Last Call Review of draft-ietf-rats-eat-27
review-ietf-rats-eat-27-opsdir-lc-dunbar-2024-06-10-00
| Request | Review of | draft-ietf-rats-eat |
|---|---|---|
| Requested revision | No specific revision (document currently at 31) | |
| Type | Last Call Review | |
| Team | Ops Directorate (opsdir) | |
| Deadline | 2024-06-11 | |
| Requested | 2024-05-28 | |
| Authors | Laurence Lundblade , Giridhar Mandyam , Jeremy O'Donoghue , Carl Wallace | |
| I-D last updated | 2024-06-10 | |
| Completed reviews |
Opsdir Last Call review of -21
by Linda Dunbar
(diff)
Opsdir Last Call review of -27 by Linda Dunbar (diff) Genart Last Call review of -21 by Ines Robles (diff) Intdir Telechat review of -21 by Haoyu Song (diff) Secdir Last Call review of -13 by Hilarie Orman (diff) Iotdir Last Call review of -13 by Eliot Lear (diff) |
|
| Assignment | Reviewer | Linda Dunbar |
| State | Completed | |
| Request | Last Call review on draft-ietf-rats-eat by Ops Directorate Assigned | |
| Posted at | https://mailarchive.ietf.org/arch/msg/ops-dir/Vo0O_p_sGSe3t0OS4x87sVLNEVQ | |
| Reviewed revision | 27 (document currently at 31) | |
| Result | Has issues | |
| Completed | 2024-06-10 |
review-ietf-rats-eat-27-opsdir-lc-dunbar-2024-06-10-00
I have reviewed this document as part of the Ops area directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the Ops area directors. Document editors and WG chairs should treat these comments just like any other last-call comments. The document includes a comprehensive list of claims (e.g., hardware model, version, software name/version, location, uptime, boot count, etc.). This extensive scope could lead to implementation challenges, especially for constrained devices with limited resources. Defining and managing such a wide range of claims across various device types and manufacturers may be overly complex. Is it possible to prioritize and reduce the number of mandatory claims to those most critical for attestation? Optional claims can be defined for more specific use cases to reduce the burden on constrained devices. It would be useful if the document provides detailed guidelines and best practices for implementing privacy protections, including minimizing the exposure of sensitive claims and ensuring that privacy considerations are integrated into the design from the outset. Best regards, Linda Dunbar