Last Call Review of draft-ietf-core-etch-02
review-ietf-core-etch-02-secdir-lc-hallam-baker-2016-09-08-00

I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG.  These
comments were written primarily for the benefit of the security area
directors.  Document editors and WG chairs should treat these comments just
like any other last call comments.



Summary: Ready with one minor issue

The only problem I had was working out what the authors meant by idempotent
because the term is unfortunately used to mean different things. So the fact it
is being used correctly here doesn't necessarily help the reader.

The term is explained in rfc7252 but doesn't have an entry in the terms and
definitions section. Where it is explained (sec 5.4) the explanation is
consistent with HTTP practice. But I think it would help a lot if besides
saying that the effect of doing the operation repeatedly, it was stated that
the effect is that message replay doesn't have effect.

Since it isn't defined in rfc7252 terms and definitions, it needs an entry in
this draft and there should probably be an errata on rfc7252 so that it can be
fixed on the next rev.

It would be useful to point that out in the security considerations section as
well.