Francesca, thanks for your review. All, thanks for addressing Francesca’s comments. I entered a No Objection ballot but I think there is more to say about the privacy implications of origids — to be discussed in the thread about Eric’s ballot.
Thanks, Alissa > On Nov 2, 2018, at 12:14 PM, Francesca Palombini > <francesca.palomb...@ericsson.com> wrote: > > Reviewer: Francesca Palombini > Review result: Ready with Issues > > I am the assigned Gen-ART reviewer for this draft. The General Area > Review Team (Gen-ART) reviews all IETF documents being processed > by the IESG for the IETF Chair. Please treat these comments just > like any other last call comments. > > For more information, please see the FAQ at > > <https://trac.ietf.org/trac/gen/wiki/GenArtfaq>. > > Document: draft-ietf-stir-passport-shaken-04 > Reviewer: Francesca Palombini > Review Date: 2018-11-02 > IETF LC End Date: 2018-11-02 > IESG Telechat date: Not scheduled for a telechat > > Summary: This draft is on the right track but has open issues, described in > the > review. > > Major issues: > > * This draft defines the new claim "origid" for the Personal Attestation Token > used in the SHAKEN framework, but does not give any privacy considerations > about it and its use. [RFC6973] suggests that the privacy considerations of > IETF protocols be documented. As required by [RFC7258], work on IETF protocols > needs to consider the effects of pervasive monitoring and mitigate them when > possible. I don't know SHAKEN well enough to comment on privacy issues on > that, > but this draft, as part of the IETF work, should have privacy considerations, > particularly considering the "origid" claim. > > Minor issues: > > * Section 4: the term "verified association" is not defined in this document, > nor in [RFC8225], nor in the SHAKEN spec referenced. Is there a way to clarify > what is meant by it? It could be a reference. > > Nits/editorial comments: > > * Terminology: I would have appreciated a short sentence mentioning [RFC8225] > in the Terminology section. > > * Section 9: [RFC8224] appears without link. > > * Acknowledgements: "The authors would like > acknowledge the work of the ATIS/SIP Forum IP-NNI Task Force to > develop the concepts behind this document." -> The authors would like to > acknowledge ... > > I do not repeat nits and editorials reported by Adam Roach in his review of > this version of the document (11-19-2018, > https://mailarchive.ietf.org/arch/msg/stir/HxVSCLPGfSgwFuvqLkWSVNI0PtQ ) > > _______________________________________________ > Gen-art mailing list > Gen-art@ietf.org > https://www.ietf.org/mailman/listinfo/gen-art _______________________________________________ Gen-art mailing list Gen-art@ietf.org https://www.ietf.org/mailman/listinfo/gen-art
