Skip to main content

Telechat Review of draft-ietf-stir-oob-06
review-ietf-stir-oob-06-genart-telechat-nandakumar-2019-12-04-00

Request Review of draft-ietf-stir-oob
Requested revision No specific revision (document currently at 07)
Type Telechat Review
Team General Area Review Team (Gen-ART) (genart)
Deadline 2019-12-03
Requested 2019-11-14
Authors Eric Rescorla , Jon Peterson
Draft last updated 2019-12-04
Completed reviews Secdir Last Call review of -05 by Watson Ladd (diff)
Genart Last Call review of -05 by Suhas Nandakumar (diff)
Opsdir Last Call review of -05 by Shwetha Bhandari (diff)
Genart Telechat review of -06 by Suhas Nandakumar (diff)
Secdir Telechat review of -06 by Watson Ladd (diff)
Assignment Reviewer Suhas Nandakumar
State Completed
Review review-ietf-stir-oob-06-genart-telechat-nandakumar-2019-12-04
Posted at https://mailarchive.ietf.org/arch/msg/gen-art/YnDIPZoiAMatA3R7HWejcySTaRw
Reviewed revision 06 (document currently at 07)
Result Ready with Nits
Completed 2019-12-04
review-ietf-stir-oob-06-genart-telechat-nandakumar-2019-12-04-00
Summary: The document is a well written summary and covers the ideas clearly.
I don't have major concerns  but do have few minor concerns and Nits that might
help with some clarifications

Major issues: None

Minor issues:
1. Section 7.2 para 2 states : "The CPS responds with any such PASSporTs
(assuming they exist)." Given CPS will always respond with a dummy PASSporT,
the statement in the parentheses doesn't hold. (Referring to section 6.2)

2. Section 7.4 Call flow: "Call from CS (forged caller-id info)" . Since its
the attacker making the call here, we probably need to change it as "Call from
Attacker (forged caller-id info)".

3. Section 7.5 has the following:

Sign(K_cps, K_temp)
Sign(K_temp, E(K_receiver, PASSporT)) --->

This is a clarification question for my understanding. What happens when
one of the 2 messages sent gets lost when storing the PASSporT. Should we need
to add any clarifications to that extent ?

4. Section 7.5 last para: clarification question
Since PASSporT is encrypted at CPS , how is it aged out based on the "iat"
value. Is it a function to VS to age out PASSporTs at a given CPS ?

Nits/editorial comments:

1. Section 5.2 para 1: would be nice to add reference to Section 10
2. Section 7.2 Call Flow: "Store PASSporT" --> "Store Encrypted PASSporT"
3. Section 7.2 Call Flow: "Ring phone with callerid" --> "Ring phone with
verified callerid" 4. Section 8.2 Step 3: "number number" --> "number" 5
Section 8.3 para 2: "Per Step 3" --> "Per Step 3 of Section 8.1"