I-Ds,
> so there are no security concerns in this particular document. Some
> security concerns are referenced to other RFCs (Section 7), but they
> are just #includes from other documents and not something new introduced
> by this document.
>
> One minor nit:
>
> - You suddenly start to use rRK and DSrRK in the tables (4 and 5) in section 5.
> It would help readability to explain somewhere what these abbreviations mean.
How's this:
2. Terminology
This document contains no normative language, hence [RFC2119]
language does not apply.
This document reuses terms defined in Section 2.2 of Ohba, et al.
[RFC5836] and Section 2 of Wu, et al. [I-D.ietf-hokey-rfc5296bis].
In addition, it defines the following:
DSrRK
Domain-Specific reauthentication Root Key.
...