Telechat Review of draft-ietf-ipsecme-ad-vpn-problem-07
review-ietf-ipsecme-ad-vpn-problem-07-secdir-telechat-wallace-2013-06-27-00
| Request | Review of | draft-ietf-ipsecme-ad-vpn-problem |
|---|---|---|
| Requested revision | No specific revision (document currently at 09) | |
| Type | Telechat Review | |
| Team | Security Area Directorate (secdir) | |
| Deadline | 2013-06-21 | |
| Requested | 2013-06-07 | |
| Authors | Vishwas Manral , Steve Hanna | |
| I-D last updated | 2013-06-27 | |
| Completed reviews |
Genart Last Call review of -07
by Suresh Krishnan
(diff)
Secdir Telechat review of -07 by Carl Wallace (diff) |
|
| Assignment | Reviewer | Carl Wallace |
| State | Completed | |
| Request | Telechat review on draft-ietf-ipsecme-ad-vpn-problem by Security Area Directorate Assigned | |
| Reviewed revision | 07 (document currently at 09) | |
| Result | Has nits | |
| Completed | 2013-06-27 |
review-ietf-ipsecme-ad-vpn-problem-07-secdir-telechat-wallace-2013-06-27-00
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This document describes the problem of enabling a large number of systems to communicate directly using IPSec and defines requirements for prospective solutions. As a problem statement, it does not introduce any new security concerns. I have no new use cases, requirements or security concerns to contribute. I had one minor nit. The use cases specifically call out a need for an authentication mechanism. The requirements do not (other than implicitly through requirement 5).