Re: [IPsec] Barry Leiba's No Objection on draft-ietf-ipsecme-qr-ikev2-10: (with COMMENT)

Wed, 08 Jan 2020 01:42:59 -0800 

Hi Barry,

> Barry Leiba has entered the following ballot position for
> draft-ietf-ipsecme-qr-ikev2-10: No Objection
> 
> When responding, please keep the subject line intact and reply to all
> email addresses included in the To and CC lines. (Feel free to cut this
> introductory paragraph, however.)
> 
> 
> Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
> for more information about IESG DISCUSS and COMMENT positions.
> 
> 
> The document, along with other ballot positions, can be found here:
> https://datatracker.ietf.org/doc/draft-ietf-ipsecme-qr-ikev2/
> 
> 
> 
> ----------------------------------------------------------------------
> COMMENT:
> ----------------------------------------------------------------------
> 
> Yes, an interesting document, and thanks for that.  A few editorial
> comments:
> 
> — Section 1 —
> 
>    to be quantum resistant, that is, invulnerable to an attacker with a
>    quantum computer.
> 
> “Invulnerable” isn’t the same as “not vulnerable”: it has a stronger
> connotation.  You should probably use “not vulnerable” or “resistant”
> instead.

OK, thanks.

>    By bringing post-
>    quantum security to IKEv2, this note removes the need to use
> 
> Make it “this document”, please.

OK.

>    This document does not replace the
>    authentication checks that the protocol does; instead, it is done as
>    a parallel check.
> 
> What’s the antecedent to “it”?  Should “it is” instead be “they are”?

I think it was meant that using PPK doesn't directly influence peer 
authentication 
in IKEv2, but I agree that the wording is not clear enough.
It's probably better to rephrase it:

    This document does not replace the
    authentication checks that the protocol does; instead, they are 
    strengthened by using an additional secret key.

Is it better?

> — Section 3 —
> 
>    when the initiator believes it has a mandatory to use PPK
> 
> You need hyphens in “mandatory-to-use”.

OK.

THank you,
Valery.

> 
> —
> 
> I also find it interesting that Alexey thought you needed to add a normative
> reference for “ASCII”, bit not for “base64”.  Personally, I think both are
> sufficiently well known that you need neither.
> 


_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec

Reply via email to