Last Call Review of draft-ietf-stir-enhance-rfc8226-04
review-ietf-stir-enhance-rfc8226-04-secdir-lc-hallam-baker-2021-06-30-00
| Request | Review of | draft-ietf-stir-enhance-rfc8226 |
|---|---|---|
| Requested revision | No specific revision (document currently at 05) | |
| Type | Last Call Review | |
| Team | Security Area Directorate (secdir) | |
| Deadline | 2021-06-10 | |
| Requested | 2021-05-27 | |
| Authors | Russ Housley | |
| I-D last updated | 2021-06-30 | |
| Completed reviews |
Secdir Last Call review of -04
by Phillip Hallam-Baker
(diff)
Genart Last Call review of -02 by Reese Enghardt (diff) |
|
| Assignment | Reviewer | Phillip Hallam-Baker |
| State | Completed | |
| Request | Last Call review on draft-ietf-stir-enhance-rfc8226 by Security Area Directorate Assigned | |
| Posted at | https://mailarchive.ietf.org/arch/msg/secdir/hzZ3FmvvW0OMhUYCRgdhrPsny-4 | |
| Reviewed revision | 04 (document currently at 05) | |
| Result | Ready | |
| Completed | 2021-06-30 |
review-ietf-stir-enhance-rfc8226-04-secdir-lc-hallam-baker-2021-06-30-00
This document presents an extension to the JWT Claim Constraints capabilities described in RFC 8226. The changes proposed do not substantially change the security model of the original, they merely provide additional expressive power. This document is part of an effort to establish a post-facto security infrastructure for the legacy telephone system which predates any security technology that could have been used to secure it. As such the principal source of insecurity is going to be in the quality of the data being used to make security assertions rather than the expressive power of the assertions themselves.