Skip to main content

Last Call Review of draft-ietf-decade-problem-statement-

Request Review of draft-ietf-decade-problem-statement
Requested revision No specific revision (document currently at 06)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2012-03-13
Requested 2012-02-23
Authors Haibin Song , Ning Zong , Y. Richard Yang , Richard Alimi
I-D last updated 2012-03-16
Completed reviews Genart Last Call review of -?? by Francis Dupont
Secdir Last Call review of -?? by Leif Johansson
Assignment Reviewer Leif Johansson
State Completed
Request Last Call review on draft-ietf-decade-problem-statement by Security Area Directorate Assigned
Completed 2012-03-16
Hash: SHA1

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

My main problem with the draft is that the Security Considerations
Section is weak. I would have liked a more in-depth analysis of the
enumerated threats in the context of decade. For instance the privacy
aspects of using in-network storage for P2P networks is only covered
briefly as part of a discussion on traffic analysis.

Also in section 3.2 it is noted that E2E encryption may render P2P
caches ineffective. This speaks to a fundamental flaw (imo) in the
architecture: the standard way to protect against many of the stated
attacks also leads to inefficiency of decade. At the very least the
document needs to call this issue out clearly.

	Cheers Leif
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla -