[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Joel M. Halpern] Gen-Art LC Review: draft-ietf-kink-kink-11.txt

To: ietf-kink@xxxxxxxx
Subject: [Joel M. Halpern] Gen-Art LC Review: draft-ietf-kink-kink-11.txt
From: Sam Hartman <hartmans-ietf@xxxxxxx>
Date: Sat, 10 Dec 2005 17:13:12 -0500
Cc: joel@xxxxxxxxxxxxxxxx
List-archive: <http://www.vpnc.org/ietf-kink/mail-archive/>
List-id: <ietf-kink.vpnc.org>
List-unsubscribe: <mailto:ietf-kink-request@vpnc.org?body=unsubscribe>
Sender: owner-ietf-kink@xxxxxxxxxxxxx
User-agent: Gnus/5.1006 (Gnus v5.10.6) Emacs/21.3 (gnu/linux)



Hi.  I believe this review is on track and the
intent of the WG was probably to allow kink_encrypt to be used in these situations.
Can people confirm that's the case?

If so, does someone want to suggest a small set of textual changes
that accomplish this?  Please propose changes in rfc-editor note
format (rfcdiff --ab-dif) so we don't need to respin the draft.

--Sam

--- Begin Message ---

To: <gen-art@xxxxxxxx>

Subject: Gen-Art LC Review: draft-ietf-kink-kink-11.txt

From: "Joel M. Halpern" <joel@xxxxxxxxxxxxxxxx>

Date: Sat, 10 Dec 2005 16:42:22 -0500

Cc: Sam Hartman <hartmans-ietf@xxxxxxx>, ietf-kink@xxxxxxxx, Derek Atkins <derek@xxxxxxxxx>, Jonathan Trostle <jtrostle@xxxxxxxxxxxxx>, Shouichi.Sakane@xxxxxxxxxxxxxxx, Ken-ichi.Kamada@xxxxxxxxxxxxxxx, mat@xxxxxxxxx, vilhuber@xxxxxxxxx

In-reply-to: <E3F9D87C63E2774390FE67C924EC99BB0AB3D497@zrc2hxm1.corp.nor tel.com>

References: <E3F9D87C63E2774390FE67C924EC99BB0AB3D497@zrc2hxm1.corp.nortel.com>
I was selected as General Area Review Team reviewer for this specification
(for background on Gen-ART, please see
http://www.alvestrand.no/ietf/gen/art/gen-art-FAQ.html).

This document appears to be ready for publication as a proposed standard.
I do have one minor comment below.  This may be a result of the fact that I 
am not a security expert and may well have misread the document.

Minor:
The wording of section 6.1 describing the content of the REPLY message, 
section 6.3 text describing the CREATE message, the example of the CREATE 
sequence, and section 4.2.7 on KINK_ENCRYPT are subtly inconsistent.
a) The description of KINK_ENCRYPT should indicate that the inner types are 
the same as regular KINK types, and that KINK_ENCRYPT is specifically 
intended to be used as a wrapper around other KINK TLVs.
b) The description of the REPLY and CREATE messages should state that 
KINK_ENCRYPT is a valid TLV.  The wording lists a set of TLVs that are 
valid, and does not list KINK_ENCRYPT.

Yours,
Joel M. Halpern

[Multiple copies of comment sent according to gen-art procedures.]

----
SEC: Kerberized Internet Negotiation of Keys (KINK)
      draft-ietf-kink-kink-11.txt

Responsible AD: Sam Hartman
Reviewer: Joel Halpern
--- End Message ---

Follow-Ups:
- Re: [Joel M. Halpern] Gen-Art LC Review: draft-ietf-kink-kink-11.txt
  - From: Sam Hartman

Prev by Date: I-D ACTION:draft-ietf-kink-kink-11.txt
Next by Date: Re: [Joel M. Halpern] Gen-Art LC Review: draft-ietf-kink-kink-11.txt
Previous by thread: I-D ACTION:draft-ietf-kink-kink-11.txt
Next by thread: Re: [Joel M. Halpern] Gen-Art LC Review: draft-ietf-kink-kink-11.txt
Index(es):
- Date
- Thread