Last Call Review of draft-farrell-perpass-attack-02
review-farrell-perpass-attack-02-secdir-lc-montville-2013-12-19-00

I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG.  These
comments were written primarily for the benefit of the security area directors.
 Document editors and WG chairs should treat these comments just like any other
last call comments.

In my opinion, the draft is ready.  The draft does a good job explaining
pervasive monitoring, why pervasive monitoring is considered an attack, and
that the IETF will *continue* to mitigate the effects of such an attack where
possible.  I found it easy enough to follow and particularly good at removing
politics from the equation.

If I had any criticism at all, it would be that the draft doesn't convey that
privacy is security as it pertains to a particular type of information (replace
personally identifying information with credit card data, and you've got
something more like PCI security).  To those unfamiliar with security and/or
privacy, this point might be made clearer either in a draft like this or in
something like RFC6973 (and it may be covered well there).

 Like I said, though, I think the draft is ready.

Regards,

Adam