[secdir] secdir review of draft-ietf-nea-pt-eap-06

Leif Johansson <leifj@sunet.se> Mon, 07 January 2013 12:43 UTC

Return-Path: <leifj@sunet.se>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id CBB3921F875A; Mon, 7 Jan 2013 04:43:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id XvpbV01-vh7H; Mon, 7 Jan 2013 04:43:14 -0800 (PST)
Received: from backup-server.nordu.net (backup-server.nordu.net [IPv6:2001:948:4:1::66]) by ietfa.amsl.com (Postfix) with ESMTP id D27C221F881A; Mon, 7 Jan 2013 04:42:40 -0800 (PST)
Received: from [] (tb62-102-145-131.cust.teknikbyran.com []) (authenticated bits=0) by backup-server.nordu.net (8.14.5/8.14.3) with ESMTP id r07CgXDY012465 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 7 Jan 2013 13:42:36 +0100 (CET)
Message-ID: <50EAC2B8.3080908@sunet.se>
Date: Mon, 07 Jan 2013 13:42:32 +0100
From: Leif Johansson <leifj@sunet.se>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/17.0 Thunderbird/17.0
MIME-Version: 1.0
To: "secdir@ietf.org" <secdir@ietf.org>, draft-ietf-nea-pt-eap.all@tools.ietf.org, "iesg@ietf.org" <iesg@ietf.org>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: [secdir] secdir review of draft-ietf-nea-pt-eap-06
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Jan 2013 12:43:15 -0000

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the IESG.
These comments were written primarily for the benefit of the security
area directors.  Document editors and WG chairs should treat these
comments just like any other last call comments.

This document describes a posture transport protocol for EAP tunnel

I found the document clearly written and easy to follow.

The only suggestion I have is that in section 3.4 (or 4.2.5) on the Asokan
Attack the document should clearly state that the verification of the
token MUST be performed before any other attestations are evaluated.

        Cheers Leif