Last Call Review of draft-ietf-tictoc-security-requirements-10
review-ietf-tictoc-security-requirements-10-genart-lc-romascanu-2014-07-14-00

I am the assigned Gen-ART reviewer for this draft. For background on Gen-ART,
please see the FAQ at



<

http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>.



Please resolve these comments along with any other Last Call comments you may
receive.



Document:
https://datatracker.ietf.org/doc/draft-ietf-tictoc-security-requirements/

Reviewer: Dan Romascanu

Review Date: 7/14/14

IETF LC End Date: 7/16/14

IESG Telechat date:



Summary:



A well written, clear and useful document documenting the security threats and
the requirements on the deployment and activation of security protocols and
options in the context of the time protocols with focus on NTP and PTP. Ready
 with a few non-blocking issues.



Major issues:



None



Minor issues:

1.



I am wondering if section 5.4 ‘Availability’ says anything different from what
is already said in 5.1.3. which already talked about authentication of slaves
impact on availability

2.



Section 5.6.1 – ‘The cryptographic keys MUST be refreshed frequently’ – some
definition of or detail about ‘frequently’ is required to make this requirement
actionable



Nits/editorial comments:



1.



Title of section 5.1.2 is printed differently than other titles at the same
level of indent

2.



Section 5.2 – s/implemented/implemented

3.



Section 5.3 -  s/tamper with slaves’ delay computation/tamer with the slaves’
delay computation/

4.



Section 5.6.2 – Security Association has different meaning in other context. Is
not this section really about Association Protocol?

5.



Why is Summary of Requirements a separate section (6)?

6.



It looks to me that the references for NTPv4 and IEEE1588 should be Normative –
it does not make much sense to read this document without a fair understanding
of these.