FYI the below comments have all been accepted in my to-be-published -02 version.
Jari > -- Section 1 > > - Section 5 and 6 is missing from the document structure description. Is this > intentional? > > - OLD "updates to RFC 5448 AKA' and" > NEW "updates to RFC 5448 EAP-AKA' and" > > -- Section 3 > > - Some of the lines in Figure 1 are not correctly aligned > > -- Section 3.1 > > - OLD "distinghuishable" > NEW "distinguishable" > > -- Section 5 > > - OLD "the right type of identifiers are used" > NEW "the right type of identifiers is used" > > -- Section 5.2 > > - OLD "signalling" > NEW "signaling" (Other parts of the draft is US english, e.g. "authorized") > > -- Security Consideration > > I think the security considerations should be updated to be aligned with > current security and privacy practices. They security considerations need to > talk more about privacy and pervasive monitoring [RFC6973][RFC7258]. > > - The privacy issues when SUCI is not used should be described (i.e. passive > and/or active IMSI catchers are sniffing cellular identities to identify > and/or track users). The security considerations should probably also include > a strong recommendation to use SUCI. > > - The lack of perfect forward secrecy in EAP-AKA' and it's effects on > pervasive monitoring should be described, e.g. attacks on manufacturers of > SIM cards opening up for large scale pervasive monitoring and active attacks. > > -- Section 8.3 > > The table in Section 8.3 should be updated to refer to "this document" > instead to the to be obsoleted RFC 5448. > > -- Appendix E > > - OLD "Milenage" > NEW "MILENAGE" > > - The test vectors in case 1 and case 2 should be as beautifully aligned as > case 3 and case 4. > > Cheers, > John > > _______________________________________________ > Emu mailing list > Emu@ietf.org > https://www.ietf.org/mailman/listinfo/emu _______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
