Skip to main content

Last Call Review of draft-ietf-stir-passport-rcd-21

Request Review of draft-ietf-stir-passport-rcd
Requested revision No specific revision (document currently at 26)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2022-10-12
Requested 2022-09-28
Authors Chris Wendt , Jon Peterson
I-D last updated 2022-10-12
Completed reviews Genart Last Call review of -22 by Dale R. Worley (diff)
Secdir Last Call review of -21 by Vincent Roca (diff)
Artart Last Call review of -21 by Harald T. Alvestrand (diff)
Dnsdir Last Call review of -21 by Florian Obser (diff)
Secdir Telechat review of -23 by Vincent Roca (diff)
Assignment Reviewer Vincent Roca
State Completed
Review review-ietf-stir-passport-rcd-21-secdir-lc-roca-2022-10-12
Posted at
Reviewed revision 21 (document currently at 26)
Result Not ready
Completed 2022-10-12

I have reviewed this document as part of the security directorate’s ongoing
effort to review all IETF documents being processed by the IESG. These
comments were written primarily for the benefit of the security area
directors. Document editors and WG chairs should treat these comments just
like any other last call comments.

Summary: not ready

Globally, the security considerations section addresses all topics that come to
my mind, given my understanding. The only comment I have is WRT the last
paragraph of section 18.1. The wording: "Excluding this claim", seems ambiguous
to me since I don't understand if it refers to the "rcdi claim" or "an entry in
mustExclude". Also, I don't understand the core problem (why does a mustExclude
tag compromize integrity protection). I think the issue deserves more details.
Finally, isn't "MUST NOT" more appropriate than "SHOULD NOT" since the
consequences of not following this rule are major.

A few, minor, additional comments:
- Section 18, 1st sentence: s/its identities/it is identities/
- Section 18, 2nd paragraph: I don't understand "over in a using protocol",
please fix typo. - Section 18, 3rd paragraph: s/availbility/availability/