(testing. first time using the new website tool) Hi all, Sorry for being late due to vacation. Here is my review. I have reviewed /draft-harkins-owe-06 as part of the Operational directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written with the intent of improving the operational aspects of the IETF drafts. Comments that are not addressed in last call may be included in AD reviews during the IESG review. Document editors and WG chairs should treat these comments just like any other last call comments. “This memo specifies an extension to IEEE Std 802.11 to provide for opportunistic (unauthenticated) encryption to the wireless media.” My overall view of the document is 'Ready with nits' for publication. Some small ones: **** Technical **** * Section 1, page 1: > Opportunistic Wireless Encryption “Opportunistic” is an odd word in this context the common English definition is “to do at every opportunity” i.e. “whenever you can” if this is the 6th draft it may be understood, but will raise questions about when to apply it and when not to apply it. * Section 1.3, page 3: > As the name implies, OWE provides opportunistic encryption, or > encryption of traffic without authentication of endpoints. OWE was > presented to the IEEE 802.11 Working Group for consideration but an > "all or nothing" approach to cryptographic protection has been > adopted by that body, and OWE is a stop in between "all" and > "nothing". Here explains the opportunity is defined by un-authenticated endpoints this may define the title better but could lead to claims of once hacked synthetic or hidden data for the hackers benefit is offered. * Section 2, page 4: Seems to contradict the sentence in 1.3; Implying the AP is trusted at least by SSID. Clause 1.3 appears not totally correct. * Section 3, page 5: This section makes sense to me but confirms it is not totally opportunistic. As it is only applied when the SSID and BSSID are confirmed and either open (not encrypted) or not fully trusted (or the encryption may be known). Seems to contradict the sentence in 1.3. Clause 1.3 appears need to say a bit more, it only to ask the reader to read sections 2 & 3. The technical details seem correct; It may protect against hacker eavesdropping. This does not protect against AP spoofing or piggy-in-the-middle attacks. It makes authorized eavesdropping harder. So once the AP is copied it may be harder to find the culprit. Good business should change the public SSID regularly or employ layer 3 end-to-end encryption. **** Editorial **** * Section 4.4, page 8: s/concatentation/concatenation/ * Section 7, page 10: s/wirless/wireless/ Regards, Will