Hi Joel, Thanks for your review! I now have updated the draft with improvements from your comments, see inline. Hope this clarifies. Thanks, Francesca > -----Original Message----- > From: core <core-bounces@xxxxxxxx> On Behalf Of Joel Halpern > Sent: den 20 juli 2018 04:08 > To: gen-art@xxxxxxxx > Cc: draft-ietf-core-object-security.all@xxxxxxxx; ietf@xxxxxxxx; core@xxxxxxxx > Subject: [core] Genart last call review of draft-ietf-core-object-security-13 > > Reviewer: Joel Halpern > Review result: Ready > > I am the assigned Gen-ART reviewer for this draft. The General Area Review > Team (Gen-ART) reviews all IETF documents being processed by the IESG for > the IETF Chair. Please treat these comments just like any other last call > comments. > > For more information, please see the FAQ at > > <https://trac.ietf.org/trac/gen/wiki/GenArtfaq>. > > Document: draft-ietf-core-object-security-13 > Reviewer: Joel Halpern > Review Date: 2018-07-19 > IETF LC End Date: 2018-07-30 > IESG Telechat date: Not scheduled for a telechat > > Summary: this document is ready for publication as a Proposed Standard > RFC. > My minor concerns from draft -08 have been addressed. > > Major issues: N/A > > Minor issues: > Section 7.2 is about sequence numbers. The first sentence in 7.2 discusses > Nonces. Then the discussion switches to sequence numbers? My guess is > that the Nonce is left over from previous text? > Actually, the first sentence discusses nonces since they are constructed from Partial IVs, which are basically the Sequence Numbers. I added this precision, at the end of the second sentence. OLD: An AEAD nonce MUST NOT be used more than once per AEAD key. The uniqueness of (key, nonce) pairs is shown in Appendix D.3, and in particular depends on a correct usage of Partial IVs. NEW: An AEAD nonce MUST NOT be used more than once per AEAD key. The uniqueness of (key, nonce) pairs is shown in Appendix D.3, and in particular depends on a correct usage of Partial IVs (which encode the Sender Sequence Numbers, see Section 5). > Nits/editorial comments: > In the first paragraph of 3.3, the text reads: > The requirement that Sender ID SHALL be unique in the set of all security > contexts using the same Master Secret, Master Salt, and ID Context > guarantees unique (key, nonce) pairs, which avoids nonce reuse. > Unfortunately, that is not a grammatical sentence. > > I think this sentence was too long to be readable, so I tried to split it up. Hopefully it makes more sense now. NEW: This means that Sender ID SHALL be unique in the set of all security contexts using the same Master Secret, Master Salt, and ID Context; such a requirement guarantees unique (key, nonce) pairs, which avoids nonce reuse. > _______________________________________________ > core mailing list > core@xxxxxxxx > https://www.ietf.org/mailman/listinfo/core
