Last Call Review of draft-ietf-dime-erp-14
review-ietf-dime-erp-14-secdir-lc-roca-2012-11-08-00

Hello,

I have reviewed this document as part of the security directorate's

ongoing effort to review all IETF documents being processed by the

IESG.  These comments were written primarily for the benefit of the

security area directors. Document editors and WG chairs should treat

these comments just like any other last call comments.

--




The security section of this document is pretty simple as it refers to

the security section of 4 related documents and that's all. On the

opposite, each of these 4 documents includes a very detailed security

analysis.  The contrast is extremely important!

This is all the more annoying as draft-ietf-dime-erp-14 introduces new

mechanisms, and thereby new potential threats and issues (it's usually

the case).

What should I understand? Is the proposal guaranteed to be secure?

Or have all the potential weaknesses been already addressed in the

4 related documents? I can not conclude after reading this security section

and this is a problem.

So, I'd like that the authors clarify this, and if need be, I'd like the authors

explicitly mention which items in each of the 4 related documents apply.

It would be helpful IMHO.

Cheers,

   Vincent