Last Call Review of draft-ietf-stir-messaging-06
review-ietf-stir-messaging-06-secdir-lc-cam-winget-2023-01-03-00
Request | Review of | draft-ietf-stir-messaging |
---|---|---|
Requested revision | No specific revision (document currently at 08) | |
Type | Last Call Review | |
Team | Security Area Directorate (secdir) | |
Deadline | 2022-11-03 | |
Requested | 2022-10-20 | |
Authors | Jon Peterson , Chris Wendt | |
I-D last updated | 2023-01-03 | |
Completed reviews |
Artart Last Call review of -06
by Claudio Allocchio
(diff)
Opsdir Last Call review of -06 by Bo Wu (diff) Secdir Last Call review of -06 by Nancy Cam-Winget (diff) |
|
Assignment | Reviewer | Nancy Cam-Winget |
State | Completed | |
Request | Last Call review on draft-ietf-stir-messaging by Security Area Directorate Assigned | |
Posted at | https://mailarchive.ietf.org/arch/msg/secdir/3wB6XlXSwAk20L1bwsz1ueMhw38 | |
Reviewed revision | 06 (document currently at 08) | |
Result | Not ready | |
Completed | 2023-01-03 |
review-ietf-stir-messaging-06-secdir-lc-cam-winget-2023-01-03-00
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This document specifies how the PASSport framework (RFC 8225)can be used to provide message integrity protection of text and multimedia messages by defining a new PASSPort type, e.g. JWT claim "msgi". The draft seems straightforward, though personally I find naming the JWT and PASSport types "msgi" and "msg" respectively to be a little confusing/misleading as the claim is for "msg-integrity" perhaps that is the suffix 'I'. But that is a personal bias so assuming the working group has accepted the nomenclature, you can leave the labels as such. I found no issues with the draft except for one typo: Section 3.2 last paragraph "mesages" should be "messages"