Last Call Review of draft-ietf-6tisch-architecture-21
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. The summary of the review is Ready with nits. The review deadline for this was really short, so I didn't have a chance to read this as closely as I would have liked. That said, from skimming the document and reading the sections that looked most interesting, it looks pretty good. The security considerations section covers what I expected it to. I have only one question/concern: Sections 4.2.1 and 4.3.4 talk about the security of joining a network, and time synchronization, respectively. Do any of the security mechanisms in 4.2.1 rely on having an accurate clock? (E.g., to distrust old/expired keys.) Is time synchronization done before the join process, and is there any way to exploit time synchronization in order to cause a node to join a malicious network?