Last Call Review of draft-ietf-savi-framework-
review-ietf-savi-framework-secdir-lc-eastlake-2011-11-08-00

Request Review of draft-ietf-savi-framework
Requested rev. no specific revision (document currently at 06)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2011-11-01
Requested 2011-10-07
Authors Jianping Wu, Jun Bi, Marcelo Bagnulo, Fred Baker, Christian Vogt
Draft last updated 2011-11-08
Completed reviews Secdir Last Call review of -?? by Donald Eastlake
Tsvdir Last Call review of -?? by Martin Stiemerling
Assignment Reviewer Donald Eastlake 
State Completed
Review review-ietf-savi-framework-secdir-lc-eastlake-2011-11-08
Review completed: 2011-11-08

Review
review-ietf-savi-framework-secdir-lc-eastlake-2011-11-08

draft-ietf-savi-framework-05.txt

This document is a high level framework for SAVI and references a
number of other documents. As such, I think, that the Security
Considerations section is probably of adequate depth. However, there
are a number of wording problems, both clarity and grammar, that I
believe should be fixed, particularly in the Security Consideration
section (Section 10) where there is one sentence I really didn't
understand. See below.

Also, as an Information document, it cannot have Normative References
and all such should be reclassified as Informative.

  In the first sentence of the last paragraph of Section 3.1, it is a
  bit hard to tell that "single" is supposed to modify "method" rather
  ant "IP Address". I suggest replacing "each single IP address
  configuration method" with "each single method for IP address
  configuration individually". Unless, of course, I am more confused
  by this document than I think and "single" was supposed to modify
  "IP Address".

  Section 3.2, first bullet, suggest adding a reference to RFC 5342.

  Section 7, second setence has problems. Suggest replacing with "This
  document suggests 3 prefix configuration mechanisms for SAVI
  devices:".

  Section 7, first bullet, the acronym SLACC is used without
  definition or reference. Since it is only used twice, both instances
  being in this bullet, I suggest it bet spelled out in full.

  Section 7, first bullet item, what does "feasible" mean? Should "a
  feasible" by reaplced with "an allowed"?

  Section 7, second bullet item, the acronym RA is used without
  definition or reference. Since it is only used twice, both instances
  being in this bullet, I suggest it bet spelled out in full.

  Section 7, third bullet item, the acronym DHCP-PD is used without
  defintion or reference. Since it is only used twice, both instances
  being in this bullet, I suggest it bet spelled out in full (not
  "DHCP", just "PD").

  Section 7, last sentence: the word "present" seems to be used in the
  sense of displaying to someone. How and to whom is this
  presentation?

  Section 10: I was a bit befuddled by the sentence "Besides, the
  binding may not accord with the address management requirement,
  which can be more specified for each client." The word "client" is
  used nowhere else in this document. What does this sentence mean and
  to what does "client" refer?


Smaller Nits:

  People will probably figure it out but the first occurrence of
  Source Address Validation Improvement in the Introduction (and
  Abstract) should be followed by "(SAVI)".

  In the first sentence of Section 3.1, I would replace "traces" with
  "monitors" or "snoops". (The word "snoop" is used elsewhere in the
  document.)

  Section 5, third bullet, "in hosts to communicate" -> "in hosts
  communicating".

  Section 6, first paragraph, last sentence, "in mix scenario" -> "in
  this mixed scenario".

  Section 6, second paragraph, last three sentences have
  problems. Suggest "Current address assignment method standards
  documents have implied a prioritized relationship in general
  cases. However, in some scenarios, the default prioritizing may not
  be suitable. Configurable prioritization levels should be supported
  in a SAVI solution for the mixed scenario."

  Section 7, next to last sentence/paragraph, "is" -> "are" and insert
  "the" after "implies".

  Section 10, last sentence, suggest replacing with "Cryptographically
  based authentication is the only way to meet a requirement for
  strong security of IP addresses."


Thanks,
Donald
=============================
 Donald E. Eastlake 3rd   +1-508-333-2270 (cell)
 155 Beaver Street, Milford, MA 01757 USA
 d3e3e3 at gmail.com