[secdir] Review of draft-ietf-emu-eaptunnel-req-08

Russ Mundy <mundy@sparta.com> Thu, 02 December 2010 00:26 UTC

Return-Path: <mundy@sparta.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id EBA413A6830; Wed, 1 Dec 2010 16:26:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZpPT8JyhBKrx; Wed, 1 Dec 2010 16:26:52 -0800 (PST)
Received: from M4.sparta.com (M4.sparta.com [157.185.61.2]) by core3.amsl.com (Postfix) with ESMTP id B60723A6812; Wed, 1 Dec 2010 16:26:51 -0800 (PST)
Received: from Beta5.sparta.com (beta5.sparta.com [157.185.63.21]) by M4.sparta.com (8.13.5/8.13.5) with ESMTP id oB20S38W014701; Wed, 1 Dec 2010 18:28:03 -0600
Received: from mailbin2.ads.sparta.com (mailbin.sparta.com [157.185.85.6]) by Beta5.sparta.com (8.13.8/8.13.8) with ESMTP id oB20S37u006880; Wed, 1 Dec 2010 18:28:03 -0600
Received: from socks1.tislabs.com ([192.94.214.32]) by mailbin2.ads.sparta.com over TLS secured channel with Microsoft SMTPSVC(6.0.3790.4675); Wed, 1 Dec 2010 19:28:03 -0500
From: Russ Mundy <mundy@sparta.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Date: Wed, 1 Dec 2010 19:28:02 -0500
Message-Id: <74C2196A-9DEA-40FF-860B-BDD47857F1CE@sparta.com>
To: secdir@ietf.org
Mime-Version: 1.0 (Apple Message framework v1082)
X-Mailer: Apple Mail (2.1082)
X-OriginalArrivalTime: 02 Dec 2010 00:28:03.0275 (UTC) FILETIME=[C81FA1B0:01CB91B7]
Cc: draft-ietf-emu-eaptunnel-req.all@tools.ietf.org, iesg@ietf.org, Russ Mundy <mundy@sparta.com>
Subject: [secdir] Review of draft-ietf-emu-eaptunnel-req-08
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Dec 2010 00:26:55 -0000

I have reviewed this document as part of the security directorate's 
ongoing effort to review all IETF documents being processed by the 
IESG.  These comments were written primarily for the benefit of the 
security area directors. Document editors and WG chairs should treat 
these comments just like any other last call comments.

I need to start my comments by saying that I do not have a background
in the details EAP, tunnels and TLS so I approached the document
review as someone who was a potential designer of a solution that the
document might provide.  The broad problem that I encountered with the
document is that it is unclear how it relates to other EAP, TLS and
other tunnel specifications.  Since there are essentially no
illustrations or text describing the various parts and how they are
related nor was I able to locate any other document providing
architectural descriptions, my conclusion is that the document seems
to be for people that already are very familiar with other
specifications/documents related to the multiple technology pieces
described in the document.  In short, there is not sufficient
architectural context for the document to be widely useful.

- Publication of the current document (without the architectural
  context) might provide some value to the Internet community
  but I would recommend that the IESG sees that more architectural
  context gets put in some document in the near future. Without such
  architectural direction, documents such as this one will not be used
  as expected either because they won't be found or won't be understood.


A couple of more specific comments:

- In section 2., the redifinition of MUST, MUST NOT, SHOULD, SHOULD
  NOT, and MAY for _this_ document does not seem appropriate.  The
  document should use the standard definitions for these terms or find
  different words for the definitions (conventions).

- Section 4.4 has a normative reference to an I-D which expired in May
  of 2009.  This needs to be corrected prior to publications.


Russ Mundy