Last Call Review of draft-ietf-stir-passport-rcd-21
review-ietf-stir-passport-rcd-21-secdir-lc-roca-2022-10-12-00
| Request | Review of | draft-ietf-stir-passport-rcd |
|---|---|---|
| Requested revision | No specific revision (document currently at 26) | |
| Type | Last Call Review | |
| Team | Security Area Directorate (secdir) | |
| Deadline | 2022-10-12 | |
| Requested | 2022-09-28 | |
| Authors | Chris Wendt , Jon Peterson | |
| I-D last updated | 2022-10-12 | |
| Completed reviews |
Genart Last Call review of -22
by Dale R. Worley
(diff)
Secdir Last Call review of -21 by Vincent Roca (diff) Artart Last Call review of -21 by Harald T. Alvestrand (diff) Dnsdir Last Call review of -21 by Florian Obser (diff) Secdir Telechat review of -23 by Vincent Roca (diff) |
|
| Assignment | Reviewer | Vincent Roca |
| State | Completed | |
| Request | Last Call review on draft-ietf-stir-passport-rcd by Security Area Directorate Assigned | |
| Posted at | https://mailarchive.ietf.org/arch/msg/secdir/ANLakvfJjrWdq_ZMqKq5P3thpJg | |
| Reviewed revision | 21 (document currently at 26) | |
| Result | Not ready | |
| Completed | 2022-10-12 |
review-ietf-stir-passport-rcd-21-secdir-lc-roca-2022-10-12-00
Hello, I have reviewed this document as part of the security directorate’s ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. Summary: not ready Globally, the security considerations section addresses all topics that come to my mind, given my understanding. The only comment I have is WRT the last paragraph of section 18.1. The wording: "Excluding this claim", seems ambiguous to me since I don't understand if it refers to the "rcdi claim" or "an entry in mustExclude". Also, I don't understand the core problem (why does a mustExclude tag compromize integrity protection). I think the issue deserves more details. Finally, isn't "MUST NOT" more appropriate than "SHOULD NOT" since the consequences of not following this rule are major. A few, minor, additional comments: - Section 18, 1st sentence: s/its identities/it is identities/ - Section 18, 2nd paragraph: I don't understand "over in a using protocol", please fix typo. - Section 18, 3rd paragraph: s/availbility/availability/ Cheers, Vincent