Last Call Review of draft-harkins-owe-05
review-harkins-owe-05-secdir-lc-miller-2017-01-13-01

[ re-posting old review to get it onto the mailing list archives; some bugs
prevented it the first time ]

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

Document: draft-harkins-owe-05
Reviewer: Matthew A. Miller
Review Date: 2016-01-13
IETF LC End Date: 2016-01-13
IESG Telechat date: N/A

Summary:

This document describes an extension to 802.11 to perform
opportunistic unauthenticated encryption of wireless connections.

This document is ready, but has nits that ought to be addressed
before publication.

Major issues: NONE

Minor issues:

In Section 4.3 "OWE Association", the fifth paragraph states that a
client "MUST include a Diffie-Hellman Parameter element ...", yet
further in the the same paragraph it states that if PMK Caching is
not performed, then the same element MUST be included.  This seems
redundant, or that there are cases where OWE can be used but the
Diffie-Hellman Parameter element is not required.

This might be more obvious to one that has read the 802.11 suite
(which I admittedly have not), but I think it would be beneficial if
this document could better clarify when the Diffie-Hellman Element
parameter is needed.  For instance, if it is always expected to be
present whenever OWE is desired, then removing the following
sentence would help:

    """
    If "PMK caching" (see Section 4.5) is not performed, it MUST also
    include a Diffie-Hellman Parameter element.
    """

Nits/editorial comments:

* Throughout, the spacing of "--" is consistent, but not expected;
there is never a leading space but there is always a trailing space.

* In Section 3. "802.11 Network Access", a quote is missing after
Open Authentication.