Skip to main content

Early Review of draft-ietf-iotops-security-protocol-comparison-02

Request Review of draft-ietf-iotops-security-protocol-comparison-02
Requested revision 02 (document currently at 03)
Type Early Review
Team Internet of Things Directorate (iotdir)
Deadline 2023-07-24
Requested 2023-07-04
Requested by Henk Birkholz
Authors John Preuß Mattsson , Francesca Palombini , Mališa Vučinić
I-D last updated 2023-07-06
Completed reviews Iotdir Early review of -02 by Russ Housley (diff)
This request is intended to get a first feedback on how intent, scope, and venue match - maybe even to give a nudge in the right direction or some reinforcement that the direction is okay.
Assignment Reviewer Russ Housley
State Completed
Request Early review on draft-ietf-iotops-security-protocol-comparison by Internet of Things Directorate Assigned
Posted at
Reviewed revision 02 (document currently at 03)
Result Not ready
Completed 2023-07-06
I reviewed this document as part of the IoT Directorate's effort to
IoT-related IETF documents being processed by the IESG.  These comments
were written primarily for the benefit of the Internet Area Directors.
Document authors, document editors, and WG chairs should treat these
comments just like any other IETF Last Call comments.

Document: draft-ietf-anima-constrained-join-proxy-05
Reviewer: Russ Housley
Review Date: 2023-07-07
Review Due Date: 2023-07-24

A review from the IoT Directorate was requested on 2023-07-05.

Summary: Not Ready

Major Concerns:

Global: The document struggles with terminology.  Each of these security
protocols have their own terms, which make comparison more difficult.
Figure 1 shows the size of some exchanges with three flights, yet OSCORE
and Group OSCORE do not really fit this model.  This leads me to the
conclusion that the document needs to start with a discussion of the
comparison methodology.

Section 5: Yes, this document is purely informational.  Other purely
informational RFCs have useful security considerations.  I agree that
there is little to say here, but the Security Considerations of each
security protocol could be referenced.

Minor Concerns:

Section 2: I find the first paragraph hard to put in context.  First, a
sentence of introduction to this topic would he helpful.  Why are these
protocols being discussed at all?  I ask because the previous section
says that "overheads are independent of the underlying transport". 
Second, i this discussion is needed at all, it might help to describe
the overhead that is associated with the various underlying protocols,
and then say which security protocols are used with the underlying.

Section 2.1: I find the section hard to put in context.  A sentence of
introduction would he helpful.  Why is this one case explained in detail
and the others not?

Section 3: References for the algorithms would be helpful.


Section 3.1: It says "key/certificate identifiers included" (two places).
I think that "key identifiers" and "certificate identifiers" need a few
words of explanation.