On Thu, 30 May 2024 at 00:56, Watson Ladd via Datatracker <noreply@xxxxxxxx> wrote:
Reviewer: Watson Ladd
Review result: Has Nits
Dear IETFers,
I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG. These comments were written primarily for the benefit of the
security area directors. Document editors and WG chairs should treat
these comments just like any other last call comments.
The summary of the review is Ready With Nits.
I found the document readable and didn't spot any security issues. However,
the security considerations section neglects to explain the importance
of the salt being high entropy and changed when a new authorization record is
created.
Good point, I will add the following text to the security considerations section:
The entropy of salt depends on a high-quality pseudo-random number generator. For further discussion on random number generation, see RFC4086. The salt MUST be regenerated whenever the authorization claim is updated.
-Tiru
-- last-call mailing list -- last-call@xxxxxxxx To unsubscribe send an email to last-call-leave@xxxxxxxx
