Security Threats to Network-Based Localized Mobility Management (NETLMM)
draft-ietf-netlmm-threats-04

[Ballot comment]
Grammar nits from Gen-ART review by  Francis Dupont:
Section 3.1 page 8:

- can to trick -> can trick
- a variety of ... which make mouting -> makes? mounting
                                              ^    ^
  (if someone finds the answer for the grammar point in the web,
    can (s)he give a pointer? I've based my comment on French,
    perhaps English is different. BTW "a large number of" is plural
    without question).

[BC - I believe I could parse this text either way.
As written, "which" refers to "barriers"; if it was
"makes", then "which" would refer to "variety. Anyway,let's
leave it to the Editor.]

- both on-link and off-link -> either on-link or off-link?

[Ballot comment]
From the SecDire Review by Charles Clancy:
  >
  > Overall, I think the draft provides an exhaustive list of possible
  > security threats at every link in the chain.
  >
  > My biggest complaint with security analysis drafts of this nature is
  > that they don't put the threats into context of actual attacker goals.
  > In general, attackers don't want to inject traffic into some secured
  > link for the sake of doing it.  They do it because it facilitates some
  > larger goal, to include theft of network access, denial of access to
  > others, or compromise of confidential data.  Perhaps it's just a matter
  > of organization.  But, I think it would be useful to add a description
  > of some of these higher-level attacker goals, and how all the
  > already-described, very specific attacks can facilitate these larger
  > attacker goals.

AD review posted to the list:

I reviewed this draft and I found out that it
was well written, to the point, and as far as
I could see, complete. And free of idnits
problems.

Thanks.

The draft moves now forward.

WG chair's questionnaire:

1) Have the chairs personally reviewed this version of the ID and do
  they believe this ID is sufficiently baked to forward to the IESG
  for publication?

James Kempf and Phil Roberts have reviewed the document, and believe it is ready for publication

2) Has the document had adequate review from both key WG members and
  key non-WG members? Do you have any concerns about the depth or
  breadth of the reviews that have been performed?

We obtained two solicited reviews: Lakshimnath Dondeti and Vijay Devrapalli. The reviews were quite detailed. We had a few other short comments by WG members.

3) Do you have concerns that the document needs more review from a
  particular (broader) perspective (e.g., security, operational
  complexity, someone familiar with AAA, etc.)?

The document should have SAAG review because it is a security document. The IESG has expressed a desire to have this document submitted together with draft-ietf-netlmm-nohost-req, so that both the protocol requirements and security threats are reviewed together.
 
4) Do you have any specific concerns/issues with this document that
  you believe the ADs and/or IESG should be aware of? For example,
  perhaps you are uncomfortable with certain parts of the document,
  or whether there really is a need for it, etc., but at the same
  time these issues have been discussed in the WG and the WG has
  indicated it wishes to advance the document anyway.

No.
 
5) How solid is the WG consensus behind this document?  Does it
  represent the strong concurrence of a few individuals, with others
  being silent, or does the WG as a whole understand and agree with
  it?

We did not receive as much comment on this document as the others but that may be because it is a security document and fewer people have the interest or feel they have the expertiese to express an opinion. That said, the people in the WG who are security-knowledgable did express their opinions and their feedback has been incorporated into the document.

6) Has anyone threatened an appeal or otherwise indicated extreme
  discontent?  If so, please summarize what are they upset about.

No.
 
7) Have the chairs verified that the document adheres to _all_ of the
  ID nits?  (see http://www.ietf.org/ID-nits.html).

I ran it through the tools.ietf.org nits checker. It checked OK.

8) For Standards Track and BCP documents, the IESG approval
  announcement includes a writeup section with the following
  sections:

  - Technical Summary
  - Working Group Summary
  - Protocol Quality

  Please provide such a writeup. (We will hopefully use it as is, but
  may make some changes.) For recent examples, have a look at the
  "protocol action" announcements for approved documents.

  Note:

  - When doing the technical summary, one would expect that the
    relevant information is in the abstract and/or introduction of
    the document. It turns out that the step of producing the writeup
    sometimes points out deficiencies in the introduction/abstract
    that are also worthy of rectifying.

  - For the Working Group Summary, was there anything in WG process
    that is worth noting? (E.g., controversy about particular points,
    decisions where concensus was particularly rough, etc.)

  - For the protocol quality, useful information could include:

    - is the protocol already being implemented?

    - have a significant number of vendors indicated they plan to
      implement the spec?
 
    - are there any reviewers (during the end stages) that merit
      explicit mention as having done a thorough review that resulted
      in important changes or a conclusion that the document was fine
      (except for maybe some nits?)

This is not a standards track document.