Last Call Review of draft-ietf-ecrit-unauthenticated-access-07
review-ietf-ecrit-unauthenticated-access-07-secdir-lc-tsou-2013-10-03-00

Dear all,

I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG.  These
comments were written primarily for the benefit of the security area
directors.  Document
 editors and WG chairs should treat these comments just like any other last
 call comments.



Draft-ietf-ecrit-unauthenticated-access-07 provides extensions to the emergency
services architecture described in other documents to allow emergency services
calling to proceed even when the caller is unauthenticated and unauthorized.
 The draft is particularly relevant to mobile devices, where such a situation
 is most likely to arise. It assumes separate entities provide network access
 and process calls at the application level, and based on that, deals with
 three cases, not necessarily mutually exclusive:

   -- no access authentication;

   -- no application service provider reachable;

   -- subscribed application service provider reachable but ordinary

      service denied because of zero credit balance or other reasons.

Full understanding of this document required review of RFC 5069 (security
requirements specifically for emergency call marking and mapping), RFC 6443,
the emergency calling framework, and RFC 6881, a BCP specifying requirements
for various
 components of the emergency calling system beginning with the subscriber
 device.



The draft states that it is forward-looking, and is input for other SDOs. One
example of this is the reliance on DHCP provisioning, which is at this point
little-implemented in cellular devices.



General remark: the document is very heavy on abbreviations, which makes
serious demands on the novice reader at some points. The terminology and
abbreviations are introduced quite properly at the beginning of the document,
but the authors
 might still ease the reader's task by spelling out at least the less-used
 abbreviations either whenever used (if only two or three times) or perhaps
 once per section.



General assessment: The document is basically ready, but lacks a statement of
the specific points in RFCs 6443 and 6881 that need to be changed due to lack
of authentication or authorization. As a result, the NASP and NAA sections are
unmotivated.



Editorial: Section 7 in a few places does not quite seem to say what I think it
means, hence the following suggestions:



Suggestion, sec. 7, fourth para, first sentence:

Currently: "We only illustrate a possible model."

Suggested: "We illustrate just one possible model for obtaining the destination
addresses to which emergency callers should be restricted in the NAA case."



In the next sentence, missing some words: "... as well

    as the address of the LoST server itself."

       ^^^^^^^^^^^^^^



Suggestion, sec. 7, fifth para, first sentence:

Currently: "For the ZBP case the additional aspect of fraud has to be
considered."

Suggested: "The additional aspect of fraud also has to be considered for the
ZBP case."





Typos:



Typo, sec. 5, first bullet: devices -> device



Typo, sec. 7, second para, last sentence: lead -> led



Typo, sec. 7, third para, fourth line: fraudulent -> fraudulently



Thank you,

Tina