Skip to main content

Telechat Review of draft-ietf-ipsecme-rfc7321bis-05
review-ietf-ipsecme-rfc7321bis-05-opsdir-telechat-baker-2017-04-13-00

Request Review of draft-ietf-ipsecme-rfc7321bis
Requested revision No specific revision (document currently at 06)
Type Telechat Review
Team Ops Directorate (opsdir)
Deadline 2017-03-14
Requested 2017-02-16
Authors Paul Wouters , Daniel Migault , John Preuß Mattsson , Yoav Nir , Tero Kivinen
Draft last updated 2017-04-13
Completed reviews Secdir Telechat review of -05 by Christian Huitema (diff)
Genart Telechat review of -05 by Meral Shirazipour (diff)
Opsdir Telechat review of -05 by Fred Baker (diff)
Assignment Reviewer Fred Baker
State Completed
Review review-ietf-ipsecme-rfc7321bis-05-opsdir-telechat-baker-2017-04-13
Reviewed revision 05 (document currently at 06)
Result Has Issues
Completed 2017-04-13
review-ietf-ipsecme-rfc7321bis-05-opsdir-telechat-baker-2017-04-13-00
I am reviewing this for the Operations Directorate. The intention is to provide
input to the Area Director in his balloting. I consider the document to be
mostly ready, but has issues that need to be resolved before being passed.

My first concern is a statement in the abstract that "This document obsoletes
RFC 7321 on the cryptographic recommendations only," but the header says that
it obsoletes 7321. Later, in the second paragraph of 1.2, it states that "This
document only provides recommendations for the mandatory-to-implement
algorithms and algorithms too weak that are recommended not to be implemented.
", but a diff against 7321 would suggest it is largely rewritten. Does it
obsolete the entire RFC, or only those portions that relate to cryptography
(leaving the rest intact)?  Is an implementor expected to read both documents,
or just the resulting one? I'm not sure what sections of 7321 are intended to
remain normative and which have been obsoleted, since this document states both
directions. I would recommend a text change clarifying the point.

Second, 7321 states that it contains text that is older than a certain date and
the relevant permissions may not have been obtained. The draft lacks that
statement. The IESG should determine the status: does the document contain old
text, and if so, has the relevant permission been obtained?

From an operational perspective, what this document mostly does is change
recommendations regarding cypher suites and make comments regarding IoT. I'm
not sure that it changes the way an implementation would be used or managed
operationally, apart from the crypto algorithms in question. Hence, I would
guess that the update has no direct operational impact beyond the usual issues
of deploying new or updated products in one's network.