Last Call Review of draft-ietf-keyprov-symmetrickeyformat-

Request Review of draft-ietf-keyprov-symmetrickeyformat
Requested rev. no specific revision (document currently at 11)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2010-05-04
Requested 2010-04-15
Authors Sean Turner, Russ Housley
Draft last updated 2010-04-27
Completed reviews Secdir Last Call review of -?? by Joseph Salowey
Assignment Reviewer Joseph Salowey
State Completed
Review review-ietf-keyprov-symmetrickeyformat-secdir-lc-salowey-2010-04-27
Review completed: 2010-04-27


I have reviewed this document as part of the security directorate's 
ongoing effort to review all IETF documents being processed by the 
IESG.  These comments were written primarily for the benefit of the 
security area directors.  Document editors and WG chairs should treat 
these comments just like any other last call comments.

The document defines an ASN.1 container for symmetric keys.  This seems
useful.  For the most part the document is clear.  I have the following
comments (I also copied the authors of draft-ietf-keyprov-pskc-05 since
some of the comments may more pertain to that document). 

1. Is the sKey value encrypted or clear text?  

2. Section 3.2.12 Value MAC

I was not clear to me how this MAC was calculated.  What exactly does it
cover?  I assume it is the octet string in the sKey field in the
OneSymmetricKey sequence.  Does it include the ASN.1 encoding or not.  

3. Why is section 4 necessary in
draft-ietf-keyprov-symmetrickeyformat-07 and not in