Last Call Review of draft-ietf-hokey-key-mgm-
review-ietf-hokey-key-mgm-secdir-lc-zeilenga-2009-08-18-00
| Request | Review of | draft-ietf-hokey-key-mgm |
|---|---|---|
| Requested revision | No specific revision (document currently at 13) | |
| Type | Last Call Review | |
| Team | Security Area Directorate (secdir) | |
| Deadline | 2009-08-03 | |
| Requested | 2009-07-25 | |
| Authors | Madjid Nakhjiri , Katrin Hoeper , Yoshihiro Ohba | |
| I-D last updated | 2009-08-18 | |
| Completed reviews |
Secdir Last Call review of -??
by Kurt Zeilenga
Secdir Telechat review of -?? by Kurt Zeilenga |
|
| Assignment | Reviewer | Kurt Zeilenga |
| State | Completed | |
| Request | Last Call review on draft-ietf-hokey-key-mgm by Security Area Directorate Assigned | |
| Completed | 2009-08-18 |
review-ietf-hokey-key-mgm-secdir-lc-zeilenga-2009-08-18-00
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. The security consideration starts by saying: This section provides security requirements and an analysis on transporting EAP keying material using an AAA protocol. While 6.1 appears to provide the former, 6.2 (the remaining section) seems to discuss a particular concern in transporting EAP keying material in an APP protocol. That is, the "analysis" appears to be limited to a particular concern. Is this the only concern? I would like to see the Security Consideration section to incorporate by informative references general discussions of security considerations for key technologies (e.g., EAP). Beyond this, I'm afraid I do not have sufficient experience in the key technologies to be able to determine if security considerations are well covered or not. Regards, Kurt