Hi, Phil, All of my concerns are taken care of in the new draft, and the other changes look to me like improvements too. Good luck with the rest of the publication process.
-Pete Philip Zimmermann wrote: > Peter, thanks for reviewing this draft. It was a pleasure talking > with you on the phone. Your suggestions were helpful. > > We addressed all the issues you raised in the next draft, draft 18. > > Regards, > Phil > > On Apr 14, 2010, at 3:32 PM, McCann Peter-A001034 wrote: > >> I have been selected as the General Area Review Team (Gen-ART) >> reviewer for this draft (for background on Gen-ART, please see >> http://www.alvestrand.no/ietf/gen/art/gen-art-FAQ.html). >> >> Please resolve these comments along with any other Last Call >> comments you may receive. >> >> Document: draft-zimmerman-avt-zrtp-17 >> Reviewer: Pete McCann >> Review Date: 2010-04-14 >> IETF LC End Date: 2010-04-14 >> IESG Telechat date: unknown >> >> Summary: Ready >> >> Major issues: none >> >> Minor issues: >> >> Does the presence of the "Error" message open a denial-of-service >> attack? It is not protected by the hash image technique described in >> Section 9. >> >> Section 4.5.2: >> ExportedKey = KDF(s0, "Exported key", KDF_Context, negotiated >> hash length) Do we need to include an additional string >> parameter giving the name of the application that will use the >> exported key? That would provide cryptographic separation when >> different applications each need their own key. Perhaps you would >> give ExportedKey to the operating system and provide a new KDF that >> could be used by applications that have been authenticated by name >> by the OS and which then include the application name in the key >> derivation. Maybe add some text here? >> >> Nits/editorial comments: >> >> Section 4.1.1: >> expected be >> SHOULD BE: >> expected to be >> >> Section 4.4.2.3: >> would then proceeds >> SHOULD BE: >> would then proceed >> >> Section 5.7: >> keyed hash over encrypted part >> SHOULD BE: >> keyed hash over the encrypted part >> >> Section 10: >> consider a audio >> SHOULD BE: >> consider an audio >> >> >> >> >> Good stuff! >> >> -Pete > > ------------------------------------------------ > Philip R Zimmermann [email protected] > (spelled with 2 n's) http://philzimmermann.com > tel +1 831 425-7524 http://zfone.com _______________________________________________ Gen-art mailing list [email protected] https://www.ietf.org/mailman/listinfo/gen-art
