IETF Logo Mail Archive

[secdir] SECDIR Reveiw of draft-ietf-hip-dex-11

Donald Eastlake <d3e3e3@gmail.com> Tue, 21 January 2020 04:19 UTC

Return-Path: <d3e3e3@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B2D62120045; Mon, 20 Jan 2020 20:19:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.749
X-Spam-Level:
X-Spam-Status: No, score=-1.749 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZQ4_TuMaiRPL; Mon, 20 Jan 2020 20:19:01 -0800 (PST)
Received: from mail-il1-x12b.google.com (mail-il1-x12b.google.com [IPv6:2607:f8b0:4864:20::12b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B87FE120046; Mon, 20 Jan 2020 20:19:01 -0800 (PST)
Received: by mail-il1-x12b.google.com with SMTP id p8so1255207iln.12; Mon, 20 Jan 2020 20:19:01 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to:cc; bh=V1dZ95E0F0+F/jy8JuNnqCzkNL1MgTwFpMCWNpajiR4=; b=hgZsGzx7BZzgEonI6PjCs5GwqTS3PZRg+UAfQkIpXvtuMjsdPxojhuJ4jc+V7jbloH i30qeImADOfzjjQ/88XR1q1ix51C29DZZMzLj1HJuucWPTAU9MksX3YyGTPE94pomr2H TdRMLIMTHmFaApSgFY47m27SU3f8mCP//KETu41zrB3OLk7hc93xsleC4pfSwnSh5EMP dlGPQKhGDOQuzfLLntV2070LGNge2/H+VdRLCijA0YBOeb7wSKrclGFkG9DXH3Xr8UiU 9ITyhTUYFFbADtjYlKTqftkp810+tGEIPBxAbWSpFM4O1qZy7rX8fbboy7g6lWvEdHgn RctA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc; bh=V1dZ95E0F0+F/jy8JuNnqCzkNL1MgTwFpMCWNpajiR4=; b=JUAR4r2UMPoYJbcT+OjOWhyYK3PemepgT6HUhESKM+B5eSABP9VI7TtmK01ial0EAB nOsqRjlf+I0RVp/sTxMEmdE2+NgusSVUtu55hpXilVSDXNueboTYGw10UUexq8KK4bCw U3wxln75n919HD4FgqGvhWwJJk/+brz0ASz3tOIBS4Uf5MuXNJhIbZWae3VaUeGHaFtN U+In1Km4OcxXuhEZPk/E3kpHwAAiSzaW5gYh2E43N4A01AKFyrQMbcsyKwl5EPCWjnpu xxwaYfSuyemXaRx09lSL7Lf8oLxq29aD5KoPAE8aJsTqv7p1Rjg7oYOb7fPiiVvPzAZp E7TQ==
X-Gm-Message-State: APjAAAUVVa3JU0dYFj/7rWzjou8i/R948fgsvJnCF/F7OydyrsFAsjyL ZtKxsol65g2FeXgta8oGJN+T0Qop0oe7qf5zG/5U4wQ2
X-Google-Smtp-Source: APXvYqyiej58jiTYrHcH0PcSiJKBZd02MOatLTV5Y44wBuF1cY1B+tPYjAVTYdAf9uG3UHwvI/y4B8rcpNuxysccl5E=
X-Received: by 2002:a92:cd52:: with SMTP id v18mr2143634ilq.83.1579580340655; Mon, 20 Jan 2020 20:19:00 -0800 (PST)
MIME-Version: 1.0
From: Donald Eastlake <d3e3e3@gmail.com>
Date: Mon, 20 Jan 2020 23:18:49 -0500
Message-ID: <CAF4+nEH=x4Lggm+mmr2aFz9eEy6ajWK9upJE7BQk60p6xLDBxw@mail.gmail.com>
To: draft-ietf-hip-dex.all@ietf.org
Cc: "iesg@ietf.org" <iesg@ietf.org>, secdir <secdir@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/lLsgqmAoTKwpGa22q__vZ_LBO3U>
Subject: [secdir] SECDIR Reveiw of draft-ietf-hip-dex-11
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Jan 2020 04:19:03 -0000

I have reviewed this document as (a very late) part of the security
directorate's ongoing effort to review all IETF documents being
processed by the IESG.

The summary of the review is Ready with Nits.

Sorry to get this review in so late but, while approved by the IESG,
the draft is still in revised draft needed state so this may do some
good. On the security front, although the draft is pretty complex and
I am not that familiar with HIP, I did not see any significant
security issues that were not already called out in the draft. So I
concentrated on possible editorial issues.

Editorial:

Section 1.1, 3rd paragraph, page 5. Delete "However," a the beginning
of the 2nd sentence. It doesn't make sense.

Section 2.3, Definitions should be in alphabetic order.

Section 2.3: It seems to me that people who are puzzled about what
something means are most likely to be puzzled by the acronym. So I
would put the acronym first, where there is an acronym or acronym-like
term to use, then the expansion in parenthesis or in the body of the
definition. This done for a couple of entries like CMAC and CKDF but
most are the other way.

Section 3 last paragraph and Section 12.10 5th bullet: "to use" -> "use of"

I think OGA  and KEYMAT should be in the Definitions list and KEYMAT,
which I assume just is short for "keying material", should be expanded
on first use in Section 6.3. Alternatively, you could just replace all
occurrences of KEYMAT with "Keying Material".

Section 5.3.2, page 23. The first sentence of the first paragraph
starting on that page has problems. Maybe "chose" should be "choses"
but I'm not sure:
  "The DH_GROUP_LIST parameter contains the Responder's order of
   preference based on which the Responder chose the ECDH key contained
   in the HOST_ID parameter (see below)."

Appendix A, first sentence, "allows to identify" -> "allows identifying"

Appendix B, "IEDG" -> "IESG"

Appendix B, around the middle of page 51, right after the line
beginning with "Section 6," there are three line with a blank line
before and after. I found this confusing at first. I suggest those
three line also be indented.

Appendix B, page 52, "SHOUDS" -> "SHOUDs"

Thanks,
Donald
===============================
 Donald E. Eastlake 3rd   +1-508-333-2270 (cell)
 2386 Panoramic Circle, Apopka, FL 32703 USA
 d3e3e3@gmail.com

v2.23.0 | Report a Bug | By Email