Telechat Review of draft-ietf-ipsecme-rfc7321bis-05

Request Review of draft-ietf-ipsecme-rfc7321bis
Requested rev. no specific revision (document currently at 06)
Type Telechat Review
Team Ops Directorate (opsdir)
Deadline 2017-03-14
Requested 2017-02-16
Authors Paul Wouters, Daniel Migault, John Preuß Mattsson, Yoav Nir, Tero Kivinen
Draft last updated 2017-04-13
Completed reviews Secdir Telechat review of -05 by Christian Huitema (diff)
Genart Telechat review of -05 by Meral Shirazipour (diff)
Opsdir Telechat review of -05 by Fred Baker (diff)
Assignment Reviewer Fred Baker 
State Completed
Review review-ietf-ipsecme-rfc7321bis-05-opsdir-telechat-baker-2017-04-13
Reviewed rev. 05 (document currently at 06)
Review result Has Issues
Review completed: 2017-04-13


I am reviewing this for the Operations Directorate. The intention is to provide input to the Area Director in his balloting. I consider the document to be mostly ready, but has issues that need to be resolved before being passed.

My first concern is a statement in the abstract that "This document obsoletes RFC 7321 on the cryptographic recommendations only," but the header says that it obsoletes 7321. Later, in the second paragraph of 1.2, it states that "This document only provides recommendations for the mandatory-to-implement algorithms and algorithms too weak that are recommended not to be implemented. ", but a diff against 7321 would suggest it is largely rewritten. Does it obsolete the entire RFC, or only those portions that relate to cryptography (leaving the rest intact)?  Is an implementor expected to read both documents, or just the resulting one? I'm not sure what sections of 7321 are intended to remain normative and which have been obsoleted, since this document states both directions. I would recommend a text change clarifying the point.

Second, 7321 states that it contains text that is older than a certain date and the relevant permissions may not have been obtained. The draft lacks that statement. The IESG should determine the status: does the document contain old text, and if so, has the relevant permission been obtained?

From an operational perspective, what this document mostly does is change recommendations regarding cypher suites and make comments regarding IoT. I'm not sure that it changes the way an implementation would be used or managed operationally, apart from the crypto algorithms in question. Hence, I would guess that the update has no direct operational impact beyond the usual issues of deploying new or updated products in one's network.