Skip to main content

Last Call Review of draft-farrell-perpass-attack-02

Request Review of draft-farrell-perpass-attack
Requested revision No specific revision (document currently at 06)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2013-12-31
Requested 2013-12-05
Authors Stephen Farrell , Hannes Tschofenig
I-D last updated 2013-12-19
Completed reviews Genart Last Call review of -03 by Scott W. Brim (diff)
Genart Last Call review of -04 by Scott W. Brim (diff)
Genart Telechat review of -05 by Scott W. Brim (diff)
Secdir Last Call review of -02 by Adam W. Montville (diff)
Opsdir Last Call review of -03 by Dan Romascanu (diff)
Assignment Reviewer Adam W. Montville
State Completed
Review review-farrell-perpass-attack-02-secdir-lc-montville-2013-12-19
Reviewed revision 02 (document currently at 06)
Result Ready
Completed 2013-12-19
I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG.  These
comments were written primarily for the benefit of the security area directors.
 Document editors and WG chairs should treat these comments just like any other
last call comments.

In my opinion, the draft is ready.  The draft does a good job explaining
pervasive monitoring, why pervasive monitoring is considered an attack, and
that the IETF will *continue* to mitigate the effects of such an attack where
possible.  I found it easy enough to follow and particularly good at removing
politics from the equation.

If I had any criticism at all, it would be that the draft doesn't convey that
privacy is security as it pertains to a particular type of information (replace
personally identifying information with credit card data, and you've got
something more like PCI security).  To those unfamiliar with security and/or
privacy, this point might be made clearer either in a draft like this or in
something like RFC6973 (and it may be covered well there).

 Like I said, though, I think the draft is ready.