[secdir] Review of draft-harkins-owe-05

Matthew Miller <linuxwolf+ietf@outer-planes.net> Mon, 06 March 2017 16:39 UTC

Return-Path: <linuxwolf+ietf@outer-planes.net>
X-Original-To: secdir@ietf.org
Delivered-To: secdir@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id DCE9312986C; Mon, 6 Mar 2017 08:39:39 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Matthew Miller <linuxwolf+ietf@outer-planes.net>
To: secdir@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.46.1
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <148881837990.15039.4330298821291699213.idtracker@ietfa.amsl.com>
Date: Mon, 06 Mar 2017 08:39:39 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/tQcjpQCbs0Ll9SBAmfqnoz93mIc>
Cc: ietf@ietf.org, draft-harkins-owe.all@ietf.org
Subject: [secdir] Review of draft-harkins-owe-05
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.17
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Mar 2017 16:39:40 -0000

Reviewer: Matthew Miller
Review result: Has Nits

[ re-posting old review to get it onto the mailing list archives; some
bugs prevented it the first time ]

I have reviewed this document as part of the security directorate's 
ongoing effort to review all IETF documents being processed by the 
IESG.  These comments were written primarily for the benefit of the 
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

Document: draft-harkins-owe-05
Reviewer: Matthew A. Miller
Review Date: 2016-01-13
IETF LC End Date: 2016-01-13
IESG Telechat date: N/A

Summary:

This document describes an extension to 802.11 to perform
opportunistic unauthenticated encryption of wireless connections.

This document is ready, but has nits that ought to be addressed
before publication.

Major issues: NONE

Minor issues:

In Section 4.3 "OWE Association", the fifth paragraph states that a
client "MUST include a Diffie-Hellman Parameter element ...", yet
further in the the same paragraph it states that if PMK Caching is
not performed, then the same element MUST be included.  This seems
redundant, or that there are cases where OWE can be used but the
Diffie-Hellman Parameter element is not required.

This might be more obvious to one that has read the 802.11 suite
(which I admittedly have not), but I think it would be beneficial if
this document could better clarify when the Diffie-Hellman Element
parameter is needed.  For instance, if it is always expected to be
present whenever OWE is desired, then removing the following
sentence would help:

    """
    If "PMK caching" (see Section 4.5) is not performed, it MUST also
    include a Diffie-Hellman Parameter element.
    """

Nits/editorial comments:

* Throughout, the spacing of "--" is consistent, but not expected;
there is never a leading space but there is always a trailing space.

* In Section 3. "802.11 Network Access", a quote is missing after
Open Authentication.