Skip to main content

Last Call Review of draft-ietf-rift-applicability-14
review-ietf-rift-applicability-14-secdir-lc-ladd-2024-04-18-00

Request Review of draft-ietf-rift-applicability
Requested revision No specific revision (document currently at 15)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2024-05-01
Requested 2024-04-17
Requested by Jim Guichard
Authors Yuehua Wei , Zheng Zhang , Dmitry Afanasiev , Pascal Thubert , Tony Przygienda
I-D last updated 2024-04-18
Completed reviews Rtgdir Last Call review of -14 by Sasha Vainshtein (diff)
Secdir Last Call review of -14 by Watson Ladd (diff)
Secdir Last Call review of -03 by Watson Ladd (diff)
Genart Last Call review of -03 by Linda Dunbar (diff)
Intdir Last Call review of -06 by Ralf Weber (diff)
Iotdir Last Call review of -03 by Samita Chakrabarti (diff)
Rtgdir Last Call review of -03 by Mike McBride (diff)
Tsvart Last Call review of -03 by Tommy Pauly (diff)
Assignment Reviewer Watson Ladd
State Completed
Request Last Call review on draft-ietf-rift-applicability by Security Area Directorate Assigned
Posted at https://mailarchive.ietf.org/arch/msg/secdir/PZQVczG0VrGMQG99oWDAAidQclg
Reviewed revision 14 (document currently at 15)
Result Not ready
Completed 2024-04-18
review-ietf-rift-applicability-14-secdir-lc-ladd-2024-04-18-00
I have completed the secdir review of draft-ietf-rift-applicability, part of
the secdir effort to review all documents progressing to this stage in the
IETF. These comments should be treated like any other in the the last call
process. The result of the review is not ready.

I used to think I knew broadly what networking was, then I read this document.
There's a fair number of terms that are new to me, and some more references
might help develop understanding. But that's a minor editorial point.

More concerning is the complete absence of discussion of security, choosing to
kick that to RIFT. That's despite a section about key management in the
document, as well as discussion of operational scenarios that have implications
for the choice of key management technology used. I'd like to see more here:
it's an opportunity to spell out security considerations applicable to the
scenarios with more specificity than in the RIFT drafts.

Sincerely,
Watson Ladd