Last Call Review of draft-ietf-abfab-arch-10
review-ietf-abfab-arch-10-secdir-lc-yu-2014-01-23-00

Request Review of draft-ietf-abfab-arch
Requested rev. no specific revision (document currently at 13)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2014-01-17
Requested 2014-01-09
Draft last updated 2014-01-23
Completed reviews Genart Last Call review of -10 by Vijay Gurbani (diff)
Genart Telechat review of -12 by Vijay Gurbani (diff)
Secdir Last Call review of -10 by Taylor Yu (diff)
Secdir Telechat review of -12 by Taylor Yu (diff)
Assignment Reviewer Taylor Yu
State Completed
Review review-ietf-abfab-arch-10-secdir-lc-yu-2014-01-23
Reviewed rev. 10 (document currently at 13)
Review result Has Issues
Review completed: 2014-01-23

Review
review-ietf-abfab-arch-10-secdir-lc-yu-2014-01-23

I have reviewed this document as part of the security directorate's 
ongoing effort to review all IETF documents being processed by the 
IESG.  These comments were written primarily for the benefit of the 
security area directors.  Document editors and WG chairs should treat 
these comments just like any other last call comments.

Summary: ready with issues

The Security Considerations (section 5) appears incomplete.  The
next-to-last paragraph of the Security Considerations text is:

   Partial list of issues to be addressed in this section: Privacy,
   SAML, Trust Anchors, EAP Algorithm Selection, Diameter/RADIUS/AAA
   Issues, Naming of Entities, Protection of passwords, Channel Binding,
   End-point-connections (TLS), Proxy problems

The bulk of the Security Considerations adequately describes the
security properties of the different communication channels.  Section
4 is Privacy Considerations, so maybe just make a cross-reference to
it in Security Considerations?  If the other listed "to be addressed"
security considerations are already described elsewhere in the
document, possibly summarize them in section 5 and provide
cross-references?

The final paragraph of section 5 describes privacy considerations
related to reverse engineering of pseudonyms, but this text seems to
be logically disconnected from the rest of the section.  Maybe it
belongs in section 4?