Early Review of draft-ietf-lwig-crypto-sensors-04
review-ietf-lwig-crypto-sensors-04-iotdir-early-chakrabarti-2017-11-06-00
| Request | Review of | draft-ietf-lwig-crypto-sensors |
|---|---|---|
| Requested revision | No specific revision (document currently at 06) | |
| Type | Early Review | |
| Team | Internet of Things Directorate (iotdir) | |
| Deadline | 2017-10-18 | |
| Requested | 2017-09-29 | |
| Requested by | Suresh Krishnan | |
| Authors | Mohit Sethi , Jari Arkko , Ari Keränen , Heidi-Maria Back | |
| I-D last updated | 2017-11-06 | |
| Completed reviews |
Secdir Early review of -04
by Christian Huitema
(diff)
Intdir Early review of -04 by Tim Chown (diff) Iotdir Early review of -04 by Samita Chakrabarti (diff) Opsdir Telechat review of -05 by Éric Vyncke (diff) Rtgdir Telechat review of -05 by Emmanuel Baccelli (diff) Genart Last Call review of -05 by Dan Romascanu (diff) Secdir Last Call review of -05 by Christian Huitema (diff) |
|
| Assignment | Reviewer | Samita Chakrabarti |
| State | Completed | |
| Request | Early review on draft-ietf-lwig-crypto-sensors by Internet of Things Directorate Assigned | |
| Reviewed revision | 04 (document currently at 06) | |
| Result | Ready w/nits | |
| Completed | 2017-11-06 |
review-ietf-lwig-crypto-sensors-04-iotdir-early-chakrabarti-2017-11-06-00
I have reviewed draft-ietf-lwig-crypto-sensors-04 document for IOT-Directorate review. The following are my comments: General : The document is easy reading and informative about current and previous work. It is ready to publish with minor changes based on review comments. Other comments: Introduction: It might be useful to discuss/clarify that multi-level security may be important for IOT devices all the way from 'bootstrapping and management' to application security. That perhaps can include obtaining IP-addresses securely, mutual authentication between server and devices , etc. ( see https://tools.ietf.org/html/draft-ietf-6lo-ap-nd-03) in those cases where each device has an IP address. Section 2: Regarding problems of provisioning and management of networks for the IOT devices there may be additional issues – 1) different types of IOT devices and the lack of standards way to provision them as they might be talking different RF technologies and running L2 protocols only. 2) The iot nodes may be moving individually or collectively and change networks; identifying the movement of the iot nodes or identifying a particular node at any point of time uniquely requires an intrinsic identification which might be useful to set during bootstrapping of the node Regarding related work – does it consider IETF IOT security work only? There have been some work and thought process going on regarding blockchain IOT security in the industry. Perhaps that is out-of-scope of this document, but I wanted to mention for authors’ considerations. Section 5: Authors of the document may also want to browse a SRAM PUF based technology which provides unique ID based authentication mechanism. https://www.intrinsic-id.com/intrinsic-id-joins-wi-sun-alliance/ Section 9: Does the example simulate any particular deployment model or research experiments ? It might be good to clarify that. Section 10 and 11: Looks like section 11 is closely related to section 10. Should they be combined together ? Else some more text is needed in section 10 on design trade-offs. Section 13: Does this document recommend one layer of security to IOT devices ? There are different types of IOT devices – some of them are very tiny and some are more capable. Some definitely benefit for multi-level security than single layer of security. L2 security is generally recommended for for all IOT networks. Does data object protection only protect the application data (payload) or more ? Thanks for the initiative in documenting the valuable work in IOT security implementation and crypto comparison. -Samita