[secdir] Secdir last call review of draft-ietf-stir-enhance-rfc8226-04
Phillip Hallam-Baker via Datatracker <noreply@ietf.org> Wed, 30 June 2021 16:37 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: secdir@ietf.org
Delivered-To: secdir@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id C44CB3A2266; Wed, 30 Jun 2021 09:37:32 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Phillip Hallam-Baker via Datatracker <noreply@ietf.org>
To: secdir@ietf.org
Cc: draft-ietf-stir-enhance-rfc8226.all@ietf.org, last-call@ietf.org, stir@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 7.33.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <162507105275.13238.11164075795882105631@ietfa.amsl.com>
Reply-To: Phillip Hallam-Baker <hallam@gmail.com>
Date: Wed, 30 Jun 2021 09:37:32 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/hzZ3FmvvW0OMhUYCRgdhrPsny-4>
Subject: [secdir] Secdir last call review of draft-ietf-stir-enhance-rfc8226-04
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Jun 2021 16:37:33 -0000
Reviewer: Phillip Hallam-Baker Review result: Ready This document presents an extension to the JWT Claim Constraints capabilities described in RFC 8226. The changes proposed do not substantially change the security model of the original, they merely provide additional expressive power. This document is part of an effort to establish a post-facto security infrastructure for the legacy telephone system which predates any security technology that could have been used to secure it. As such the principal source of insecurity is going to be in the quality of the data being used to make security assertions rather than the expressive power of the assertions themselves.
- [secdir] Secdir last call review of draft-ietf-st… Phillip Hallam-Baker via Datatracker