Last Call Review of draft-ietf-decade-problem-statement-
review-ietf-decade-problem-statement-secdir-lc-johansson-2012-03-16-00
Request | Review of | draft-ietf-decade-problem-statement |
---|---|---|
Requested revision | No specific revision (document currently at 06) | |
Type | Last Call Review | |
Team | Security Area Directorate (secdir) | |
Deadline | 2012-03-13 | |
Requested | 2012-02-23 | |
Authors | Haibin Song , Ning Zong , Y. Richard Yang , Richard Alimi | |
I-D last updated | 2012-03-16 | |
Completed reviews |
Genart Last Call review of -??
by Francis Dupont
Secdir Last Call review of -?? by Leif Johansson |
|
Assignment | Reviewer | Leif Johansson |
State | Completed | |
Request | Last Call review on draft-ietf-decade-problem-statement by Security Area Directorate Assigned | |
Completed | 2012-03-16 |
review-ietf-decade-problem-statement-secdir-lc-johansson-2012-03-16-00
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. My main problem with the draft is that the Security Considerations Section is weak. I would have liked a more in-depth analysis of the enumerated threats in the context of decade. For instance the privacy aspects of using in-network storage for P2P networks is only covered briefly as part of a discussion on traffic analysis. Also in section 3.2 it is noted that E2E encryption may render P2P caches ineffective. This speaks to a fundamental flaw (imo) in the architecture: the standard way to protect against many of the stated attacks also leads to inefficiency of decade. At the very least the document needs to call this issue out clearly. Cheers Leif -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk9dDXQACgkQ8Jx8FtbMZndzfQCdGlV5Vun5Khv9doeYdcjebALX ++EAn0VVTjtEMsDlFFM86NlWC+pRlr7X =Ob4+ -----END PGP SIGNATURE-----