Skip to main content

Last Call Review of draft-ietf-rats-tpm-based-network-device-attest-10

Request Review of draft-ietf-rats-tpm-based-network-device-attest
Requested revision No specific revision (document currently at 14)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2022-01-19
Requested 2022-01-05
Authors Guy Fedorkow , Eric Voit , Jessica Fitzgerald-McKay
I-D last updated 2022-01-16
Completed reviews Secdir Last Call review of -10 by Shawn M Emery (diff)
Genart Last Call review of -10 by Linda Dunbar (diff)
Assignment Reviewer Shawn M Emery
State Completed
Request Last Call review on draft-ietf-rats-tpm-based-network-device-attest by Security Area Directorate Assigned
Posted at
Reviewed revision 10 (document currently at 14)
Result Has nits
Completed 2022-01-16
Reviewer: Shawn Emery
Review result: Ready with nits

I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG.  These
comments were written primarily for the benefit of the security area directors.
 Document editors and WG chairs should treat these comments just like any other
last call comments.

This draft specifies a system for secure network device attestation between a
verifier and attester (i.e. network device - hardware and software).  This
protocol utilizes TPMs for signing attestation data and Device IDentity (DevID)
from the device.

A privacy considerations section does exist and describes which information
would be considered sensitive, for example, log records that could disclose
software versions which could be used by an attacker for any known
vulnerability with said version(s).

The security considerations section exists and describes the various possible
ways in attacking the system.  I believe this section comprehensively accounts
for the multitude of attacks and covers the reasonable limitations of defending
against said attacks (e.g. device compromise, swapping in TPMs, etc.).

General comments:

Thank you for the privacy considerations section.

Editorial comments:

s/of an network/of a network/
s/likely be/likely to be/
s/as specified in [RFC8572])/(as specified in [RFC8572])/
s/mechanism couple with/mechanism coupled with/
s/[I-D.ietf-sacm-coswid], [RIM]))/([I-D.ietf-sacm-coswid], [RIM])/