Last Call Review of draft-baker-ietf-core-
review-baker-ietf-core-secdir-lc-kaufman-2011-01-10-00

I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG.  These
comments were written primarily for the benefit of the security area
directors.  Document
 editors and WG chairs should treat these comments just like any other last
 call comments.



I don’t know the back story on this document. It is an individual submission, I
assume targeting Informational status. The title is “Internet Protocols for the
Smart Grid”. I didn’t immediately know what “Smart Grid” referred to, and the
 document assumes the reader already knows, but a quick web search says that
 current usage is for an upgrade to the electrical power grid supporting
 innovations like having large numbers of small providers and intelligently
 managing load (i.e. turning off low priority devices under conditions of peak
 load) so that we don’t need to provision for peak loads so much larger than
 average loads.



Most of this document has little to do with the Smart Grid. It is largely an
overview of the Internet Protocol Suite referencing the relevant RFCs for
details. I would have thought that such an overview would already exist, but my
quick
 search of RFCs did not find one. This would be a handy document to be able to
 point newbies at, though this title might dissuade them. It’s possible that
 this overview leaves out broad swaths of IETF work  on the theory that it
 would be irrelevant to Smart Grid designers, but such filtering was not
 obvious.



The part of this document that is about the Smart Grid is Appendix A, which
speculates on several ways the Smart Grid might take advantages of Internet
technology. I would hope that the people designing the Smart Grid would be
familiar
 with the Internet Protocol Suite, but perhaps I’m being naïve.



Security is one of the most important challenges designers of a Smart Grid will
face, and this document emphasizes parts of the Internet Protocol Suite that
provide security and that might be applicable (i.e. IPsec, TLS, XML-DSIG, and
S/MIME).
 [Note: I believe a reference to CMS would be more useful than the indirect
 references to it via S/MIME]. It does not address (that I saw) the fact that
 since the Smart Grid is a real time control system, dealing effectively with
 Denial of Service attacks will be particularly important in this context.
 While a lot of work has gone into QoS guarantees on the Internet, my
 impression is that most of that work is not standardized. The fact that the
 use of the power grid as a networking mechanism appears to target non-general
 purpose use (i.e. it does not appear anyone is planning to run on-demand video
 over it) makes it plausible that this problem is solvable.



Because this document does not propose a specific protocol, is has only a token
“Security Considerations” section (that notes that security is discussed in
some other sections). That seems appropriate to me.



I noted a couple of typos:



P50 next to last line: “a distributed application in a set collectors” -> ???



P52 first line: unbalanced quotes.