Skip to main content

Last Call Review of draft-ietf-stir-oob-05

Request Review of draft-ietf-stir-oob
Requested revision No specific revision (document currently at 07)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2019-09-17
Requested 2019-09-03
Authors Eric Rescorla , Jon Peterson
Draft last updated 2019-09-05
Completed reviews Secdir Last Call review of -05 by Watson Ladd (diff)
Genart Last Call review of -05 by Suhas Nandakumar (diff)
Opsdir Last Call review of -05 by Shwetha Bhandari (diff)
Genart Telechat review of -06 by Suhas Nandakumar (diff)
Secdir Telechat review of -06 by Watson Ladd (diff)
Assignment Reviewer Watson Ladd
State Completed
Review review-ietf-stir-oob-05-secdir-lc-ladd-2019-09-05
Posted at
Reviewed revision 05 (document currently at 07)
Result Has Nits
Completed 2019-09-05
Dear Interested People,

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

The summary of the review is Has Nits.

One nit typographical: the sentence at the bottom of page 9 and top of page 10
beginning "PASSporTs will be encrypted with an" made more sense after I changed
"signed with" to "encrypted with".

Two nits cryptographical: Blind signatures are one approach: VOPRFS are
another, more efficient approach.

The next nit that the property of hiding the recipient of a public key
encrypted message isn't a part of some of the standard security notions. This
means the scheme for encrypting needs to be carefully chosen to make messages
look indistinguishable from random when encrypted (the exact notion is a bit
weaker, but that will do).

Overall I found this draft a cogent discussion of the issues associated with
possible out of band architectures for STIR discovery.

Watson Ladd