Last Call Review of draft-ietf-dhc-relay-server-security-03
review-ietf-dhc-relay-server-security-03-genart-lc-dupont-2017-03-10-00

Team General Area Review Team (Gen-ART) (genart)
Title Last Call Review of draft-ietf-dhc-relay-server-security-03
Request Last Call - requested 2017-02-27
Reviewer Francis Dupont
Review result Ready
Posted at https://mailarchive.ietf.org/arch/msg/gen-art/8lPtBT2ickrt6H35yIDf9ybJTsU
Last updated 2017-03-10

Review
review-ietf-dhc-relay-server-security-03-genart-lc-dupont-2017-03-10

I am the assigned Gen-ART reviewer for this draft. The General Area
Review Team (Gen-ART) reviews all IETF documents being processed
by the IESG for the IETF Chair.  Please treat these comments just
like any other last call comments.

For more information, please see the FAQ at

<https://trac.ietf.org/trac/gen/wiki/GenArtfaq>.

Document: draft-ietf-dhc-relay-server-security-03.txt
Reviewer: Francis Dupont
Review Date: 20170303
IETF LC End Date: 20170313
IESG Telechat date: unknown

Summary: Ready

Major issues: None

Minor issues: None

Nits/editorial comments: 
 - 3 pages 3-4: there is nothing about multicast which is an option
  for relay - agent exchanges. As multicast IPsec is a bit hard I
  understand this choice...

 - 3 page 4: there is a MUST for transport mode: I agree transport
  mode is better for this use but I am afraid not everybody in the
  security community will share this opinion. I propose to keep this
 and to wait for the security directorate review.

 - 4 page 4: I suggest: multiple relays -> relay chains

 - 4 page 5: I support your considerations: this use case is at least
  known plain text.

 - 4 page 5: preshared -> pre-shared
  (suggested by my spell checker and used by IKEv2 RFC)

Regards

Francis.Dupont@fdupont.fr