Last Call Review of draft-ietf-hokey-arch-design-
review-ietf-hokey-arch-design-secdir-lc-sury-2011-11-15-00

Hi,

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

I haven't been following HOKEY at all, so the comments are basically
from innocent bystander who knows as much about EAP as needed to type
the password for WiFi in the 802.1x (and is user of eduroam network).

The HOKEY architectural document seems to be clearly written and can
be understood even by me.  It does not introduce neither any new protocol
nor security issues and is just a summary of existing standards or I-Ds,
so there are no security concerns in this particular document.  Some
security concerns are referenced to other RFCs (Section 7), but they
are just #includes from other documents and not something new introduced
by this document.

One minor nit:

- You suddenly start to use rRK and DSrRK in the tables (4 and 5) in section 5.
It would help readability to explain somewhere what these abbreviations mean.


O.
--
 OndÅej SurÃ
 vedoucà vÃzkumu/Head of R&D department
 -------------------------------------------
 CZ.NIC, z.s.p.o.    --    LaboratoÅe CZ.NIC
 Americka 23, 120 00 Praha 2, Czech Republic
 

mailto:ondrej.sury

 at nic.cz    

http://nic.cz/


 tel:+420.222745110       fax:+420.222745112
 -------------------------------------------