Last Call Review of draft-ietf-dime-erp-14
review-ietf-dime-erp-14-secdir-lc-roca-2012-11-08-00
Request | Review of | draft-ietf-dime-erp |
---|---|---|
Requested revision | No specific revision (document currently at 17) | |
Type | Last Call Review | |
Team | Security Area Directorate (secdir) | |
Deadline | 2012-09-24 | |
Requested | 2012-09-14 | |
Authors | Julien Bournelle , Lionel Morand , Sebastien Decugis , Qin Wu , Glen Zorn | |
I-D last updated | 2012-11-08 | |
Completed reviews |
Genart Last Call review of -12
by Elwyn B. Davies
(diff)
Genart Telechat review of -16 by Elwyn B. Davies (diff) Secdir Last Call review of -14 by Vincent Roca (diff) Secdir Telechat review of -16 by Vincent Roca (diff) |
|
Assignment | Reviewer | Vincent Roca |
State | Completed | |
Request | Last Call review on draft-ietf-dime-erp by Security Area Directorate Assigned | |
Reviewed revision | 14 (document currently at 17) | |
Result | Has issues | |
Completed | 2012-11-08 |
review-ietf-dime-erp-14-secdir-lc-roca-2012-11-08-00
Hello, I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. -- The security section of this document is pretty simple as it refers to the security section of 4 related documents and that's all. On the opposite, each of these 4 documents includes a very detailed security analysis. The contrast is extremely important! This is all the more annoying as draft-ietf-dime-erp-14 introduces new mechanisms, and thereby new potential threats and issues (it's usually the case). What should I understand? Is the proposal guaranteed to be secure? Or have all the potential weaknesses been already addressed in the 4 related documents? I can not conclude after reading this security section and this is a problem. So, I'd like that the authors clarify this, and if need be, I'd like the authors explicitly mention which items in each of the 4 related documents apply. It would be helpful IMHO. Cheers, Vincent