Last Call Review of draft-ietf-hokey-key-mgm-
review-ietf-hokey-key-mgm-secdir-lc-zeilenga-2009-08-18-00

Request Review of draft-ietf-hokey-key-mgm
Requested rev. no specific revision (document currently at 13)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2009-08-03
Requested 2009-07-25
Authors Madjid Nakhjiri, Katrin Hoeper, Yoshihiro Ohba
Draft last updated 2009-08-18
Completed reviews Secdir Last Call review of -?? by Kurt Zeilenga
Secdir Telechat review of -?? by Kurt Zeilenga
Assignment Reviewer Kurt Zeilenga
State Completed
Review review-ietf-hokey-key-mgm-secdir-lc-zeilenga-2009-08-18
Review completed: 2009-08-18

Review
review-ietf-hokey-key-mgm-secdir-lc-zeilenga-2009-08-18

I have reviewed this document as part of the security directorate's  


ongoing effort to review all IETF documents being processed by the  


IESG.  These comments were written primarily for the benefit of the  


security area directors.  Document editors and WG chairs should treat  


these comments just like any other last call comments.




The security consideration starts by saying:


   This section provides security requirements and an analysis on  


transporting EAP keying material using an AAA protocol.


While 6.1 appears to provide the former, 6.2 (the remaining section)  


seems to discuss a particular concern in transporting EAP keying  


material in an APP protocol.  That is, the "analysis" appears to be  


limited to a particular concern.  Is this the only concern?


I would like to see the Security Consideration section to incorporate  


by informative references general discussions of security  


considerations for key technologies (e.g., EAP).


Beyond this, I'm afraid I do not have sufficient experience in the key  


technologies to be able to determine if security considerations are  


well covered or not.



Regards, Kurt