Skip to main content

Last Call Review of draft-ietf-stir-messaging-06
review-ietf-stir-messaging-06-secdir-lc-cam-winget-2023-01-03-00

Request Review of draft-ietf-stir-messaging
Requested revision No specific revision (document currently at 08)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2022-11-03
Requested 2022-10-20
Authors Jon Peterson , Chris Wendt
I-D last updated 2023-01-03
Completed reviews Artart Last Call review of -06 by Claudio Allocchio (diff)
Opsdir Last Call review of -06 by Bo Wu (diff)
Secdir Last Call review of -06 by Nancy Cam-Winget (diff)
Assignment Reviewer Nancy Cam-Winget
State Completed
Request Last Call review on draft-ietf-stir-messaging by Security Area Directorate Assigned
Posted at https://mailarchive.ietf.org/arch/msg/secdir/3wB6XlXSwAk20L1bwsz1ueMhw38
Reviewed revision 06 (document currently at 08)
Result Not ready
Completed 2023-01-03
review-ietf-stir-messaging-06-secdir-lc-cam-winget-2023-01-03-00
I have reviewed this document as part of the security directorate's 
ongoing effort to review all IETF documents being processed by the 
IESG.  These comments were written primarily for the benefit of the 
security area directors.  Document editors and WG chairs should treat 
these comments just like any other last call comments.


This document specifies how the PASSport framework (RFC 8225)can be used to
provide message integrity protection of text and multimedia messages 
by defining a new PASSPort type, e.g. JWT claim "msgi".

The draft seems straightforward, though personally I find naming the JWT 
and PASSport types "msgi" and "msg" respectively to be a little 
confusing/misleading as the claim is for "msg-integrity" perhaps
that is the suffix 'I'.  But that is a personal bias so assuming the working
group has accepted the nomenclature, you can leave the labels as such.

I found no issues with the draft except for one typo:
Section 3.2 last paragraph "mesages" should be "messages"