I have been selected as the General Area Review Team (Gen-ART) reviewer
for this draft (for background on Gen-ART, please see
http://www.alvestrand.no/ietf/gen/art/gen-art-FAQ.html).
Please resolve these comments along with any other Last Call comments
you may receive.
Document: draft-zimmerman-avt-zrtp-17
Reviewer: Pete McCann
Review Date: 2010-04-14
IETF LC End Date: 2010-04-14
IESG Telechat date: unknown
Summary: Ready
Major issues: none
Minor issues:
Does the presence of the "Error" message open a denial-of-service
attack?
It is not protected by the hash image technique described in Section 9.
Section 4.5.2:
ExportedKey = KDF(s0, "Exported key", KDF_Context, negotiated hash
length)
Do we need to include an additional string parameter giving the name
of the application that will use the exported key? That would provide
cryptographic separation when different applications each need their
own key. Perhaps you would give ExportedKey to the operating system
and provide a new KDF that could be used by applications that have been
authenticated by name by the OS and which then include the application
name in the key derivation. Maybe add some text here?
Nits/editorial comments:
Section 4.1.1:
expected be
SHOULD BE:
expected to be
Section 4.4.2.3:
would then proceeds
SHOULD BE:
would then proceed
Section 5.7:
keyed hash over encrypted part
SHOULD BE:
keyed hash over the encrypted part
Section 10:
consider a audio
SHOULD BE:
consider an audio
Good stuff!
-Pete
_______________________________________________
Gen-art mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/gen-art
