Last Call Review of draft-harkins-owe-05
review-harkins-owe-05-secdir-lc-miller-2017-01-13-01

Request Review of draft-harkins-owe
Requested rev. no specific revision (document currently at 07)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2017-01-13
Requested 2016-12-05
Authors Dan Harkins, Warren Kumari
Draft last updated 2017-03-06
Completed reviews Genart Last Call review of -05 by Lucy Yong (diff)
Secdir Last Call review of -05 by Matthew Miller (diff)
Opsdir Last Call review of -05 by Mahesh Jethanandani (diff)
Opsdir Telechat review of -06 by Will LIU (diff)
Assignment Reviewer Matthew Miller
State Completed
Review review-harkins-owe-05-secdir-lc-miller-2017-01-13
Reviewed rev. 05 (document currently at 07)
Review result Has Nits
Review completed: 2017-03-06

Review
review-harkins-owe-05-secdir-lc-miller-2017-01-13

[ re-posting old review to get it onto the mailing list archives; some bugs prevented it the first time ]

I have reviewed this document as part of the security directorate's 
ongoing effort to review all IETF documents being processed by the 
IESG.  These comments were written primarily for the benefit of the 
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

Document: draft-harkins-owe-05
Reviewer: Matthew A. Miller
Review Date: 2016-01-13
IETF LC End Date: 2016-01-13
IESG Telechat date: N/A

Summary:

This document describes an extension to 802.11 to perform
opportunistic unauthenticated encryption of wireless connections.

This document is ready, but has nits that ought to be addressed
before publication.

Major issues: NONE

Minor issues:

In Section 4.3 "OWE Association", the fifth paragraph states that a
client "MUST include a Diffie-Hellman Parameter element ...", yet
further in the the same paragraph it states that if PMK Caching is
not performed, then the same element MUST be included.  This seems
redundant, or that there are cases where OWE can be used but the
Diffie-Hellman Parameter element is not required.

This might be more obvious to one that has read the 802.11 suite
(which I admittedly have not), but I think it would be beneficial if
this document could better clarify when the Diffie-Hellman Element
parameter is needed.  For instance, if it is always expected to be
present whenever OWE is desired, then removing the following
sentence would help:

    """
    If "PMK caching" (see Section 4.5) is not performed, it MUST also
    include a Diffie-Hellman Parameter element.
    """

Nits/editorial comments:

* Throughout, the spacing of "--" is consistent, but not expected;
there is never a leading space but there is always a trailing space.

* In Section 3. "802.11 Network Access", a quote is missing after
Open Authentication.