Last Call Review of draft-ietf-ecrit-car-crash-20
review-ietf-ecrit-car-crash-20-secdir-lc-xia-2017-01-05-00

Request Review of draft-ietf-ecrit-car-crash
Requested rev. no specific revision (document currently at 23)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2017-01-06
Requested 2016-12-16
Other Reviews Genart Last Call review of -20 by Dan Romascanu (diff)
Opsdir Last Call review of -23 by Rick Casarez
Genart Telechat review of -21 by Dan Romascanu (diff)
Review State Completed
Reviewer Liang Xia
Review review-ietf-ecrit-car-crash-20-secdir-lc-xia-2017-01-05
Posted at https://mailarchive.ietf.org/arch/msg/secdir/pkXwWFoWPOy_bYSwxoJ2_idIHeE
Reviewed rev. 20 (document currently at 23)
Review result Ready
Last updated 2017-01-05

Review
review-ietf-ecrit-car-crash-20-secdir-lc-xia-2017-01-05

Hello,
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG.  These comments were written primarily for the benefit of the security area directors.  Document editors and WG chairs should treat these comments just like any other last call comments.

This document describes how to use IP-based emergency services mechanisms to support the next generation of emergency calls placed by vehicles and conveying vehicle, sensor, and location data related to the crash or incident. Comparing to the ECRIT basic drafts [draft-ietf-ecrit-ecall] [RFC7852], this extension draft mostly reuses the same technical aspects of the basic drafts, with the introduction of some new things: a new set of vehicle (crash) data -- the Vehicle Emergency Data Set (VEDS), new attribute values to the metadata/control object, a new SIP INFO package of the VEDS MIME type, etc.

Since most technical aspects of this draft are unchanged from the basic drafts, all the security considerations in them apply for this draft well. The security consideration in [RFC5069] applies for this draft too. And these basic drafts already have very comprehensive and detailed considerations about privacy and security threats. Regarding the new introduced data and action values, this draft discusses the general security mechanisms to protect their CIA (e.g., certificate, encryption, ...) too. In Summary, I have no more security issues.

Summary: this document appears in reasonably good shape, and is written well. I think it is ready.

Thanks!
B.R.
Frank