Last Call Review of draft-ietf-avtcore-monarch-
review-ietf-avtcore-monarch-secdir-lc-tsou-2012-08-10-00

Hello,

I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG.  These
comments were written primarily for the benefit of the security area directors.
Document editors and WG chairs should treat these comments just like any other
last call comments.

Draft-ietf-avtcore-monarch-17 as a whole provides useful advice.
There are a number of editorial nits that will be provided to the authors in a
separate E-mail.

Unfortunately, the Security Considerations section fails to appreciate both the
more nuanced view and the contradiction exhibited by the same section of RFC
3611, to which it refers. On the one hand, the measurements reported in XR
blocks could be sensitive and one might wish to provide them with
confidentiality. On the other hand, intermediate parties may have legitimate
reasons to view the measurements, so that end-to-end encryption is not always
desirable.

It would be helpful for this document to discuss the trust models that might be
encountered in operation, and how confidentiality and authorized usage could
co-exist within these models. Of course, it may be legitimate to conclude that
under some circumstances such coexistence may be impossible, and local policy
may therefore be either to suppress the measurements or accept the consequences
of their disclosure.

Tina