Skip to main content

Last Call Review of draft-ietf-emu-aka-pfs-10
review-ietf-emu-aka-pfs-10-genart-lc-dunbar-2023-03-12-00

Request Review of draft-ietf-emu-aka-pfs
Requested revision No specific revision (document currently at 12)
Type Last Call Review
Team General Area Review Team (Gen-ART) (genart)
Deadline 2023-03-13
Requested 2023-02-27
Authors Jari Arkko , Karl Norrman , John Preuß Mattsson
I-D last updated 2023-03-12
Completed reviews Secdir Last Call review of -10 by Carl Wallace (diff)
Opsdir Last Call review of -10 by Bo Wu (diff)
Artart Last Call review of -10 by Sean Turner (diff)
Genart Last Call review of -10 by Linda Dunbar (diff)
Assignment Reviewer Linda Dunbar
State Completed
Request Last Call review on draft-ietf-emu-aka-pfs by General Area Review Team (Gen-ART) Assigned
Posted at https://mailarchive.ietf.org/arch/msg/gen-art/NxvjtV262ZJd8jRQGpTDxsvsyJY
Reviewed revision 10 (document currently at 12)
Result Ready w/nits
Completed 2023-03-12
review-ietf-emu-aka-pfs-10-genart-lc-dunbar-2023-03-12-00
I am the assigned Gen-ART reviewer for this draft. The General Area
Review Team (Gen-ART) reviews all IETF documents being processed
by the IESG for the IETF Chair.  Please treat these comments just
like any other last call comments.

For more information, please see the FAQ at

<https://trac.ietf.org/trac/gen/wiki/GenArtfaq>.

Document: draft-ietf-emu-aka-pfs-10
Reviewer: Linda Dunbar
Review Date: 2023-03-12
IETF LC End Date: 2023-03-13
IESG Telechat date: Not scheduled for a telechat

Summary:
This document describes a protocol (EAP-AKA') that can prevent a breach even
when an attacker has gained access to the shared secrete in a SIM card.

Major issues: None

Minor issues: None

Nits/editorial comments:

It is not clear how the proposed extension is linked with "pervasive
surveillance." Is the extension to make pervasive surveillance more difficult?
The document stated that the proposed extension makes it not possible to
decrypt past communications so as to minimize the impact of SIM breaches. How
are those related to "pervasive surveillance"?

Page 17 (Section 7): It is hard to parse the following sentence. What does "who
are unwilling to mount active attacks against a large number of sessions" mean
in the sentence?

"This extension can provide assistance in situations where there is a
danger of attacks against the key material on SIM cards by
adversaries that cannot or who are unwilling to mount active attacks
against a large number of sessions."

It is difficult to parse the following sentence:

"This extension is most useful when used in a
context where EAP keys are used without further mixing that can
provide Forward Secrecy."

Do you mean, "This extension is most useful when used in a context where EAP
keys are used without Forward Secrecy"?

Thank you,
Linda Dunbar