Last Call Review of draft-ietf-lwig-crypto-sensors-05

Request Review of draft-ietf-lwig-crypto-sensors
Requested rev. no specific revision (document currently at 06)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2018-02-19
Requested 2018-02-05
Authors Mohit Sethi, Jari Arkko, Ari Keränen, Heidi-Maria Back
Draft last updated 2018-02-19
Completed reviews Secdir Early review of -04 by Christian Huitema (diff)
Intdir Early review of -04 by Tim Chown (diff)
Iotdir Early review of -04 by Samita Chakrabarti (diff)
Opsdir Telechat review of -05 by Éric Vyncke (diff)
Rtgdir Telechat review of -05 by Emmanuel Baccelli (diff)
Genart Last Call review of -05 by Dan Romascanu (diff)
Secdir Last Call review of -05 by Christian Huitema (diff)
Assignment Reviewer Christian Huitema
State Completed
Review review-ietf-lwig-crypto-sensors-05-secdir-lc-huitema-2018-02-19
Reviewed rev. 05 (document currently at 06)
Review result Ready
Review completed: 2018-02-19


I already reviewed the previous version of this draft. I like its practical approach of implementations and the cost of various algorithms, and I think that the data in the draft will be useful when discussing security approaches for small devices. I am happy to see the feedback on privacy issues was taken into account. The document now states clearly that "long-term static identities makes it easy to track the devices (and their owners) when they move... (or) across ownership changes."

I have just one small nit. I like the recommendation "to generate new identities at appropriate times during their lifecycle.  For example, after a factory reset or an ownership handover." I wish that it would be somehow listed as one of the bullets in section 9, "Summary".