Last Call Review of draft-ietf-roll-building-routing-reqs-
review-ietf-roll-building-routing-reqs-secdir-lc-atkins-2009-05-24-00
Request | Review of | draft-ietf-roll-building-routing-reqs |
---|---|---|
Requested revision | No specific revision (document currently at 09) | |
Type | Last Call Review | |
Team | Security Area Directorate (secdir) | |
Deadline | 2009-03-06 | |
Requested | 2009-02-20 | |
Authors | Jerry Martocci , Pieter Mil , Nicolas Riou , Wouter Vermeylen | |
I-D last updated | 2009-05-24 | |
Completed reviews |
Secdir Last Call review of -??
by Derek Atkins
Secdir Telechat review of -?? by Derek Atkins |
|
Assignment | Reviewer | Derek Atkins |
State | Completed | |
Request | Last Call review on draft-ietf-roll-building-routing-reqs by Security Area Directorate Assigned | |
Completed | 2009-05-24 |
review-ietf-roll-building-routing-reqs-secdir-lc-atkins-2009-05-24-00
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. The Routing Over Low power and Lossy network (ROLL) Working Group has been chartered to work on routing solutions for Low Power and Lossy networks (LLN) in various markets: Industrial, Commercial (Building), Home and Urban. Pursuant to this effort, this document defines the routing requirements for building automation. The Security Considerations appear to take into account various requirements for different systems. What seems to be lacking is direction about how or when to apply various requirements and what it means to the deployment. For example, what would it mean to a deployment if it has authentication versus not having authentication? Also, it's unclear how these requirements would apply to an implementor. Variable security policies is a good idea, but it requires more guidance because the end user will never understand the ramifications of choosing one policy over another. -derek -- Derek Atkins 617-623-3745 derek at ihtfp.com www.ihtfp.com Computer and Internet Security Consultant