Re: [Last-Call] Secdir last call review of draft-ietf-stir-messaging-06

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On 03/01/2023 23:55, Nancy Cam-Winget via Datatracker wrote:
Reviewer: Nancy Cam-Winget
Review result: Not Ready


If this document is straightforward and has no issues, why is it 'Not Ready'?

Tom Petch




I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.


This document specifies how the PASSport framework (RFC 8225)can be used to
provide message integrity protection of text and multimedia messages
by defining a new PASSPort type, e.g. JWT claim "msgi".

The draft seems straightforward, though personally I find naming the JWT
and PASSport types "msgi" and "msg" respectively to be a little
confusing/misleading as the claim is for "msg-integrity" perhaps
that is the suffix 'I'.  But that is a personal bias so assuming the working
group has accepted the nomenclature, you can leave the labels as such.

I found no issues with the draft except for one typo:
Section 3.2 last paragraph "mesages" should be "messages"



--
last-call mailing list
last-call@xxxxxxxx
https://www.ietf.org/mailman/listinfo/last-call



[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux