Peter, thanks for reviewing this draft. It was a pleasure talking with you on the phone. Your suggestions were helpful.
We addressed all the issues you raised in the next draft, draft 18. Regards, Phil On Apr 14, 2010, at 3:32 PM, McCann Peter-A001034 wrote: > I have been selected as the General Area Review Team (Gen-ART) reviewer > for this draft (for background on Gen-ART, please see > http://www.alvestrand.no/ietf/gen/art/gen-art-FAQ.html). > > Please resolve these comments along with any other Last Call comments > you may receive. > > Document: draft-zimmerman-avt-zrtp-17 > Reviewer: Pete McCann > Review Date: 2010-04-14 > IETF LC End Date: 2010-04-14 > IESG Telechat date: unknown > > Summary: Ready > > Major issues: none > > Minor issues: > > Does the presence of the "Error" message open a denial-of-service > attack? > It is not protected by the hash image technique described in Section 9. > > Section 4.5.2: > ExportedKey = KDF(s0, "Exported key", KDF_Context, negotiated hash > length) > Do we need to include an additional string parameter giving the name > of the application that will use the exported key? That would provide > cryptographic separation when different applications each need their > own key. Perhaps you would give ExportedKey to the operating system > and provide a new KDF that could be used by applications that have been > authenticated by name by the OS and which then include the application > name in the key derivation. Maybe add some text here? > > Nits/editorial comments: > > Section 4.1.1: > expected be > SHOULD BE: > expected to be > > Section 4.4.2.3: > would then proceeds > SHOULD BE: > would then proceed > > Section 5.7: > keyed hash over encrypted part > SHOULD BE: > keyed hash over the encrypted part > > Section 10: > consider a audio > SHOULD BE: > consider an audio > > > > > Good stuff! > > -Pete ------------------------------------------------ Philip R Zimmermann [email protected] (spelled with 2 n's) http://philzimmermann.com tel +1 831 425-7524 http://zfone.com _______________________________________________ Gen-art mailing list [email protected] https://www.ietf.org/mailman/listinfo/gen-art
