Skip to main content

Early Review of draft-ietf-anima-brski-prm-05
review-ietf-anima-brski-prm-05-secdir-early-kaufman-2022-12-10-00

Request Review of draft-ietf-anima-brski-prm-05
Requested revision 05 (document currently at 15)
Type Early Review
Team Security Area Directorate (secdir)
Deadline 2022-12-24
Requested 2022-11-15
Requested by Toerless Eckert
Authors Steffen Fries , Thomas Werner , Eliot Lear , Michael Richardson
I-D last updated 2022-12-10
Completed reviews Secdir Early review of -10 by Charlie Kaufman (diff)
Secdir Early review of -05 by Charlie Kaufman (diff)
Yangdoctors Early review of -05 by Martin Björklund (diff)
Iotdir Early review of -05 by Marco Tiloca (diff)
Comments
This document is getting close to WGLC, and we would appreciate early review of the three above listed directorates (security, IoT and YANG doctors) as the in our opinion most important ones.

The YANG doctor review is particularily important, because we would want to use this document as the spearhead for resolving our issue of augmenting rfc8366 YANG, and so far, the discussions we have on netmod/anima with YANG experts have not lead to a working suggestion. This problem applies to multiple ANIMA drafts intending to augment rfc8366 YANG, and if the solution is that we first need to fix up the rfc8366 YANG, e.g.: via rfc8366bis or a differently fixed version of its YANG module, then this would become a new dependency for all those doc. The authors of this draft suggested that Jan Lindblad has been helpful on these type of issues in the past already, and he might be more familiar with them than other YANG doctors.

Thank you so much
    Toerless on behalf of ANIMA (chairs).
Assignment Reviewer Charlie Kaufman
State Completed
Request Early review on draft-ietf-anima-brski-prm by Security Area Directorate Assigned
Posted at https://mailarchive.ietf.org/arch/msg/secdir/UIVjDb7bH4Nsdi3HqmOQfPfzysU
Reviewed revision 05 (document currently at 15)
Result Has nits
Completed 2022-12-05
review-ietf-anima-brski-prm-05-secdir-early-kaufman-2022-12-10-00
Reviewer: Charlie Kaufman
Review result: Has nits

I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG.  These
comments were written primarily for the benefit of the security area directors.
 Document editors and WG chairs should treat these comments just like any other
last call comments.

This Standards Track ID extends a family of protocols for limited function
devices to obtain certificates from their surrounding environment with the
assistance of an on-line manufacturer's authority that can authenticate
information as coming from their device. It extends the BRSKI (RFC8995)
protocol to deal with devices that prefer to accept incoming initialization
requests rather than initiating outbound requests. It does this be defining a
new node called a "registrar-agent" that acts as a client to both the
to-be-registered "pledge" and the domain registrar.

The protocol is more elaborate that I would have thought necessary, but I could
find no problems with it.

Typos:
p1 "To establishment the" -> "To establish the"
p4 "In this scenarios it is" -> "In this scenario it is"
p5 "defined i this" -> "defined in this"
p8 "as describe in" -> "as described in"
p8 "it SHOULD initiate to that Registrar" --- initiate what? a request? a
connection? p9 "This operational parameters" -> "These operational parameters"
p9 "presume the" -> "presumes the" p11 "constraint environments" ->
"constrained environments" p12 "endpoints were the" -> "endpoints where the"
p12 "endpoints were additional" -> "endpoints where additional" p45 "a
manufactures pledge" -> "a manufacturer's pledge" p64 "on misusage" -> "of
misuse" p64 "an registrar-agent" -> "a registrar-agent" p64 "rouge" -> "rogue"