Re: [secdir] SECDIR review of draft-ietf-hokey-key-mgm

Kurt Zeilenga <Kurt.Zeilenga@Isode.com> Tue, 11 August 2009 01:35 UTC

Return-Path: <Kurt.Zeilenga@Isode.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 153D23A6B47; Mon, 10 Aug 2009 18:35:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.408
X-Spam-Level:
X-Spam-Status: No, score=-2.408 tagged_above=-999 required=5 tests=[AWL=0.191, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2ld0Yms0V0jK; Mon, 10 Aug 2009 18:35:31 -0700 (PDT)
Received: from rufus.isode.com (rufus.isode.com [62.3.217.251]) by core3.amsl.com (Postfix) with ESMTP id CC8923A6C35; Mon, 10 Aug 2009 18:35:30 -0700 (PDT)
Received: from [192.168.1.102] ((unknown) [75.141.233.128]) by rufus.isode.com (submission channel) via TCP with ESMTPSA id <SoDK3wB9YQdr@rufus.isode.com>; Tue, 11 Aug 2009 02:35:32 +0100
X-SMTP-Protocol-Errors: NORDNS
Message-Id: <96E918F7-9D6D-4985-841E-5C170C7CF9F4@Isode.com>
From: Kurt Zeilenga <Kurt.Zeilenga@Isode.com>
To: Glen Zorn <glenzorn@comcast.net>
In-Reply-To: <004f01ca1a22$56af4de0$040de9a0$@net>
Date: Mon, 10 Aug 2009 18:35:23 -0700
References: <369289D9-6E39-4673-B50E-0090BBBB6EB2@Isode.com> <00bf01ca19e0$1b703e70$5250bb50$@net> <B1002512-9406-4681-965C-17A7C189DF98@Isode.com> <004f01ca1a22$56af4de0$040de9a0$@net>
X-Mailer: Apple Mail (2.936)
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"; format="flowed"; delsp="yes"
Content-Transfer-Encoding: 7bit
Cc: gwz@net-zen.net, draft-ietf-hokey-key-mgm@tools.ietf.org, iesg@ietf.org, secdir@ietf.org
Subject: Re: [secdir] SECDIR review of draft-ietf-hokey-key-mgm
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Aug 2009 01:35:32 -0000

On Aug 10, 2009, at 6:23 PM, Glen Zorn wrote:

> Kurt Zeilenga [mailto:Kurt.Zeilenga@Isode.com] writes:
>
>> On Aug 10, 2009, at 10:29 AM, Glen Zorn wrote:
>>
>>> Kurt Zeilenga [mailto://Kurt.Zeilenga@Isode.com] writes:
>>>
>>> ...
>>>
>>>> The security consideration starts by saying:
>>>>   This section provides security requirements and an analysis on
>>>> transporting EAP keying material using an AAA protocol.
>>>> While 6.1 appears to provide the former, 6.2 (the remaining  
>>>> section)
>>>> seems to discuss a particular concern in transporting EAP keying
>>>> material in an APP protocol.
>>>
>>> No.  AFAIK, the only existing protocols in which EAP key transport
>>> take
>>> place are AAA.
>>
>> My point that Section 6 description of what section 6.2 provides  
>> seems
>> not equate (to me) to what 6.2 actually provides.  6.2 seems to
>> discuss a particular issue in "transporting EAP keying material using
>> an AAA protocol" as opposed to a more comprehensive "analysis on
>> transporting EAP keying material using an AAA protocol".
>
> OK.  Can you be a little more specific about what needs to be changed?

The following change would align the text of 6 with the content of its  
two subsections:

OLD:
This section provides security requirements and an analysis on  
transporting EAP keying material using an AAA protocol.
NEW:

This section provides security requirements and a discussion of  
distributing RK without peer consent.

-- Kurt