Last Call Review of draft-ietf-dots-requirements-16
review-ietf-dots-requirements-16-secdir-lc-weis-2018-11-19-00

Request Review of draft-ietf-dots-requirements
Requested revision No specific revision (document currently at 22)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2018-11-09
Requested 2018-10-26
Authors Andrew Mortensen , Tirumaleswar Reddy.K , Robert Moskowitz
I-D last updated 2018-11-19
Completed reviews Secdir Last Call review of -16 by Brian Weis (diff)
Opsdir Last Call review of -16 by Scott O. Bradner (diff)
Tsvart Last Call review of -16 by Dr. Joseph D. Touch (diff)
Genart Last Call review of -16 by Robert Sparks (diff)
Genart Telechat review of -18 by Robert Sparks (diff)
Assignment Reviewer Brian Weis
State Completed
Request Last Call review on draft-ietf-dots-requirements by Security Area Directorate Assigned
Reviewed revision 16 (document currently at 22)
Result Ready
Completed 2018-11-19
review-ietf-dots-requirements-16-secdir-lc-weis-2018-11-19-00
I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG. These comments
were written primarily for the benefit of the security area directors. Document
editors and WG chairs should treat these comments just like any other last call
comments.

This document specifies requirements for DOTS servers, clients, and the
sessions setup between them. Many of the requirements are addressing security
within the architecture.  When reading the requirements I became concerned with
impersonation attacks, and I so I was glad to find that much of the Security
Considerations section addresses the possibilities of those attacks. The only
suggestion I have is to highlight the sentence  suggesting how to determine
these attacks  ("To detect misuse, ....")  so that it is more prominent, for
example by creating a separate paragraph.

I believe the document is Ready to publish.