Telechat Review of draft-ietf-bmwg-ipsec-meth-
review-ietf-bmwg-ipsec-meth-secdir-telechat-salowey-2009-10-22-00
Request | Review of | draft-ietf-bmwg-ipsec-meth |
---|---|---|
Requested revision | No specific revision (document currently at 05) | |
Type | Telechat Review | |
Team | Security Area Directorate (secdir) | |
Deadline | 2009-11-05 | |
Requested | 2009-10-16 | |
Authors | Merike Kaeo , Tim Van Herck | |
I-D last updated | 2009-10-22 | |
Completed reviews |
Secdir Telechat review of -??
by Joseph A. Salowey
|
|
Assignment | Reviewer | Joseph A. Salowey |
State | Completed | |
Request | Telechat review on draft-ietf-bmwg-ipsec-meth by Security Area Directorate Assigned | |
Completed | 2009-10-22 |
review-ietf-bmwg-ipsec-meth-secdir-telechat-salowey-2009-10-22-00
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. The document seems useful and well written. I have two comments: 1) The AES transforms are SHOULD, it seems we should be moving towards a MUST for these ciphers. Why are they a SHOULD? Is it because of the base IPSEC documents? If SHOULD is what is really wanted I think it would be good to have some explanation of why and how/if things are expected to evolve over time. 2) The security considerations section says there are no security considerations associated with this document. Yet the document has a section on denial of service attacks. It seems the security considerations section should acknowledge that these tests may provide some useful information about the expected of DOS attacks on the performance of the device or system under test. It would be great if it could say a bit more about the useful information collected, but that may be beyond the scope of the document. Cheers, Joe