Last Call Review of draft-ietf-ace-cmpv2-coap-transport-05
review-ietf-ace-cmpv2-coap-transport-05-secdir-lc-smyslov-2022-10-18-00
Request | Review of | draft-ietf-ace-cmpv2-coap-transport |
---|---|---|
Requested revision | No specific revision (document currently at 10) | |
Type | Last Call Review | |
Team | Security Area Directorate (secdir) | |
Deadline | 2022-10-27 | |
Requested | 2022-10-13 | |
Authors | Mohit Sahni , Saurabh Tripathi | |
I-D last updated | 2022-10-18 | |
Completed reviews |
Genart Last Call review of -05
by Meral Shirazipour
(diff)
Secdir Last Call review of -05 by Valery Smyslov (diff) Secdir Last Call review of -08 by Valery Smyslov (diff) |
|
Assignment | Reviewer | Valery Smyslov |
State | Completed | |
Request | Last Call review on draft-ietf-ace-cmpv2-coap-transport by Security Area Directorate Assigned | |
Posted at | https://mailarchive.ietf.org/arch/msg/secdir/3ZI5lUN8P68JnjHTRB8iJQ648xY | |
Reviewed revision | 05 (document currently at 10) | |
Result | Has nits | |
Completed | 2022-10-18 |
review-ietf-ace-cmpv2-coap-transport-05-secdir-lc-smyslov-2022-10-18-00
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This document defines the use of Constrained Application Protocol (CoAP) as a transport for the Certificate Management Protocol (CMP). Nits: 1. I believe that the security considerations from RFC 6712 should be either echoed in this document (where applicable), or at least be referenced. 2. I think that Section 3 (Using CoAP over DTLS) should be moved to the Security Considerations section, or be referenced from there. 3. Section 5. I think that the sentence The CoAP is vulnerable due to the connectionless characteristics of UDP itself. should either be expanded of what particular vulnerabilities are meant (because not all CoAP vulnerabilities are concerned with using UDP) or deleted.