Last Call Review of draft-ietf-msec-ipsec-group-counter-modes-
review-ietf-msec-ipsec-group-counter-modes-secdir-lc-hartman-2010-07-15-00
Request | Review of | draft-ietf-msec-ipsec-group-counter-modes |
---|---|---|
Requested revision | No specific revision (document currently at 06) | |
Type | Last Call Review | |
Team | Security Area Directorate (secdir) | |
Deadline | 2010-07-23 | |
Requested | 2010-07-11 | |
Authors | David McGrew , Brian Weis | |
I-D last updated | 2010-07-15 | |
Completed reviews |
Secdir Last Call review of -??
by Sam Hartman
|
|
Assignment | Reviewer | Sam Hartman |
State | Completed | |
Request | Last Call review on draft-ietf-msec-ipsec-group-counter-modes by Security Area Directorate Assigned | |
Completed | 2010-07-15 |
review-ietf-msec-ipsec-group-counter-modes-secdir-lc-hartman-2010-07-15-00
This is a secdir review of the above draft. The text looks fine. However, I'm concerned that this specification does not provide sufficient detail for interoperable implementation. It makes it clear that a GKMS needs to allocate SIDs but does not cite any mechanism for a GKMS to do so. I think you need to either add a normative reference to a hopefully already existing description of how to distribute this parameter, or recast this document as an informational document describing a general method but not implementing a protocol.