From: Bernard Aboba [mailto:firstname.lastname@example.org]
Sent: Tuesday, May 31, 2011 8:48 PM
To: Romascanu, Dan (Dan); email@example.com
Subject: RE: AD review of draft-ietf-radext-crypto-agility-requirements-06.txt
> T1. I am a little concerned by the fact that the second paragraph of
> section 1.2 speaks in terms of 'compliance', 'unconditional compliance'
> and 'conditional compliance' with 'this specification' which is actually
> an Informational document. Is this really needed? We tend to avoid such
> strict language in IETF documents.
[BA] This language appears to be boilerplate in AAA requirements RFCs and BCPs (see RFC 2989 Section 1.1, RFC 4962 Section 1.1, etc.)
> T3. Also in section 4.2 I see the following:
> In addition to the goals referred to above, [RFC4962] Section 2
> describes additional security requirements, which translate into the
> following requirements for RADIUS crypto-agility solutions:
> It may be my understanding but I could not find in section 2 of
> [RFC4962] the requirements that translate into 'strong, fresh, session
> key' and 'Limit key scope'. Can you explain me what I am missing?
[BA] Looks like a typo -- should this refer to Section 3?
[[DR]] Yes – please correct.