Last Call Review of draft-ietf-dime-e2e-sec-req-04
review-ietf-dime-e2e-sec-req-04-secdir-lc-perlman-2016-05-19-00
| Request | Review of | draft-ietf-dime-e2e-sec-req |
|---|---|---|
| Requested revision | No specific revision (document currently at 05) | |
| Type | Last Call Review | |
| Team | Security Area Directorate (secdir) | |
| Deadline | 2016-05-12 | |
| Requested | 2016-05-05 | |
| Authors | Hannes Tschofenig , Jouni Korhonen , Glen Zorn , Kervin Pillay | |
| I-D last updated | 2016-05-19 | |
| Completed reviews |
Genart Last Call review of -04
by Christer Holmberg
(diff)
Secdir Last Call review of -04 by Radia Perlman (diff) Opsdir Last Call review of -04 by Qin Wu (diff) |
|
| Assignment | Reviewer | Radia Perlman |
| State | Completed | |
| Request | Last Call review on draft-ietf-dime-e2e-sec-req by Security Area Directorate Assigned | |
| Reviewed revision | 04 (document currently at 05) | |
| Result | Has issues | |
| Completed | 2016-05-19 |
review-ietf-dime-e2e-sec-req-04-secdir-lc-perlman-2016-05-19-00
I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG. These comments were written primarily for the benefit of the
security area directors. Document editors and WG chairs should treat
these comments just like any other last call comments.
The document is readable, though a pass through for simple grammar would be
helpful. However, a more important editorial comment is that AVP should be
defined under terminology and not wait until section 3 to expand the acronym.
-----------
Some things are confusing to me. For instance,
Requirement #7: The solution MUST support symmetric keys and
asymmetric keys.
Motivation: Symmetric and asymmetric cryptographic algorithms
provide different security services. Asymmetric algorithms,
for example, allow non-repudiation services to be offered.
I'm not sure what the motivation was for putting this in. Why would diameter
need nonrepudiation? And if it's using asymmetric, because it wants
nonrepudiation, why would it also need symmetric keys? Indeed, usually
protocols that use asymmetric keys also use symmetric. Or is it saying that
preshared secret keys, or Kerberos must be supported even if a public key
scheme is fully deployed? Why would that be?
--------
I found this sentence confusing:
As an example, consider the Diameter EAP
application [4] that allows the transport of keying material
between the Diameter server to the Diameter client (using the EAP-
Master-Session-Key AVP) for the protection of air interface
between the end device and the network access server.
What is "air interface"? Do you mean the wireless link? Is the "diameter
client" the same as the "end device"? What is the "network access server"?
None of these things are in the diagram.
------------
Also,
{AVP}k refers to an AVP that
experiences security protection (using key "k") without further
distinguishing between integrity and confidentiality protection.
I think it's a good idea to have different notation for confidentiality and
integrity, because sometimes things need one, and sometimes they need both.
---------
Radia