Skip to main content

Last Call Review of draft-ietf-ecrit-car-crash-20
review-ietf-ecrit-car-crash-20-secdir-lc-xia-2017-01-05-00

Request Review of draft-ietf-ecrit-car-crash
Requested revision No specific revision (document currently at 23)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2017-01-06
Requested 2016-12-16
Authors Randall Gellens , Brian Rosen , Hannes Tschofenig
I-D last updated 2017-01-05
Completed reviews Genart Last Call review of -20 by Dan Romascanu (diff)
Secdir Last Call review of -20 by Liang Xia (diff)
Opsdir Last Call review of -23 by Rick Casarez
Genart Telechat review of -21 by Dan Romascanu (diff)
Assignment Reviewer Liang Xia
State Completed
Request Last Call review on draft-ietf-ecrit-car-crash by Security Area Directorate Assigned
Reviewed revision 20 (document currently at 23)
Result Ready
Completed 2017-01-05
review-ietf-ecrit-car-crash-20-secdir-lc-xia-2017-01-05-00
Hello,
I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG.  These
comments were written primarily for the benefit of the security area directors.
 Document editors and WG chairs should treat these comments just like any other
last call comments.

This document describes how to use IP-based emergency services mechanisms to
support the next generation of emergency calls placed by vehicles and conveying
vehicle, sensor, and location data related to the crash or incident. Comparing
to the ECRIT basic drafts [draft-ietf-ecrit-ecall] [RFC7852], this extension
draft mostly reuses the same technical aspects of the basic drafts, with the
introduction of some new things: a new set of vehicle (crash) data -- the
Vehicle Emergency Data Set (VEDS), new attribute values to the metadata/control
object, a new SIP INFO package of the VEDS MIME type, etc.

Since most technical aspects of this draft are unchanged from the basic drafts,
all the security considerations in them apply for this draft well. The security
consideration in [RFC5069] applies for this draft too. And these basic drafts
already have very comprehensive and detailed considerations about privacy and
security threats. Regarding the new introduced data and action values, this
draft discusses the general security mechanisms to protect their CIA (e.g.,
certificate, encryption, ...) too. In Summary, I have no more security issues.

Summary: this document appears in reasonably good shape, and is written well. I
think it is ready.

Thanks!
B.R.
Frank