Suhas, thanks for your review. I entered an Abstain ballot as I’m unclear on the archival value of this document. I did request a response to your review though. Alissa > On Dec 4, 2019, at 3:09 PM, Suhas Nandakumar via Datatracker <noreply@xxxxxxxx> wrote: > > Reviewer: Suhas Nandakumar > Review result: Ready with Nits > > Summary: The document is a well written summary and covers the ideas clearly. > I don't have major concerns but do have few minor concerns and Nits that might > help with some clarifications > > Major issues: None > > Minor issues: > 1. Section 7.2 para 2 states : "The CPS responds with any such PASSporTs > (assuming they exist)." Given CPS will always respond with a dummy PASSporT, > the statement in the parentheses doesn't hold. (Referring to section 6.2) > > 2. Section 7.4 Call flow: "Call from CS (forged caller-id info)" . Since its > the attacker making the call here, we probably need to change it as "Call from > Attacker (forged caller-id info)". > > 3. Section 7.5 has the following: > > Sign(K_cps, K_temp) > Sign(K_temp, E(K_receiver, PASSporT)) ---> > > This is a clarification question for my understanding. What happens when > one of the 2 messages sent gets lost when storing the PASSporT. Should we need > to add any clarifications to that extent ? > > 4. Section 7.5 last para: clarification question > Since PASSporT is encrypted at CPS , how is it aged out based on the "iat" > value. Is it a function to VS to age out PASSporTs at a given CPS ? > > Nits/editorial comments: > > 1. Section 5.2 para 1: would be nice to add reference to Section 10 > 2. Section 7.2 Call Flow: "Store PASSporT" --> "Store Encrypted PASSporT" > 3. Section 7.2 Call Flow: "Ring phone with callerid" --> "Ring phone with > verified callerid" 4. Section 8.2 Step 3: "number number" --> "number" 5 > Section 8.3 para 2: "Per Step 3" --> "Per Step 3 of Section 8.1" > > > _______________________________________________ > stir mailing list > stir@xxxxxxxx > https://www.ietf.org/mailman/listinfo/stir -- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call
