Last Call Review of draft-ietf-lwig-crypto-sensors-05
review-ietf-lwig-crypto-sensors-05-secdir-lc-huitema-2018-02-19-00
Request | Review of | draft-ietf-lwig-crypto-sensors |
---|---|---|
Requested revision | No specific revision (document currently at 06) | |
Type | Last Call Review | |
Team | Security Area Directorate (secdir) | |
Deadline | 2018-02-19 | |
Requested | 2018-02-05 | |
Authors | Mohit Sethi , Jari Arkko , Ari Keränen , Heidi-Maria Back | |
I-D last updated | 2018-02-19 | |
Completed reviews |
Secdir Early review of -04
by Christian Huitema
(diff)
Intdir Early review of -04 by Tim Chown (diff) Iotdir Early review of -04 by Samita Chakrabarti (diff) Opsdir Telechat review of -05 by Éric Vyncke (diff) Rtgdir Telechat review of -05 by Emmanuel Baccelli (diff) Genart Last Call review of -05 by Dan Romascanu (diff) Secdir Last Call review of -05 by Christian Huitema (diff) |
|
Assignment | Reviewer | Christian Huitema |
State | Completed | |
Request | Last Call review on draft-ietf-lwig-crypto-sensors by Security Area Directorate Assigned | |
Reviewed revision | 05 (document currently at 06) | |
Result | Ready | |
Completed | 2018-02-19 |
review-ietf-lwig-crypto-sensors-05-secdir-lc-huitema-2018-02-19-00
I already reviewed the previous version of this draft. I like its practical approach of implementations and the cost of various algorithms, and I think that the data in the draft will be useful when discussing security approaches for small devices. I am happy to see the feedback on privacy issues was taken into account. The document now states clearly that "long-term static identities makes it easy to track the devices (and their owners) when they move... (or) across ownership changes." I have just one small nit. I like the recommendation "to generate new identities at appropriate times during their lifecycle. For example, after a factory reset or an ownership handover." I wish that it would be somehow listed as one of the bullets in section 9, "Summary".