Last Call Review of draft-farrell-perpass-attack-02

Request Review of draft-farrell-perpass-attack
Requested rev. no specific revision (document currently at 06)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2013-12-31
Requested 2013-12-05
Other Reviews Genart Last Call review of -03 by Scott Brim (diff)
Genart Last Call review of -04 by Scott Brim (diff)
Genart Telechat review of -05 by Scott Brim (diff)
Opsdir Last Call review of -03 by Dan Romascanu (diff)
Review State Completed
Reviewer Adam Montville
Review review-farrell-perpass-attack-02-secdir-lc-montville-2013-12-19
Posted at
Reviewed rev. 02 (document currently at 06)
Review result Ready
Draft last updated 2013-12-19
Review completed: 2013-12-19


I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG.  These comments were written primarily for the benefit of the security area directors.  Document editors and WG chairs should treat these comments just like any other last call comments.

In my opinion, the draft is ready.  The draft does a good job explaining pervasive monitoring, why pervasive monitoring is considered an attack, and that the IETF will *continue* to mitigate the effects of such an attack where possible.  I found it easy enough to follow and particularly good at removing politics from the equation.

If I had any criticism at all, it would be that the draft doesn't convey that privacy is security as it pertains to a particular type of information (replace personally identifying information with credit card data, and you've got something more like PCI security).  To those unfamiliar with security and/or privacy, this point might be made clearer either in a draft like this or in something like RFC6973 (and it may be covered well there). 

 Like I said, though, I think the draft is ready.