[secdir] review of draft-ietf-hokey-arch-design-08
Ondřej Surý <ondrej.sury@nic.cz> Mon, 14 November 2011 10:03 UTC
Return-Path: <ondrej.sury@nic.cz>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D10D621F8E4D; Mon, 14 Nov 2011 02:03:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.7
X-Spam-Level:
X-Spam-Status: No, score=-1.7 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, J_CHICKENPOX_23=0.6, MIME_8BIT_HEADER=0.3, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mfb6oNRcR9kO; Mon, 14 Nov 2011 02:03:40 -0800 (PST)
Received: from mail.nic.cz (mail.nic.cz [IPv6:2001:1488:800:400::400]) by ietfa.amsl.com (Postfix) with ESMTP id 7628D21F8B9E; Mon, 14 Nov 2011 02:01:32 -0800 (PST)
Received: from [IPv6:2001:df8::96:cdfb:283e:c8fa:7331] (unknown [IPv6:2001:df8:0:96:cdfb:283e:c8fa:7331]) by mail.nic.cz (Postfix) with ESMTPSA id B610A2A2F20; Mon, 14 Nov 2011 11:01:27 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=nic.cz; s=default; t=1321264888; bh=cuhhVhoGh1o6gZte4lNfz8Oy6f7sf+AL8vJaDi+njCU=; h=From:Content-Type:Content-Transfer-Encoding:Subject:Date: Message-Id:Cc:To:Mime-Version; b=cZwd8fliXAHzMK4zq4mwLyFd4K89wPhTs8cLMDYm40QZR549uuRg+uNAQq8m0Ldce 2r5XxEpH93zuq3R8yC+zDKh3BPJEYwpO0DL7gY4XTGi2hgRz/qwYH4j1GdNTJ59Ro8 h26TFoqVPyA4gW80Q4vr1dyDKsvYgibVo+Qj6ix0=
From: Ondřej Surý <ondrej.sury@nic.cz>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Date: Mon, 14 Nov 2011 18:01:23 +0800
Message-Id: <13B04C3C-8B22-45CA-A9FE-356F44AE2E2E@nic.cz>
To: secdir@ietf.org, The IESG <iesg@ietf.org>
Mime-Version: 1.0 (Apple Message framework v1251.1)
X-Mailer: Apple Mail (2.1251.1)
X-Virus-Scanned: clamav-milter 0.96.5 at mail
X-Virus-Status: Clean
Cc: draft-ietf-hokey-arch-design.all@tools.ietf.org
Subject: [secdir] review of draft-ietf-hokey-arch-design-08
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Nov 2011 10:03:46 -0000
Hi, I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. I haven't been following HOKEY at all, so the comments are basically from innocent bystander who knows as much about EAP as needed to type the password for WiFi in the 802.1x (and is user of eduroam network). The HOKEY architectural document seems to be clearly written and can be understood even by me. It does not introduce neither any new protocol nor security issues and is just a summary of existing standards or I-Ds, so there are no security concerns in this particular document. Some security concerns are referenced to other RFCs (Section 7), but they are just #includes from other documents and not something new introduced by this document. One minor nit: - You suddenly start to use rRK and DSrRK in the tables (4 and 5) in section 5. It would help readability to explain somewhere what these abbreviations mean. O. -- Ondřej Surý vedoucí výzkumu/Head of R&D department ------------------------------------------- CZ.NIC, z.s.p.o. -- Laboratoře CZ.NIC Americka 23, 120 00 Praha 2, Czech Republic mailto:ondrej.sury@nic.cz http://nic.cz/ tel:+420.222745110 fax:+420.222745112 -------------------------------------------