Last Call Review of draft-ietf-emu-rfc5448bis-06

Request Review of draft-ietf-emu-rfc5448bis
Requested rev. no specific revision (document currently at 10)
Type Last Call Review
Team General Area Review Team (Gen-ART) (genart)
Deadline 2020-01-29
Requested 2020-01-15
Authors Jari Arkko, Vesa Lehtovirta, Vesa Torvinen, Pasi Eronen
Draft last updated 2020-01-25
Completed reviews Genart Last Call review of -06 by Dan Romascanu (diff)
Secdir Last Call review of -06 by Kyle Rose (diff)
Iotdir Telechat review of -07 by Russ Housley (diff)
Genart Telechat review of -07 by Dan Romascanu (diff)
Assignment Reviewer Dan Romascanu 
State Completed
Review review-ietf-emu-rfc5448bis-06-genart-lc-romascanu-2020-01-25
Posted at
Reviewed rev. 06 (document currently at 10)
Review result Ready with Issues
Review completed: 2020-01-25


I am the assigned Gen-ART reviewer for this draft. The General Area
Review Team (Gen-ART) reviews all IETF documents being processed
by the IESG for the IETF Chair.  Please treat these comments just
like any other last call comments.

For more information, please see the FAQ at


Document: draft-ietf-emu-rfc5448bis-06
Reviewer: Dan Romascanu
Review Date: 2020-01-25
IETF LC End Date: 2020-01-29
IESG Telechat date: Not scheduled for a telechat


This is a very detailed and well-written document that describes a new specification of the specification of EAP-AKA' to support 5G deployments. This specification is ready, but I have a concern about the relationship to the 3GPP specifications that I would suggest to be clarified by the authors and considered by the IESG. 

Major issues:

1. The document includes the following statements related to the 5G and 3GPP relevant specifications: 

In the Abstract: 

> This version of EAP-AKA' specification specifies the protocol
   behaviour for 5G deployments as well.

In Section 1: 

>  Note: This specification refers only to the 5G specifications.
      Any further update that affects, for instance, key derivation is
      something that EAP-AKA' implementations should take into account.
      Upon such updates there will be a need to both update the
      specification and the implementations.

The first quoted text seems to indicate that the specification refers to 5G and other deployments. The second quoted text seems to indicate that the specification refers only to 5G. The two statements seem to be contradictory. 

2. The References sections (both Normative and Informative) include a note that advises the RFC Editor to ...

 Editors, "All 3GPP references should be updated to the
              latest Release 15 version before publishing.".

Is this sufficient? I mean is this a pure editorial task for updating the references? Are the authors certain that none of the changes between now and the publication of the 3GPP latest releases will not impact this document? I am a little nervous about relying on a set of 5G-related work which is still in evolution. Maybe a technical pass by the authors is desirable before publication?  

Minor issues:

Nits/editorial comments:

Appendix B.  Changes from RFC 4187 to RFC 5448 is a copy-paste of Appendix A in RFC 5448. Was this necessary? In any case, it would probably be better to avoid any ambiguity by replacing in the second sentence 'this document' by 'RFC 5448'.