IETF Logo Mail Archive

Re: [secdir] SECDIR review of draft-ietf-hokey-key-mgm

"Glen Zorn" <glenzorn@comcast.net> Mon, 10 August 2009 17:29 UTC

Return-Path: <glenzorn@comcast.net>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 63F413A6824 for <secdir@core3.amsl.com>; Mon, 10 Aug 2009 10:29:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id L1iLIiM-7B3T for <secdir@core3.amsl.com>; Mon, 10 Aug 2009 10:29:46 -0700 (PDT)
Received: from QMTA06.emeryville.ca.mail.comcast.net (qmta06.emeryville.ca.mail.comcast.net [76.96.30.56]) by core3.amsl.com (Postfix) with ESMTP id 9312F3A6EFB for <secdir@ietf.org>; Mon, 10 Aug 2009 10:29:46 -0700 (PDT)
Received: from OMTA01.emeryville.ca.mail.comcast.net ([76.96.30.11]) by QMTA06.emeryville.ca.mail.comcast.net with comcast id Sf0u1c00k0EPchoA6hVrXJ; Mon, 10 Aug 2009 17:29:51 +0000
Received: from gwzPC ([71.231.55.1]) by OMTA01.emeryville.ca.mail.comcast.net with comcast id ShVp1c00M01ae1j8MhVqUh; Mon, 10 Aug 2009 17:29:51 +0000
From: Glen Zorn <glenzorn@comcast.net>
To: 'Kurt Zeilenga' <Kurt.Zeilenga@Isode.com>, secdir@ietf.org, iesg@ietf.org
References: <369289D9-6E39-4673-B50E-0090BBBB6EB2@Isode.com>
In-Reply-To: <369289D9-6E39-4673-B50E-0090BBBB6EB2@Isode.com>
Date: Mon, 10 Aug 2009 10:29:24 -0700
Message-ID: <00bf01ca19e0$1b703e70$5250bb50$@net>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 12.0
Thread-Index: AcoZ2pSXOn6w+gMtQGqXmDoKX4ZQ2QAA7NIw
Content-Language: en-us
Cc: draft-ietf-hokey-key-mgm@tools.ietf.org
Subject: Re: [secdir] SECDIR review of draft-ietf-hokey-key-mgm
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Aug 2009 17:29:47 -0000

Kurt Zeilenga [mailto://Kurt.Zeilenga@Isode.com] writes:

...

> The security consideration starts by saying:
>     This section provides security requirements and an analysis on
> transporting EAP keying material using an AAA protocol.
> While 6.1 appears to provide the former, 6.2 (the remaining section)
> seems to discuss a particular concern in transporting EAP keying
> material in an APP protocol.  

No.  AFAIK, the only existing protocols in which EAP key transport take
place are AAA.

> That is, the "analysis" appears to be
> limited to a particular concern.  

What the double quotes?

? Is this the only concern?

I would assume so; does that need to be spelled out?

> I would like to see the Security Consideration section to incorporate
> by informative references general discussions of security
> considerations for key technologies (e.g., EAP).

Why?  The EAP (or ERP) authentication is by definition complete by the time
any keys are exported by the EAP method, so it's hard to see how those
considerations are relevant.

> Beyond this, I'm afraid I do not have sufficient experience in the key
> technologies to be able to determine if security considerations are
> well covered or not.
> Regards, Kurt
> 
> 
> 
> 
> _______________________________________________
> secdir mailing list
> secdir@ietf.org
> https://www.ietf.org/mailman/listinfo/secdir

v2.23.0 | Report a Bug | By Email