[Last-Call] Secdir last call review of draft-ietf-netconf-keystore-30

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Reviewer: Magnus Nyström
Review result: Has Nits

I have reviewed this document as part of the IETF SecDir's effort to review all
I-Ds before publication. These comments were written primarily for the benefit
of the security area directors.  Document editors and WG chairs should treat
these comments just like any other comments.

This is my second review of this document; the first was done on version -18
(or -19). The document is much improved in clarity, and I particularly liked
the inclusion of a Master Key option to handle KEKs. My remaining comments are:

- The "certificate" node in the YANG module seems under-specified. It isn't
clear to me what "name" refers to, and normally you're able to look up a
certifiate by using the combination of Issuer (distinguished) name and serial
number, for example. Some more info here seems warranted? - Section 4.1 talks
about "possessing" a key - it is not clear what "possess" means. In practice,
access to the key such that it can be used for its intended purpose (even
without being able to know the actual key value) should be sufficient.



-- 
last-call mailing list
last-call@xxxxxxxx
https://www.ietf.org/mailman/listinfo/last-call




[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux