[secdir] review of draft-ietf-hokey-arch-design-08

Ondřej Surý <ondrej.sury@nic.cz> Mon, 14 November 2011 10:03 UTC

Return-Path: <ondrej.sury@nic.cz>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id D10D621F8E4D; Mon, 14 Nov 2011 02:03:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.7
X-Spam-Status: No, score=-1.7 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, J_CHICKENPOX_23=0.6, MIME_8BIT_HEADER=0.3, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id mfb6oNRcR9kO; Mon, 14 Nov 2011 02:03:40 -0800 (PST)
Received: from mail.nic.cz (mail.nic.cz [IPv6:2001:1488:800:400::400]) by ietfa.amsl.com (Postfix) with ESMTP id 7628D21F8B9E; Mon, 14 Nov 2011 02:01:32 -0800 (PST)
Received: from [IPv6:2001:df8::96:cdfb:283e:c8fa:7331] (unknown [IPv6:2001:df8:0:96:cdfb:283e:c8fa:7331]) by mail.nic.cz (Postfix) with ESMTPSA id B610A2A2F20; Mon, 14 Nov 2011 11:01:27 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=nic.cz; s=default; t=1321264888; bh=cuhhVhoGh1o6gZte4lNfz8Oy6f7sf+AL8vJaDi+njCU=; h=From:Content-Type:Content-Transfer-Encoding:Subject:Date: Message-Id:Cc:To:Mime-Version; b=cZwd8fliXAHzMK4zq4mwLyFd4K89wPhTs8cLMDYm40QZR549uuRg+uNAQq8m0Ldce 2r5XxEpH93zuq3R8yC+zDKh3BPJEYwpO0DL7gY4XTGi2hgRz/qwYH4j1GdNTJ59Ro8 h26TFoqVPyA4gW80Q4vr1dyDKsvYgibVo+Qj6ix0=
From: =?utf-8?Q?Ond=C5=99ej_Sur=C3=BD?= <ondrej.sury@nic.cz>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Date: Mon, 14 Nov 2011 18:01:23 +0800
Message-Id: <13B04C3C-8B22-45CA-A9FE-356F44AE2E2E@nic.cz>
To: secdir@ietf.org, The IESG <iesg@ietf.org>
Mime-Version: 1.0 (Apple Message framework v1251.1)
X-Mailer: Apple Mail (2.1251.1)
X-Virus-Scanned: clamav-milter 0.96.5 at mail
X-Virus-Status: Clean
Cc: draft-ietf-hokey-arch-design.all@tools.ietf.org
Subject: [secdir] review of draft-ietf-hokey-arch-design-08
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Nov 2011 10:03:46 -0000


I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

I haven't been following HOKEY at all, so the comments are basically
from innocent bystander who knows as much about EAP as needed to type
the password for WiFi in the 802.1x (and is user of eduroam network).

The HOKEY architectural document seems to be clearly written and can
be understood even by me.  It does not introduce neither any new protocol
nor security issues and is just a summary of existing standards or I-Ds,
so there are no security concerns in this particular document.  Some
security concerns are referenced to other RFCs (Section 7), but they
are just #includes from other documents and not something new introduced
by this document.

One minor nit:

- You suddenly start to use rRK and DSrRK in the tables (4 and 5) in section 5.
It would help readability to explain somewhere what these abbreviations mean.

 Ondřej Surý
 vedoucí výzkumu/Head of R&D department
 CZ.NIC, z.s.p.o.    --    Laboratoře CZ.NIC
 Americka 23, 120 00 Praha 2, Czech Republic
 mailto:ondrej.sury@nic.cz    http://nic.cz/
 tel:+420.222745110       fax:+420.222745112