[anonsec] WG-LC: draft-ietf-btns-prob-and-applic-04
Yu-Shun Wang
yushunwa at ISI.EDU
Thu Dec 14 12:26:03 PST 2006
Hi, Miika,
Thanks for the comments. Some answers inline...
Miika Komu wrote:
> On Wed, 6 Dec 2006, Julien Laganier wrote:
>> I finally managed to read the document, and I thought
>> it well written and ready to be sent to IESG.
>
> Agree. Some editorial nits below.
>
> I had some troubles in understanding initially the loosely defined term
> "authentication" in the context of the draft but I think it is now more
> clear. Particularly, the term "PKI" is mentioned quite late in the
> draft, which is IMHO connected to the authentication term and to the
> motivation of the whole draft.
Yes, these terms are used in the context of IPsec, which
I hope should be quite clear from the intro. But please
let me know if any of the specific usage in the text is
confusing.
As for PKI, I think this is the relevant text (bottom of page 2):
" Furthermore,
authenticated credentials such as certificates signed by
certification authorities (CA) can be cumbersome and expensive to
obtain.
"
I hope we can get away with it without explaining what PKI is
and the problems with PKI. But also feel free to comment and
suggest text. :-)
> HIP is mentioned in section 2.2.1 briefly. Perhaps you could also
> mention that HIP has implicit channel binding mechanisms and reference
> RFC4423, HIP base draft or draft-ietf-hip-applications-00. In addition,
> the claim "such modifications are, at best, temporary patches to the
> ubiquitous vulnerability to spoofing attacks" requires some further
> explanation at least in the context of HIP.
Agreed with HIP and channel binding part. But IMHO, these are
more subtle (you said "implicit" :-)) points that probably
should be covered in the CB doc for more details and comparison.
Also noted the second point on "temporary patches" re. HIP:
s/Such modifications/The TCP-specific modifications/
Would this work?
Thanks,
yushun
More information about the ANONSEC
mailing list