[secdir] Secdir last call review of draft-ietf-stir-oob-05
Watson Ladd via Datatracker <noreply@ietf.org> Fri, 06 September 2019 04:42 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: secdir@ietf.org
Delivered-To: secdir@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 88A301208A1; Thu, 5 Sep 2019 21:42:57 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Watson Ladd via Datatracker <noreply@ietf.org>
To: secdir@ietf.org
Cc: draft-ietf-stir-oob.all@ietf.org, ietf@ietf.org, stir@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.100.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Watson Ladd <watsonbladd@gmail.com>
Message-ID: <156774497737.24303.11133605098244175595@ietfa.amsl.com>
Date: Thu, 05 Sep 2019 21:42:57 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/Yh2ZpMcRa-BsWMrIOBYWOOYQVUM>
Subject: [secdir] Secdir last call review of draft-ietf-stir-oob-05
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Sep 2019 04:42:58 -0000
Reviewer: Watson Ladd Review result: Has Nits Dear Interested People, I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. The summary of the review is Has Nits. One nit typographical: the sentence at the bottom of page 9 and top of page 10 beginning "PASSporTs will be encrypted with an" made more sense after I changed "signed with" to "encrypted with". Two nits cryptographical: Blind signatures are one approach: VOPRFS are another, more efficient approach. The next nit that the property of hiding the recipient of a public key encrypted message isn't a part of some of the standard security notions. This means the scheme for encrypting needs to be carefully chosen to make messages look indistinguishable from random when encrypted (the exact notion is a bit weaker, but that will do). Overall I found this draft a cogent discussion of the issues associated with possible out of band architectures for STIR discovery. Sincerely, Watson Ladd
- [secdir] Secdir last call review of draft-ietf-st… Watson Ladd via Datatracker