Last Call Review of draft-ietf-stir-cert-delegation-03
review-ietf-stir-cert-delegation-03-genart-lc-robles-2020-08-26-00
Request | Review of | draft-ietf-stir-cert-delegation |
---|---|---|
Requested revision | No specific revision (document currently at 04) | |
Type | Last Call Review | |
Team | General Area Review Team (Gen-ART) (genart) | |
Deadline | 2020-08-26 | |
Requested | 2020-08-12 | |
Authors | Jon Peterson | |
I-D last updated | 2020-08-26 | |
Completed reviews |
Genart Last Call review of -03
by Ines Robles
(diff)
Secdir Last Call review of -03 by Carl Wallace (diff) Secdir Telechat review of -04 by Carl Wallace |
|
Assignment | Reviewer | Ines Robles |
State | Completed | |
Request | Last Call review on draft-ietf-stir-cert-delegation by General Area Review Team (Gen-ART) Assigned | |
Posted at | https://mailarchive.ietf.org/arch/msg/gen-art/VksHLl-OxiQEBY1efbYD8l6xBJI | |
Reviewed revision | 03 (document currently at 04) | |
Result | Ready w/issues | |
Completed | 2020-08-26 |
review-ietf-stir-cert-delegation-03-genart-lc-robles-2020-08-26-00
I am the assigned Gen-ART reviewer for this draft. The General Area Review Team (Gen-ART) reviews all IETF documents being processed by the IESG for the IETF Chair. Please treat these comments just like any other last call comments. For more information, please see the FAQ at <https://trac.ietf.org/trac/gen/wiki/GenArtfaq>. Document: draft-ietf-stir-cert-delegation-03 Reviewer: Ines Robles Review Date: 2020-08-26 IETF LC End Date: 2020-08-26 IESG Telechat date: Not scheduled for a telechat Summary: This specification details how that authority can be delegated from a parent certificate to a subordinate certificate. This supports a number of use cases where callers want to use a particular calling number, but for whatever reason, their outbound calls will not pass through the authentication service of the service provider that controls that numbering resource, it includes also those where service providers grant credentials to enterprises or other customers capable of signing calls with Secure Telephone Identity Revisited (STIR). I have some minor suggestions/questions to the authors. Major issues: None Minor issues: 1-Introduction Section: "..., including various forms of robocalling, voicemail hacking, and swatting..." --> should a reference to RFC7375 be added here? 2- It would be nice to add in Terminology section: - delegation: the concept of delegation and its levels are defined in RFC8226. - definition for "legitimate spoofing". I understand that the draft explain it with an example. 3- It would be nice to add references to concepts, e.g. cA boolean --> cA boolean [rfc5280#section-4.2.1.9] "x5u" link -> "x5u" (X.509 URL) [RFC7515#section-4.1.5] link 4- Section 4: It would be nice to add graphics explaining the process. E.g. can be used as a model the images displayed in https://access.atis.org/apps/group_public/download.php/47134/IPNNI-2019-00043R000.pdf or https://niccstandards.org.uk/wp-content/uploads/2019/03/ND1522V1.1.1.pdf 5- Section 5:"Authentication service behavior for delegate certificates is little changed from [RFC8224] STIR behavior" --> It is not clear to me what are the little changes. Additionally, how you quantify little/big changes?, maybe something like?: "Authentication service behavior varies from STIR behavior [RFC8224] as follows:...." 6- Section 8.1: Should the picture displayed in https://www.ietf.org/proceedings/104/slides/slides-104-stir-certificate-delegation-00--Slide 5 be added here? 7- Security Consideration section: should a reference to RFC7375 be added here? Nits/editorial comments: 8- Expand the first time: JWS -> JSON Web Signature (JWS) Thank you for this document, Ines.