[secdir] Secdir last call review of draft-ietf-lamps-rfc6844bis-06

Stefan Santesson via Datatracker <noreply@ietf.org> Thu, 30 May 2019 00:37 UTC

Return-Path: <noreply@ietf.org>
X-Original-To: secdir@ietf.org
Delivered-To: secdir@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 0108112010F; Wed, 29 May 2019 17:37:47 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Stefan Santesson via Datatracker <noreply@ietf.org>
To: <secdir@ietf.org>
Cc: spasm@ietf.org, ietf@ietf.org, draft-ietf-lamps-rfc6844bis.all@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.97.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Stefan Santesson <stefan@aaa-sec.com>
Message-ID: <155917666691.9144.10382733252232760132@ietfa.amsl.com>
Date: Wed, 29 May 2019 17:37:46 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/yaK6za7pztDjnztZfeAkOYiGBp8>
Subject: [secdir] Secdir last call review of draft-ietf-lamps-rfc6844bis-06
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 May 2019 00:37:47 -0000

Reviewer: Stefan Santesson
Review result: Ready

This document is well written and in general I do not have any comment on the
content beyond the previous reviews.

One thing do come to my mind though.
A common aspect of standards documents is that they only are relevant to those
who declare compliance to the standard. This document is different as it relies
on that all parties (CA:s) are aware of this standard and performs the
stipulated checks.

In the end I assume that this may affect relying parties and how they determine
wether a particular certificate is valid, even if that is not the intention of
this standard. I sort of miss a discussion on this in the security
considerations section.

But that is nothing that should prevent this document from being accepted.