Skip to main content

Last Call Review of draft-ietf-httpauth-mutual-algo-06

Request Review of draft-ietf-httpauth-mutual-algo
Requested revision No specific revision (document currently at 07)
Type Last Call Review
Team Ops Directorate (opsdir)
Deadline 2016-10-25
Requested 2016-10-12
Authors Yutaka Oiwa , Hajime Watanabe , Hiromitsu Takagi , Kaoru Maeda , Tatsuya Hayashi , Yuichi Ioku
I-D last updated 2016-10-22
Completed reviews Opsdir Last Call review of -06 by Qin Wu (diff)
Assignment Reviewer Qin Wu
State Completed Snapshot
Review review-ietf-httpauth-mutual-algo-06-opsdir-lc-wu-2016-10-22
Reviewed revision 06 (document currently at 07)
Result Has Nits
Completed 2016-10-22

Hi, Authors:

I have reviewed this document as part of the Operational directorate's ongoing
effort to review all IETF documents being processed by the IESG.  These
comments were written with the intent of improving the operational
 aspects of the IETF drafts. Comments that are not addressed in last call may
 be included in AD reviews during the IESG review.  Document editors and WG
 chairs should treat these comments just like any other last call comments.

This document defines four HTTP Mutual authentication algorithms which use with
Mutual authentication protocol for HTTP, two for Discrete Logarithm settings,
two for elliptic curve settings. In addition, the security of this algorithm is
well analyzed.

There is no major issue. I believe this document is ready for publication. Here
are a few editorial comments I like to ask authors to consider:

Minor issues:


Section 1.1 said:


When a natural

   number output is required, the notation INT(H(s)) is used.


I will see INT(H(s)) as a formula to convert H(s) into natural number


Section 2, 1



What is DL-based notations? Can you expand DL? Is it Description Logic or
something else?

You can consider to add acronym and abbreviation section.

3.Section 2, 2nd paragraph and the figure that describe protocol exchange for
four value

Where you define the first two messages in this draft? Are you referred to the
first messages that contain ID, K_c1 and K_s1 respectively in the figure? I don


 see you specify message format or give a message name? I don


t see you related text with the message shown in the figure?

In addition, where the last two message defined in [I-D.ietf-httpauth-mutual]?
Can you provide section number?

By reading [[I-D.ietf-httpauth-mutual], I see K_c1, K_s1, VK_c,VK_s has already
been defined in [[I-D.ietf-httpauth-mutual], I feel confused and am wondering
if this draft really defines
 the first two messages? Or four message shown in the figure are all defined in
 the [[I-D.ietf-httpauth-mutual].

4.Section 3.1, 3rd paragraph said:


The functions named octet(), OCTETS(), and INT() are those defined in

the core specification [I-D.ietf-httpauth-mutual].


Is the core specification [I-D.ietf-httpauth-mutual]the core document mentioned
in section 3? If yes, please make them consistent.

5.Section 3.3, symbol




g: for "the generator" associated with the group.

How the symobol




 is different from symbol




in the section 3.2? Does G stand for the generator associated with the defined
 What do you mean


the defined point


? Would be great to clarify the difference between
 G and g.

6.Section 5.2 said:


In the EC setting, r has to be

prime.  Defining a variation of this algorithm using a different

domain parameter SHOULD be attentive to these conditions.


What is EC setting? Please expand EC? Elliptic Curve? Please make this clear or
add this abbreviation into abbreviation section.


1.Section 1,1st paragraph

s/ use withMutual authentication protocol/ use with Mutual authentication

2.Section 5.2

s/ mixing values from from two/ mixing values from two