Last Call Review of draft-ietf-tictoc-security-requirements-10
review-ietf-tictoc-security-requirements-10-genart-lc-romascanu-2014-07-14-00
Request | Review of | draft-ietf-tictoc-security-requirements |
---|---|---|
Requested revision | No specific revision (document currently at 12) | |
Type | Last Call Review | |
Team | General Area Review Team (Gen-ART) (genart) | |
Deadline | 2014-07-16 | |
Requested | 2014-07-03 | |
Authors | Tal Mizrahi | |
I-D last updated | 2014-07-14 | |
Completed reviews |
Genart Last Call review of -10
by Dan Romascanu
(diff)
Genart Telechat review of -11 by Dan Romascanu (diff) Secdir Early review of -05 by Shawn M Emery (diff) Secdir Last Call review of -10 by Shawn M Emery (diff) |
|
Assignment | Reviewer | Dan Romascanu |
State | Completed | |
Request | Last Call review on draft-ietf-tictoc-security-requirements by General Area Review Team (Gen-ART) Assigned | |
Reviewed revision | 10 (document currently at 12) | |
Result | Ready w/nits | |
Completed | 2014-07-14 |
review-ietf-tictoc-security-requirements-10-genart-lc-romascanu-2014-07-14-00
I am the assigned Gen-ART reviewer for this draft. For background on Gen-ART, please see the FAQ at < http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>. Please resolve these comments along with any other Last Call comments you may receive. Document: https://datatracker.ietf.org/doc/draft-ietf-tictoc-security-requirements/ Reviewer: Dan Romascanu Review Date: 7/14/14 IETF LC End Date: 7/16/14 IESG Telechat date: Summary: A well written, clear and useful document documenting the security threats and the requirements on the deployment and activation of security protocols and options in the context of the time protocols with focus on NTP and PTP. Ready with a few non-blocking issues. Major issues: None Minor issues: 1. I am wondering if section 5.4 ‘Availability’ says anything different from what is already said in 5.1.3. which already talked about authentication of slaves impact on availability 2. Section 5.6.1 – ‘The cryptographic keys MUST be refreshed frequently’ – some definition of or detail about ‘frequently’ is required to make this requirement actionable Nits/editorial comments: 1. Title of section 5.1.2 is printed differently than other titles at the same level of indent 2. Section 5.2 – s/implemented/implemented 3. Section 5.3 - s/tamper with slaves’ delay computation/tamer with the slaves’ delay computation/ 4. Section 5.6.2 – Security Association has different meaning in other context. Is not this section really about Association Protocol? 5. Why is Summary of Requirements a separate section (6)? 6. It looks to me that the references for NTPv4 and IEEE1588 should be Normative – it does not make much sense to read this document without a fair understanding of these.