Skip to main content

Last Call Review of draft-ietf-kitten-krb-spake-preauth-07

Request Review of draft-ietf-kitten-krb-spake-preauth
Requested revision No specific revision (document currently at 10)
Type Last Call Review
Team General Area Review Team (Gen-ART) (genart)
Deadline 2020-05-26
Requested 2020-05-12
Authors Nathaniel McCallum , Simo Sorce , Robbie Harwood , Greg Hudson
I-D last updated 2020-05-15
Completed reviews Secdir Last Call review of -09 by Barry Leiba (diff)
Genart Last Call review of -07 by Russ Housley (diff)
Assignment Reviewer Russ Housley
State Completed
Request Last Call review on draft-ietf-kitten-krb-spake-preauth by General Area Review Team (Gen-ART) Assigned
Posted at
Reviewed revision 07 (document currently at 10)
Result Almost ready
Completed 2020-05-15
I am the assigned Gen-ART reviewer for this draft. The General Area
Review Team (Gen-ART) reviews all IETF documents being processed
by the IESG for the IETF Chair.  Please treat these comments just
like any other last call comments.

For more information, please see the FAQ at

Document: draft-ietf-kitten-krb-spake-preauth-07
Reviewer: Russ Housley
Review Date: 2020-05-15
IETF LC End Date: 2020-05-26
IESG Telechat date: Unknown

Summary: Almost Ready

Major Concerns:

Section 1.2: A reference is needed for the "SPAKE algorithm" is
needed here, even if it is a forward pointer to Section 2.
Does this align with draft-irtf-cfrg-spake2?  Are you aware of

Minor Concerns:

Abstract: Please explain "FAST", perhaps just a pointer to RFC 6113.

Section 7 says:

   First, the hash function associated with the selected group is
   computed over the concatenation of the following values:

A hash value is being computed, not a group.


General: Please prepare for publication as an RFC by changing "this
draft" to something that is appropriate for an archival series document.

Section 1: In the first paragraph, we see: "preauthentication".  Then,
in the first paragraph of Section 1.1, we see "pre-authentication".
Please pick one.

Note:  I did not try to compile the ASN.1 or run the python script.