[kitten] Genart last call review of draft-ietf-kitten-krb-spake-preauth-07

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

[kitten] Genart last call review of draft-ietf-kitten-krb-spake-preauth-07

Christer Holmberg via Datatracker
Reviewer: Russ Housley
Review result: Almost Ready

I am the assigned Gen-ART reviewer for this draft. The General Area
Review Team (Gen-ART) reviews all IETF documents being processed
by the IESG for the IETF Chair.  Please treat these comments just
like any other last call comments.

For more information, please see the FAQ at
<http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>.

Document: draft-ietf-kitten-krb-spake-preauth-07
Reviewer: Russ Housley
Review Date: 2020-05-15
IETF LC End Date: 2020-05-26
IESG Telechat date: Unknown


Summary: Almost Ready

Major Concerns:

Section 1.2: A reference is needed for the "SPAKE algorithm" is
needed here, even if it is a forward pointer to Section 2.
Does this align with draft-irtf-cfrg-spake2?  Are you aware of
https://datatracker.ietf.org/ipr/4018/?


Minor Concerns:

Abstract: Please explain "FAST", perhaps just a pointer to RFC 6113.

Section 7 says:

   First, the hash function associated with the selected group is
   computed over the concatenation of the following values:

A hash value is being computed, not a group.


Nits:

General: Please prepare for publication as an RFC by changing "this
draft" to something that is appropriate for an archival series document.

Section 1: In the first paragraph, we see: "preauthentication".  Then,
in the first paragraph of Section 1.1, we see "pre-authentication".
Please pick one.


Note:  I did not try to compile the ASN.1 or run the python script.



_______________________________________________
Kitten mailing list
[hidden email]
https://www.ietf.org/mailman/listinfo/kitten
Reply | Threaded
Open this post in threaded view
|

Re: [kitten] Genart last call review of draft-ietf-kitten-krb-spake-preauth-07

Robbie Harwood
Russ Housley via Datatracker <[hidden email]> writes:

> Reviewer: Russ Housley
> Review result: Almost Ready
>
> I am the assigned Gen-ART reviewer for this draft. The General Area
> Review Team (Gen-ART) reviews all IETF documents being processed by
> the IESG for the IETF Chair.  Please treat these comments just like
> any other last call comments.

Hi Russ, thanks for the review.  Changes should be present in -08 unless
discussed further below.

> Major Concerns:
>
> Does this align with draft-irtf-cfrg-spake2?

It's derived from it, though they no longer totally align.

> Are you aware of https://datatracker.ietf.org/ipr/4018/?

I have seen it, but as Watson Ladd put it in
https://mailarchive.ietf.org/arch/msg/cfrg/senXefqczpUZo26B35ekz8d3iLo/

    I’m not a patent lawyer, and cannot speculate on any IPR conflicts
    that may or may not exist.

> Minor Concerns:
>
> Abstract: Please explain "FAST", perhaps just a pointer to RFC 6113.

We believe this is covered by the "Document conventions" section.

Thanks,
--Robbie

_______________________________________________
Kitten mailing list
[hidden email]
https://www.ietf.org/mailman/listinfo/kitten

signature.asc (847 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [kitten] [Last-Call] Genart last call review of draft-ietf-kitten-krb-spake-preauth-07

Russ Housley


> On May 28, 2020, at 6:27 PM, Robbie Harwood <[hidden email]> wrote:
>
> Signed PGP part
> Russ Housley via Datatracker <[hidden email]> writes:
>
>> Reviewer: Russ Housley
>> Review result: Almost Ready
>>
>> I am the assigned Gen-ART reviewer for this draft. The General Area
>> Review Team (Gen-ART) reviews all IETF documents being processed by
>> the IESG for the IETF Chair.  Please treat these comments just like
>> any other last call comments.
>
> Hi Russ, thanks for the review.  Changes should be present in -08 unless
> discussed further below.
>
>> Major Concerns:
>>
>> Does this align with draft-irtf-cfrg-spake2?
>
> It's derived from it, though they no longer totally align.
>
>> Are you aware of https://datatracker.ietf.org/ipr/4018/?
>
> I have seen it, but as Watson Ladd put it in
> https://mailarchive.ietf.org/arch/msg/cfrg/senXefqczpUZo26B35ekz8d3iLo/
>
>    I’m not a patent lawyer, and cannot speculate on any IPR conflicts
>    that may or may not exist.
If these documents do not align, then another 3rd party disclosure should be made against this document, so the IPR holder can weigh in.

>> Minor Concerns:
>>
>> Abstract: Please explain "FAST", perhaps just a pointer to RFC 6113.
>
> We believe this is covered by the "Document conventions" section.

In my opinion, something needs to be in the Abstract.  Otherwise, the Abstract is not stand alone.

Russ


_______________________________________________
Kitten mailing list
[hidden email]
https://www.ietf.org/mailman/listinfo/kitten

signature.asc (242 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [kitten] [Last-Call] Genart last call review of draft-ietf-kitten-krb-spake-preauth-07

Robbie Harwood
Russ Housley <[hidden email]> writes:

>> On May 28, 2020, at 6:27 PM, Robbie Harwood <[hidden email]> wrote:
>>
>> Signed PGP part
>> Russ Housley via Datatracker <[hidden email]> writes:
>>
>>> Reviewer: Russ Housley
>>> Review result: Almost Ready
>>>
>>> I am the assigned Gen-ART reviewer for this draft. The General Area
>>> Review Team (Gen-ART) reviews all IETF documents being processed by
>>> the IESG for the IETF Chair.  Please treat these comments just like
>>> any other last call comments.
>>
>> Hi Russ, thanks for the review.  Changes should be present in -08 unless
>> discussed further below.
>>
>>> Major Concerns:
>>>
>>> Does this align with draft-irtf-cfrg-spake2?
>>
>> It's derived from it, though they no longer totally align.
>>
>>> Are you aware of https://datatracker.ietf.org/ipr/4018/?
>>
>> I have seen it, but as Watson Ladd put it in
>> https://mailarchive.ietf.org/arch/msg/cfrg/senXefqczpUZo26B35ekz8d3iLo/
>>
>>    I’m not a patent lawyer, and cannot speculate on any IPR conflicts
>>    that may or may not exist.
>
> If these documents do not align, then another 3rd party disclosure
> should be made against this document, so the IPR holder can weigh in.
Having now reread RFC 8179, it's my understanding that this is both a
required action and does not indicate any further statement on our part.
Accordingly, I've filed a separate IPR, though the system tells me it
may take a day for it to appear.

>>> Minor Concerns:
>>>
>>> Abstract: Please explain "FAST", perhaps just a pointer to RFC 6113.
>>
>> We believe this is covered by the "Document conventions" section.
>
> In my opinion, something needs to be in the Abstract.  Otherwise, the
> Abstract is not stand alone.

That makes sense.  If I change

    Second, enable the use of second factor authentication without
    relying on FAST.

to

    Second, enable the use of second factor authentication without the
    need for a separately-established secure channel (FAST).

would that address your concerns?  I'd also be open to leaving out the
parenthetical mention of FAST entirely if you think that's more clear.

Thanks,
--Robbie

_______________________________________________
Kitten mailing list
[hidden email]
https://www.ietf.org/mailman/listinfo/kitten

signature.asc (847 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [kitten] [Last-Call] Genart last call review of draft-ietf-kitten-krb-spake-preauth-07

Robbie Harwood
Robbie Harwood <[hidden email]> writes:

> Russ Housley <[hidden email]> writes:
>> On May 28, 2020, at 6:27 PM, Robbie Harwood <[hidden email]> wrote:
>>> Russ Housley via Datatracker <[hidden email]> writes:
>>>
>>>> Reviewer: Russ Housley
>>>> Review result: Almost Ready
>>>>
>>>> I am the assigned Gen-ART reviewer for this draft. The General Area
>>>> Review Team (Gen-ART) reviews all IETF documents being processed by
>>>> the IESG for the IETF Chair.  Please treat these comments just like
>>>> any other last call comments.
>>>>
>>>> Minor Concerns:
>>>>
>>>> Abstract: Please explain "FAST", perhaps just a pointer to RFC 6113.
>>>
>>> We believe this is covered by the "Document conventions" section.
>>
>> In my opinion, something needs to be in the Abstract.  Otherwise, the
>> Abstract is not stand alone.
>
> That makes sense.  If I change
>
>     Second, enable the use of second factor authentication without
>     relying on FAST.
>
> to
>
>     Second, enable the use of second factor authentication without the
>     need for a separately-established secure channel (FAST).
>
> would that address your concerns?  I'd also be open to leaving out the
> parenthetical mention of FAST entirely if you think that's more clear.
I've opted to make this change, removing explicit mention of FAST
entirely.  It is part of -09.

Thanks,
--Robbie

_______________________________________________
Kitten mailing list
[hidden email]
https://www.ietf.org/mailman/listinfo/kitten

signature.asc (847 bytes) Download Attachment