Re: [Emu] I-D Action: draft-ietf-emu-aka-pfs-00.txt

Sat, 03 Aug 2019 06:59:53 -0700 

Hi,

I read the whole document again. I think it is in a good shape. Some quick high 
level comments. I will do a more detailed review(s) later

- I think this should formally update rfc5448bis

- "This specification is an optional extension to the EAP-AKA'"

  While the extension is not mandatory, I think the draft should somewhere say 
that use of the
  extension is strongly recommended instead of just stating that it is optional.
 
 - "This specification is an optional extension to the EAP-AKA'
   authentication method which was defined in RFC 5448 (to be superseded
   by draft-ietf-emu-rfc5448bis)."

   With RFC5448bis almost done, I think this could be changed to

 - "This specification is an optional extension to the EAP-AKA'
   authentication method defined in draft-ietf-emu-rfc5448bis."

- "from being able to decrypt all past communications."

  True, but this could be more specificly described as

  "from being able to decrypt any past communications."

- " 3rd generation AKA "

  I don't think it is third gen AKA, rather 3G aka in the sense of AKA for 3G

- "When AKA (and AKA')"

  AKA' is not explained anywhere....

- "Perfect Forward Secrecy" vs. "Perfect Forward Security"
  
  Draft uses both. PFS is stated to stand for the Security version.
  I suggest only using one of them.

- Whould be good to say something small about active vs. passive attacks early.
  Just a few sentences that active attacks are much more resource demanding and
  can be detected.

- "This method is referred to as ECDHE"

  Could say "This method is referred to as ECDHE or ECDH-EE"
  TLS calls it ECDHE while some other IETF protocols call it ECDH-EE

- "i.e., using temporary keys"
  I suggest "using only temporary keys" to differentiate from ECDH-ES that use
  one static key pair and one ephemeral key pair.

-  "Curve25519 group specified in [RFC8031]."

  I think the group is specified in RFC 7748

- The draft should probably mention X25519 which is the name of the
  Diffie-Hellman function defined in RFC 7748. Curve25519 is the group.

- "as specified in Section 2 of [RFC8031] and Section 6.1 of [RFC7748]."

  Why refering to two different RFCs?

- The security considerations could say a little about detecting
  active attackers.

- "I-D.mattsson-eap-tls13" -> "I-D.ietf-emu-eap-tls13"

- "John Mattson" -> "John Mattsson"

- "SIM" vs. "USIM" vs. "(U)SIM"
 
  The document uses all three. Could maybe cut down to one or two.

Cheers,
John

_______________________________________________
Emu mailing list
Emu@ietf.org
https://www.ietf.org/mailman/listinfo/emu

Reply via email to