Last Call Review of draft-baker-ietf-core-
review-baker-ietf-core-secdir-lc-kaufman-2011-01-10-00

Request Review of draft-baker-ietf-core
Requested rev. no specific revision (document currently at 15)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2011-01-05
Requested 2010-12-16
Draft last updated 2011-01-10
Completed reviews Secdir Early review of -?? by Charlie Kaufman
Tsvdir Last Call review of -?? by Rolf Winter
Secdir Last Call review of -?? by Charlie Kaufman
Assignment Reviewer Charlie Kaufman
State Completed
Review review-baker-ietf-core-secdir-lc-kaufman-2011-01-10
Review completed: 2011-01-10

Review
review-baker-ietf-core-secdir-lc-kaufman-2011-01-10






I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG.  These comments were written primarily for the benefit of the security area directors.  Document
 editors and WG chairs should treat these comments just like any other last call comments.




 




I don’t know the back story on this document. It is an individual submission, I assume targeting Informational status. The title is “Internet Protocols for the Smart Grid”. I didn’t immediately know what “Smart Grid” referred to, and the
 document assumes the reader already knows, but a quick web search says that current usage is for an upgrade to the electrical power grid supporting innovations like having large numbers of small providers and intelligently managing load (i.e. turning off low
 priority devices under conditions of peak load) so that we don’t need to provision for peak loads so much larger than average loads.




 




Most of this document has little to do with the Smart Grid. It is largely an overview of the Internet Protocol Suite referencing the relevant RFCs for details. I would have thought that such an overview would already exist, but my quick
 search of RFCs did not find one. This would be a handy document to be able to point newbies at, though this title might dissuade them. It’s possible that this overview leaves out broad swaths of IETF work  on the theory that it would be irrelevant to Smart
 Grid designers, but such filtering was not obvious.




 




The part of this document that is about the Smart Grid is Appendix A, which speculates on several ways the Smart Grid might take advantages of Internet technology. I would hope that the people designing the Smart Grid would be familiar
 with the Internet Protocol Suite, but perhaps I’m being naïve.




 




Security is one of the most important challenges designers of a Smart Grid will face, and this document emphasizes parts of the Internet Protocol Suite that provide security and that might be applicable (i.e. IPsec, TLS, XML-DSIG, and S/MIME).
 [Note: I believe a reference to CMS would be more useful than the indirect references to it via S/MIME]. It does not address (that I saw) the fact that since the Smart Grid is a real time control system, dealing effectively with Denial of Service attacks will
 be particularly important in this context. While a lot of work has gone into QoS guarantees on the Internet, my impression is that most of that work is not standardized. The fact that the use of the power grid as a networking mechanism appears to target non-general
 purpose use (i.e. it does not appear anyone is planning to run on-demand video over it) makes it plausible that this problem is solvable.




 




Because this document does not propose a specific protocol, is has only a token “Security Considerations” section (that notes that security is discussed in some other sections). That seems appropriate to me.




 




I noted a couple of typos:




 




P50 next to last line: “a distributed application in a set collectors” -> ???




 




P52 first line: unbalanced quotes.