Early Review of draft-ietf-iotops-security-protocol-comparison-02
|Requested revision||02 (document currently at 03)|
|Team||Internet of Things Directorate (iotdir)|
|Requested by||Henk Birkholz|
|Authors||John Preuß Mattsson , Francesca Palombini , Mališa Vučinić|
|I-D last updated||2023-07-06|
Iotdir Early review of -02
by Russ Housley
This request is intended to get a first feedback on how intent, scope, and venue match - maybe even to give a nudge in the right direction or some reinforcement that the direction is okay.
|Request||Early review on draft-ietf-iotops-security-protocol-comparison by Internet of Things Directorate Assigned|
|Reviewed revision||02 (document currently at 03)|
I reviewed this document as part of the IoT Directorate's effort to IoT-related IETF documents being processed by the IESG. These comments were written primarily for the benefit of the Internet Area Directors. Document authors, document editors, and WG chairs should treat these comments just like any other IETF Last Call comments. Document: draft-ietf-anima-constrained-join-proxy-05 Reviewer: Russ Housley Review Date: 2023-07-07 Review Due Date: 2023-07-24 A review from the IoT Directorate was requested on 2023-07-05. Summary: Not Ready Major Concerns: Global: The document struggles with terminology. Each of these security protocols have their own terms, which make comparison more difficult. Figure 1 shows the size of some exchanges with three flights, yet OSCORE and Group OSCORE do not really fit this model. This leads me to the conclusion that the document needs to start with a discussion of the comparison methodology. Section 5: Yes, this document is purely informational. Other purely informational RFCs have useful security considerations. I agree that there is little to say here, but the Security Considerations of each security protocol could be referenced. Minor Concerns: Section 2: I find the first paragraph hard to put in context. First, a sentence of introduction to this topic would he helpful. Why are these protocols being discussed at all? I ask because the previous section says that "overheads are independent of the underlying transport". Second, i this discussion is needed at all, it might help to describe the overhead that is associated with the various underlying protocols, and then say which security protocols are used with the underlying. Section 2.1: I find the section hard to put in context. A sentence of introduction would he helpful. Why is this one case explained in detail and the others not? Section 3: References for the algorithms would be helpful. Nits: Section 3.1: It says "key/certificate identifiers included" (two places). I think that "key identifiers" and "certificate identifiers" need a few words of explanation.