Last Call Review of draft-ietf-core-groupcomm-21
review-ietf-core-groupcomm-21-secdir-lc-emery-2014-08-15-00

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the IESG.
These comments were written primarily for the benefit of the security
area directors. Document editors and WG chairs should treat these
comments just like any other last call comments.

This informational draft provides guidance on CoAP (Constrained Application Protocol)
communication when using multiple recipients (i.e. multicast).

The security considerations section does exist and does disclose that CoAP group
communication (i.e. multicast transmissions) does lack a security mode and references RFC
7252 for the various attacks.  CoAP relies upon DTLS, which does not currently
have a standardized solution for multicast communication.  The draft goes on to state
the various threats and how to mitigate against said attacks.  It discusses possible
future methods to protect multicast transmissions, such as draft-keoh-dice-multicast-security.
The security considerations does also have a separate section on pervasive monitoring,
which I thought was a good idea, but not just for this draft...

General comments:

None.

Editorial comments:

Please expand the first occurrence of CoAP, unless it's in the common abbreviations list.

Shawn.
--