Last Call Review of draft-ietf-hokey-key-mgm-

Request Review of draft-ietf-hokey-key-mgm
Requested rev. no specific revision (document currently at 13)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2009-08-03
Requested 2009-07-25
Authors Madjid Nakhjiri, Katrin Hoeper, Yoshihiro Ohba
Draft last updated 2009-08-18
Completed reviews Secdir Last Call review of -?? by Kurt Zeilenga
Secdir Telechat review of -?? by Kurt Zeilenga
Assignment Reviewer Kurt Zeilenga
State Completed
Review review-ietf-hokey-key-mgm-secdir-lc-zeilenga-2009-08-18
Review completed: 2009-08-18


I have reviewed this document as part of the security directorate's  

ongoing effort to review all IETF documents being processed by the  

IESG.  These comments were written primarily for the benefit of the  

security area directors.  Document editors and WG chairs should treat  

these comments just like any other last call comments.

The security consideration starts by saying:

   This section provides security requirements and an analysis on  

transporting EAP keying material using an AAA protocol.

While 6.1 appears to provide the former, 6.2 (the remaining section)  

seems to discuss a particular concern in transporting EAP keying  

material in an APP protocol.  That is, the "analysis" appears to be  

limited to a particular concern.  Is this the only concern?

I would like to see the Security Consideration section to incorporate  

by informative references general discussions of security  

considerations for key technologies (e.g., EAP).

Beyond this, I'm afraid I do not have sufficient experience in the key  

technologies to be able to determine if security considerations are  

well covered or not.

Regards, Kurt