Last Call Review of draft-ietf-dots-requirements-16
review-ietf-dots-requirements-16-secdir-lc-weis-2018-11-19-00
| Request | Review of | draft-ietf-dots-requirements |
|---|---|---|
| Requested revision | No specific revision (document currently at 22) | |
| Type | Last Call Review | |
| Team | Security Area Directorate (secdir) | |
| Deadline | 2018-11-09 | |
| Requested | 2018-10-26 | |
| Authors | Andrew Mortensen , Tirumaleswar Reddy.K , Robert Moskowitz | |
| Draft last updated | 2018-11-19 | |
| Completed reviews |
Secdir Last Call review of -16
by
Brian Weis
(diff)
Opsdir Last Call review of -16 by Scott O. Bradner (diff) Tsvart Last Call review of -16 by Dr. Joseph D. Touch (diff) Genart Last Call review of -16 by Robert Sparks (diff) Genart Telechat review of -18 by Robert Sparks (diff) |
|
| Assignment | Reviewer | Brian Weis |
| State | Completed | |
| Review |
review-ietf-dots-requirements-16-secdir-lc-weis-2018-11-19
|
|
| Reviewed revision | 16 (document currently at 22) | |
| Result | Ready | |
| Completed | 2018-11-19 |
review-ietf-dots-requirements-16-secdir-lc-weis-2018-11-19-00
I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG. These comments
were written primarily for the benefit of the security area directors. Document
editors and WG chairs should treat these comments just like any other last call
comments.
This document specifies requirements for DOTS servers, clients, and the
sessions setup between them. Many of the requirements are addressing security
within the architecture. When reading the requirements I became concerned with
impersonation attacks, and I so I was glad to find that much of the Security
Considerations section addresses the possibilities of those attacks. The only
suggestion I have is to highlight the sentence suggesting how to determine
these attacks ("To detect misuse, ....") so that it is more prominent, for
example by creating a separate paragraph.
I believe the document is Ready to publish.