Skip to main content

Telechat Review of draft-harkins-owe-06

Request Review of draft-harkins-owe
Requested revision No specific revision (document currently at 07)
Type Telechat Review
Team Ops Directorate (opsdir)
Deadline 2017-01-31
Requested 2017-01-23
Authors Dan Harkins , Warren "Ace" Kumari
Draft last updated 2017-02-06
Completed reviews Genart Last Call review of -05 by Lucy Yong (diff)
Secdir Last Call review of -05 by Matthew A. Miller (diff)
Opsdir Last Call review of -05 by Mahesh Jethanandani (diff)
Opsdir Telechat review of -06 by Will (Shucheng) LIU (diff)
Assignment Reviewer Will (Shucheng) LIU
State Completed
Review review-harkins-owe-06-opsdir-telechat-liu-2017-02-06
Reviewed revision 06 (document currently at 07)
Result Has Nits
Completed 2017-02-06
(testing. first time using the new website tool)

Hi all,

Sorry for being late due to vacation. Here is my review.

I have reviewed /draft-harkins-owe-06 as part of the Operational directorate's
ongoing effort to review all IETF documents being processed by the IESG.  These
comments were written with the intent of improving the operational aspects of
the IETF drafts. Comments that are not addressed in last call may be included
in AD reviews during the IESG review.  Document editors and WG chairs should
treat these comments just like any other last call comments.

“This memo specifies an extension to IEEE Std 802.11 to provide for
   opportunistic (unauthenticated) encryption to the wireless media.”

My overall view of the document is 'Ready with nits' for publication.

Some small ones:

**** Technical ****

* Section 1, page 1:

>       Opportunistic Wireless Encryption

“Opportunistic” is an odd word in this context the common English definition is
“to do at every opportunity” i.e. “whenever you can” if this is the 6th draft
it may be understood, but will raise questions about when to apply it and when
not to apply it.

* Section 1.3, page 3:
>       As the name implies, OWE provides opportunistic encryption, or
>       encryption of traffic without authentication of endpoints.  OWE was
>       presented to the IEEE 802.11 Working Group for consideration but an
>       "all or nothing" approach to cryptographic protection has been
>       adopted by that body, and OWE is a stop in between "all" and
>       "nothing".

Here explains the opportunity is defined by un-authenticated endpoints this may
define the title better but could lead to claims of once hacked synthetic or
hidden data for the hackers benefit is offered.

* Section 2, page 4:
Seems to contradict the sentence in 1.3; Implying the AP is trusted at least by
SSID. Clause 1.3 appears not totally correct.

* Section 3, page 5:
This section makes sense to me but confirms it is not totally opportunistic. As
it is only applied when the SSID and BSSID are confirmed and either open (not
encrypted) or not fully trusted (or the encryption may be known). Seems to
contradict the sentence in 1.3. Clause 1.3 appears need to say a bit more, it
only to ask the reader to read sections 2 & 3.

The technical details seem correct; It may protect against hacker eavesdropping.

This does not protect against AP spoofing or piggy-in-the-middle attacks. It
makes authorized eavesdropping harder. So once the AP is copied it may be
harder to find the culprit. Good business should change the public SSID
regularly or employ layer 3 end-to-end encryption.

**** Editorial ****

* Section 4.4, page 8:

* Section 7, page 10: