Last Call Review of draft-ietf-pkix-tamp-
review-ietf-pkix-tamp-secdir-lc-zorn-2010-03-03-00

Request Review of draft-ietf-pkix-tamp
Requested rev. no specific revision (document currently at 08)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2010-03-02
Requested 2010-01-21
Authors Carl Wallace, Sam Ashmore, Russ Housley
Draft last updated 2010-03-03
Completed reviews Secdir Last Call review of -?? by Glen Zorn
Assignment Reviewer Glen Zorn
State Completed
Review review-ietf-pkix-tamp-secdir-lc-zorn-2010-03-03
Review completed: 2010-03-03

Review
review-ietf-pkix-tamp-secdir-lc-zorn-2010-03-03

I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG.  These
comments were written primarily for the benefit of the security area
directors.  Document editors and WG chairs should treat these comments just
like any other last call comments.


EDITORIAL COMMENTS

Section 1.2.2 says:
   Management trust anchors are used in the management of cryptographic
   modules.  For example, the TAMP messages specified in this document
   are validated to a management trust anchor.  Likewise, a signed
   firmware package as specified in [RFC4108] is validated to a
   management trust anchor.
This might be better put as    
   Management trust anchors are used in the management of cryptographic
   modules.  For example, the TAMP messages specified in this document
   are validated by a management trust anchor.  Likewise, a signed
   firmware package as specified in [RFC4108] is validated by a
   management trust anchor.

In Section 1.3.4, s/The application-specific protocol processing MUST be
provided the/The application-specific protocol processing MUST provide the/

Section 3, paragraph 3 says "Certificates include a signature, which removes
the ability for relying parties to".  Just a question: should "relying" in
the sentence actually be "relaying"?  In any case, "ability for" should
probably be changed to "ability of".

Suggestion: Section 4.4 says in two places "The status codes appear in the
same order as the TrustAnchorUpdate structures to which they apply"; maybe
"The status codes MUST appear in the same order as the TrustAnchorUpdate
structures to which they apply" would be clearer.

In Section 7, s/if the signer is not representated/if the signer is not
represented/.

The Security Considerations section is remarkably clear and comprehensive.