Last Call Review of draft-ietf-dots-requirements-16
review-ietf-dots-requirements-16-secdir-lc-weis-2018-11-19-00
Request | Review of | draft-ietf-dots-requirements |
---|---|---|
Requested revision | No specific revision (document currently at 22) | |
Type | Last Call Review | |
Team | Security Area Directorate (secdir) | |
Deadline | 2018-11-09 | |
Requested | 2018-10-26 | |
Authors | Andrew Mortensen , Tirumaleswar Reddy.K , Robert Moskowitz | |
I-D last updated | 2018-11-19 | |
Completed reviews |
Secdir Last Call review of -16
by Brian Weis
(diff)
Opsdir Last Call review of -16 by Scott O. Bradner (diff) Tsvart Last Call review of -16 by Dr. Joseph D. Touch (diff) Genart Last Call review of -16 by Robert Sparks (diff) Genart Telechat review of -18 by Robert Sparks (diff) |
|
Assignment | Reviewer | Brian Weis |
State | Completed | |
Request | Last Call review on draft-ietf-dots-requirements by Security Area Directorate Assigned | |
Reviewed revision | 16 (document currently at 22) | |
Result | Ready | |
Completed | 2018-11-19 |
review-ietf-dots-requirements-16-secdir-lc-weis-2018-11-19-00
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This document specifies requirements for DOTS servers, clients, and the sessions setup between them. Many of the requirements are addressing security within the architecture. When reading the requirements I became concerned with impersonation attacks, and I so I was glad to find that much of the Security Considerations section addresses the possibilities of those attacks. The only suggestion I have is to highlight the sentence suggesting how to determine these attacks ("To detect misuse, ....") so that it is more prominent, for example by creating a separate paragraph. I believe the document is Ready to publish.