Early Review of draft-ietf-anima-brski-prm-05
review-ietf-anima-brski-prm-05-secdir-early-kaufman-2022-12-10-00
| Request | Review of | draft-ietf-anima-brski-prm-05 |
|---|---|---|
| Requested revision | 05 (document currently at 12) | |
| Type | Early Review | |
| Team | Security Area Directorate (secdir) | |
| Deadline | 2022-12-24 | |
| Requested | 2022-11-15 | |
| Requested by | Toerless Eckert | |
| Authors | Steffen Fries , Thomas Werner , Eliot Lear , Michael Richardson | |
| I-D last updated | 2022-12-10 | |
| Completed reviews |
Secdir Early review of -10
by Charlie Kaufman
(diff)
Secdir Early review of -05 by Charlie Kaufman (diff) Yangdoctors Early review of -05 by Martin Björklund (diff) Iotdir Early review of -05 by Marco Tiloca (diff) |
|
| Comments |
This document is getting close to WGLC, and we would appreciate early review of the three above listed directorates (security, IoT and YANG doctors) as the in our opinion most important ones.
The YANG doctor review is particularily important, because we would want to use this document as the spearhead for resolving our issue of augmenting rfc8366 YANG, and so far, the discussions we have on netmod/anima with YANG experts have not lead to a working suggestion. This problem applies to multiple ANIMA drafts intending to augment rfc8366 YANG, and if the solution is that we first need to fix up the rfc8366 YANG, e.g.: via rfc8366bis or a differently fixed version of its YANG module, then this would become a new dependency for all those doc. The authors of this draft suggested that Jan Lindblad has been helpful on these type of issues in the past already, and he might be more familiar with them than other YANG doctors.
Thank you so much
Toerless on behalf of ANIMA (chairs).
|
|
| Assignment | Reviewer | Charlie Kaufman |
| State | Completed | |
| Request | Early review on draft-ietf-anima-brski-prm by Security Area Directorate Assigned | |
| Posted at | https://mailarchive.ietf.org/arch/msg/secdir/UIVjDb7bH4Nsdi3HqmOQfPfzysU | |
| Reviewed revision | 05 (document currently at 12) | |
| Result | Has nits | |
| Completed | 2022-12-05 |
review-ietf-anima-brski-prm-05-secdir-early-kaufman-2022-12-10-00
Reviewer: Charlie Kaufman Review result: Has nits I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This Standards Track ID extends a family of protocols for limited function devices to obtain certificates from their surrounding environment with the assistance of an on-line manufacturer's authority that can authenticate information as coming from their device. It extends the BRSKI (RFC8995) protocol to deal with devices that prefer to accept incoming initialization requests rather than initiating outbound requests. It does this be defining a new node called a "registrar-agent" that acts as a client to both the to-be-registered "pledge" and the domain registrar. The protocol is more elaborate that I would have thought necessary, but I could find no problems with it. Typos: p1 "To establishment the" -> "To establish the" p4 "In this scenarios it is" -> "In this scenario it is" p5 "defined i this" -> "defined in this" p8 "as describe in" -> "as described in" p8 "it SHOULD initiate to that Registrar" --- initiate what? a request? a connection? p9 "This operational parameters" -> "These operational parameters" p9 "presume the" -> "presumes the" p11 "constraint environments" -> "constrained environments" p12 "endpoints were the" -> "endpoints where the" p12 "endpoints were additional" -> "endpoints where additional" p45 "a manufactures pledge" -> "a manufacturer's pledge" p64 "on misusage" -> "of misuse" p64 "an registrar-agent" -> "a registrar-agent" p64 "rouge" -> "rogue"