Last Call Review of draft-ietf-rmt-pi-norm-revised-
review-ietf-rmt-pi-norm-revised-secdir-lc-harrington-2009-04-16-00
| Request | Review of | draft-ietf-rmt-pi-norm-revised |
|---|---|---|
| Requested revision | No specific revision (document currently at 14) | |
| Type | Last Call Review | |
| Team | Security Area Directorate (secdir) | |
| Deadline | 2009-03-24 | |
| Requested | 2009-03-13 | |
| Authors | Joseph P. Macker , Carsten Bormann , Mark J. Handley , Brian Adamson | |
| I-D last updated | 2009-04-16 | |
| Completed reviews |
Secdir Last Call review of -??
by David Harrington
Secdir Last Call review of -?? by David Harrington |
|
| Assignment | Reviewer | David Harrington |
| State | Completed | |
| Request | Last Call review on draft-ietf-rmt-pi-norm-revised by Security Area Directorate Assigned | |
| Completed | 2009-04-16 |
review-ietf-rmt-pi-norm-revised-secdir-lc-harrington-2009-04-16-00
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. The document specifies a protocol (or an update to a protocol) that provides end-to-end reliable transport of bulk data objects or streams over multicast routing and forwarding services. It also provides a congestion control scheme. It is designed to permit different upper layer services to utilize its services in different ways. I got to this review late, so I went straight to the security considerations first. I found the security requirements wishy-washy. Per BCP61, MUSTs are for implementers, SHOULDs are for deployers. There are few MUSTs or REQUIREDs to guide implementators what MUST be present for interoperable security capabilities in an compliant implementation. There are lots of SHOULDs, RECOMMENDEDs, MAY, can be, is possible, is expected, optionally, etc. in the "Baseline Secure NORM Operation". On the other hand, there are lots of SHALLs and REQUIREDs for how deployers MUST configure their security. I am not sure how interoperable the security for this "standard" will be because there are so many allowable options for how one does security. This protocol is not a security protocol. It is a protocol that utilizes lower layer security services, so maybe this "wishy-washy" approach is the correct approach to serve the real-world needs of NORM implementers and deployers. But I would feel more comfortable with something a bit more solid in terms of what MUST be present for security capabilities in compliant implementations. It might help a lot to separate the security considerations into what MUST be implemented for interoperability, and how deployments SHOULD be configured, and then talk about optional extensions or alternatives. As currently written, I am not sure I could figure out just what an implementer MUST support. David Harrington dbharrington at comcast.net ietfdbh at comcast.net dharrington at huawei.com