> On 29 Nov 2019, at 15:39, Stephen Farrell via Datatracker <noreply@xxxxxxxx> wrote:
>
> Reviewer: Stephen Farrell
> Review result: Ready
Hi Stephen,
Thanks for reviewing (again)!
>
> I might not be the best reviewer for this one as I've read it a few times
> before. But anyway, I scanned the diff [1] with RFC7626 and figure it
> seems fine.
>
> The only thing that occurred to me that seemed missing was to note
> that while the new privacy analysis in 3.5.1.1 is already complex, many
> systems are mobile and hence an analysis that ignores that won't be
> sufficient. For a mobile device one really needs to analyse all of the
> possible setups, and hence it's even harder to get to a good answer.
> (It could be that that's elsewhere in the document but since I only
> read the diff, I didn't see it:-)
There was a bit of discussion about this and the following text in 3.4.1 was added:
“ It is also noted that typically a device connected _only_ to a modern
cellular network is
o directly configured with only the recursive resolvers of the IAP
and
o all traffic (including DNS) between the device and the cellular
network is encrypted following an encryption profile edited by the
Third Generation Partnership Project (3GPP [2]).
The attack surface for this specific scenario is not considered here."
Which hopefully covers this?
Sara
--
last-call mailing list
last-call@xxxxxxxx
https://www.ietf.org/mailman/listinfo/last-call
