Telechat Review of draft-ietf-dime-erp-16
review-ietf-dime-erp-16-secdir-telechat-roca-2013-01-25-00
Request | Review of | draft-ietf-dime-erp |
---|---|---|
Requested revision | No specific revision (document currently at 17) | |
Type | Telechat Review | |
Team | Security Area Directorate (secdir) | |
Deadline | 2013-01-22 | |
Requested | 2013-01-10 | |
Authors | Julien Bournelle , Lionel Morand , Sebastien Decugis , Qin Wu , Glen Zorn | |
I-D last updated | 2013-01-25 | |
Completed reviews |
Genart Last Call review of -12
by Elwyn B. Davies
(diff)
Genart Telechat review of -16 by Elwyn B. Davies (diff) Secdir Last Call review of -14 by Vincent Roca (diff) Secdir Telechat review of -16 by Vincent Roca (diff) |
|
Assignment | Reviewer | Vincent Roca |
State | Completed | |
Request | Telechat review on draft-ietf-dime-erp by Security Area Directorate Assigned | |
Reviewed revision | 16 (document currently at 17) | |
Result | Has issues | |
Completed | 2013-01-25 |
review-ietf-dime-erp-16-secdir-telechat-roca-2013-01-25-00
Hello, I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. -- Since the security section has not really been updated since version 14, the comments I made at that time are still valid. Basically: The security section of this document only refers to the security section of 4 related documents. This is all the more annoying as draft-ietf-dime-erp introduces new mechanisms (and potentially new threats and issues). What should I understand? Is the proposal guaranteed to be secure, have all the potential weaknesses been already addressed in the 4 related documents? I can not conclude after reading the security section. One more point. In introduction, the authors say: " Security considerations for this key distribution are detailed in Salowey, et al. [RFC5295]." This reference is not mentioned in the Security Section! Cheers, Vincent