I am the assigned Gen-ART reviewer for this draft. For background on
Gen-ART, please see the FAQ at

<http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>.

Please resolve these comments along with any other Last Call comments
you may receive.

Document: draft-ietf-dime-erp-12.txt
Reviewer: Elwyn Davies
Review Date: 24 September 2012
IETF LC End Date: 24 September 2012
IESG Telechat date: (if known) -

Summary:
Almost ready for the IESG. There are some minor wording issues to sort out in s3, some advice on advertising domain names in s5 and possibly some extra words needed in the security considerations. In addition there a few minor nits.

Major issues:
None.

Minor issues:
s3: Both paragraphs use the phrase '...document assumes the existence of at most one...'. Does this really mean 'exactly one'? If not, what happens if there is exactly zero servers for either type? What would the consequences of there being more than one logical server? Is this tied into the statement in s4:
 The ER server is located either in the home domain (same as EAP
 server) or in the visited domain (same as authenticator, when it
 differs from the home domain).
This would seem to imply that the zero case means that it may not be essential to have an ER server in a domain.

S3, para 1:
 If multiple ER servers are deployed in the domain, we assume that
 they can be used interchangeably.
Are we talking physical servers here? If not please refer to the previous comment.

s5, para 1: How would the authenticator advertise the domain name in this context?

s13: Looking at the various security considerations that are imported, I wondered if some extra words were needed in respect of a couple of the cases: - s8.4 of RFC 4072: (does distributing the bootstrapping master key make things any worse here?) - s8 of RFC 6696 (does the DIME usage preserve the limited key scope?; is the domino effect equally well avoided?)

Nits/editorial comments:

s1: 'and re-use the Diameter EAP commands (DER/DEA).' : DER and DEA ought to be expanded here. Or it might be less verbose to point at s2 where they are currently expanded, thus: 'and re-use the Diameter EAP commands listed in Section 2.'

s2, para 2: Need to expand acronyms rRK and rDSRK.

s4, para 7: Should explicitly say that the ERP/DEA message is sent to the authenticator.

s8.3.3: s/RGC 6696/RFC 6696/


_______________________________________________
Gen-art mailing list
Gen-art@ietf.org
https://www.ietf.org/mailman/listinfo/gen-art

Reply via email to