Last Call Review of draft-ietf-eppext-tmch-smd-03
review-ietf-eppext-tmch-smd-03-secdir-lc-josefsson-2015-12-10-00

Request Review of draft-ietf-eppext-tmch-smd
Requested rev. no specific revision (document currently at 06)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2015-12-04
Requested 2015-11-26
Draft last updated 2015-12-10
Completed reviews Genart Last Call review of -03 by Russ Housley (diff)
Genart Telechat review of -04 by Russ Housley (diff)
Secdir Last Call review of -03 by Simon Josefsson (diff)
Opsdir Last Call review of -03 by Tim Wicinski (diff)
Assignment Reviewer Simon Josefsson
State Completed
Review review-ietf-eppext-tmch-smd-03-secdir-lc-josefsson-2015-12-10
Reviewed rev. 03 (document currently at 06)
Review result Not Ready
Review completed: 2015-12-10

Review
review-ietf-eppext-tmch-smd-03-secdir-lc-josefsson-2015-12-10

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the IESG.
These comments were written primarily for the benefit of the security
area directors.  Document editors and WG chairs should treat these
comments just like any other last call comments.

I believe that this document is Not Ready.  The main reason for this is
the editorial concern 1) below.  Due to it I find it difficiult to
complete a proper technical review of the document.  Once 1) is fixed,
I'm happy to take another look and provide final technical feedback.

For easy reference, here is the document that I reviewed:


https://tools.ietf.org/html/draft-ietf-eppext-tmch-smd-03



1) The "Introduction" (section 1) is too thin to give the reader a
useful introduction to the document.  It explains WHAT is described in
the document, but it does not describe for what PURPOSE this is intended
to be used for.  Nor does it give an introduction to the roles of the
various acronyms mentioned, or the terms used.

The document does not explain what a "mark" or a "signed mark" is, which
appears fundamental for understanding any of it.  I can't find anything
in the WG charter that explain what a "mark" or "signed mark" is either.
I also searched through the normative references.

I suggest to add text describing for what purpose this protocol is
intended for, and some context in which it will be useful, and a
reference or definition of the terms used ("mark" and "signed mark").

Further, since section 2 dives directly into XML protocol details, I
believe this document would be greatly improved by having a new section
called "Architecture" that with a few sentences and/or illustration
describe how the solution is actually intended to work and what entities
are involved.  That would be a better place to put some of the security
discussions in (see issue 3 and 6 below).

2) Section 2: Acronyms like XSD should be expanded on first use.

3) Section 2.3: It says that certificates MAY be signed by a CA, but
it does not discuss anything about how a receiver will be able to
trust either the certificate or the CA, nor how the certificate
validation would actually work.  In particular, how would a receiving
entity validate the certificate?  What is the name that the validator
has to look for in the certificate?

4) Section 2.3, re the smd:url, only suggests a HTTP URL.  Wouldn't it
be useful to allow a HTTPS URL to be used?

5) Section 2.1 and 2.3, re mark:voice, mark:fax and smd:voice -- these
descriptions should clarify the format of the phone number.

6) Section 2.3, the algorithm recommendations could probably be
clarified somewhat.  It says:

   SHA256 as suggested by [RFC6194] and RSA-SHA256 SHOULD be used for
   digesting and signing respectively.  The size of the RSA key SHOULD
   be at least 2048 bits.

I don't think the RFC 6194 reference is all that important in this
context.  What matters is the recommendations given.  I suggest:

   The digital signature algorithm used SHOULD be RSA-SHA256 [RFC 4051].
   The size of the RSA key SHOULD be at least 2048 bits.  A valid reason
   for chosing something else would be if RSA-SHA256 would be deemed to
   not provide sufficient security.

7) Regarding section 2.4, I suggest to use RFC 4648 as the reference
for base64.

8) Section 2.5: The example is really long.  Can't you find a shorter
one?  Will people be helped by having this base64 blob in the
document?  Also the section title shouldn't include "Appendix A", this
should be moved to a proper Appendix.

9) Section 3.1 and 3.2: Don't include copyright notice and license,
use the 'BEGIN CODE' and 'END CODE' marker or simply include text
describing that the following is considered code and is available
under the IPR Trust license.

10) The reference for XMLDSIG is the 2008-06-10 version.  Should it
use 1.1 or 2.0 instead?  See 

http://www.w3.org/TR/xmldsig-core1/

 or


http://www.w3.org/TR/xmldsig-core2/



/Simon


Attachment:


signature.asc




Description:

 PGP signature