Re: [Gen-art] Gen Art LC review of: draft-turner-ecprivatekey-02.txt

Thu, 14 Jan 2010 06:33:44 -0800 

Avashalom,

Thanks for the review. Responses below.

spt

Avshalom Houri wrote:

I have been selected as the General Area Review Team (Gen-ART)
reviewer for this draft (for background on Gen-ART, please see _
__http://www.alvestrand.no/ietf/gen/art/gen-art-FAQ.html_).

Please resolve these comments along with any other Last Call comments
you may receive.

Document: draft-turner-ecprivatekey-02.txt
Reviewer: Avshalom Houri
Review Date: 2010-01-14
IETF LC End Date: 2010-01-14
IESG Telechat date: (if known)
Summary: The draft is ready for publication as an informational RFC. See nits. 

Major issues: None

Minor issues:  None

Nits/editorial comments:

Lines 142-145
     As specified in [RFC5480], only the namedCurve
     CHOICE, which is an object identifier that fully identifies the
     required values for a particular set of elliptic curve domain
     parameters, is permitted.

Sentence is hard to read.


How about:
As specified in [RFC5480], only the namedCurve CHOICE is permitted. namedCurve is an object identifier that fully identifies the required values for a particular set of elliptic curve domain parameters. 


Lines 145-146
Though the ASN.1 indicates parameters is OPTIONAL,
-> Though the ASN.1 indicates that the parameter parameters is OPTIONAL,


How about:

Though the ASN.1 indicates that the parameters field is OPTIONAL,


Line 196
masquerades
-> Not sure that this is the right term. Probably identity-theft or similar should be used.
Masquerade is a generic term that covers one entity pretending to be another entity. Identity-theft to me is a little too specific to signature keys that I think might not entirely fit this because EC keys aren't just used for identity. Disclosure of the private key is pretty catastrophic so maybe I should just list more things that could happen:
Disclosure of the private-key material to another entity can lead to active and passive attacks including: masquerade, unauthorized disclosure, and unauthorized modification. 
_______________________________________________
Gen-art mailing list
Gen-art@ietf.org
https://www.ietf.org/mailman/listinfo/gen-art

Reply via email to