Skip to main content

Telechat Review of draft-ietf-taps-transport-security-11
review-ietf-taps-transport-security-11-iotdir-telechat-sethi-2020-04-01-00

Request Review of draft-ietf-taps-transport-security
Requested revision No specific revision (document currently at 12)
Type Telechat Review
Team Internet of Things Directorate (iotdir)
Deadline 2020-04-07
Requested 2020-03-26
Requested by Éric Vyncke
Authors Reese Enghardt , Tommy Pauly , Colin Perkins , Kyle Rose , Christopher A. Wood
Draft last updated 2020-04-01
Completed reviews Secdir Early review of -05 by Paul Wouters (diff)
Genart Last Call review of -09 by Meral Shirazipour (diff)
Secdir Last Call review of -09 by Paul Wouters (diff)
Intdir Telechat review of -11 by Brian Haberman (diff)
Iotdir Telechat review of -11 by Mohit Sethi (diff)
Opsdir Telechat review of -11 by Susan Hares (diff)
Secdir Telechat review of -11 by Paul Wouters (diff)
Assignment Reviewer Mohit Sethi
State Completed
Review review-ietf-taps-transport-security-11-iotdir-telechat-sethi-2020-04-01
Posted at https://mailarchive.ietf.org/arch/msg/iot-directorate/xTVOvQ7kI78sDPZQuVsTvGB2x0s
Reviewed revision 11 (document currently at 12)
Result Ready with Nits
Completed 2020-04-01
review-ietf-taps-transport-security-11-iotdir-telechat-sethi-2020-04-01-00
This document provides a summary of common security protocols. It then
discusses the interfaces that exist between applications and security protocols
as well as security protocols and transport services.

Major issues: The document header says that this document is about interfaces
between security protocols and transport services. Yet, later on, I find that
the document is also discussing the interfaces between security protocols and
applications. Perhaps you could add 'applications' to the title -> 'Interaction
Between Applications, Security Protocols, and Transport Services'

Editorial issues:
- Instead of saying 'This protocol obsoletes TCP MD5 "signature" options', can
we say 'TCP-AO obsoletes....' to avoid confusion of what is 'this' - Please
expand 'and IPsec AH [RFC4302]' -> IP Authentication Header - Are you talking
about cryptographic agility here 'security protocols: confidentiality, privacy
protections, and agility.' ? - Consider changing 'interface surface exposed '->
interface exposed by'. Otherwise it sounds too similar to attack surface
exposed. - Expand EAP and reference RFC3748. - Perhaps you could say that
Source Address Validation (SAV) to prevent DoS is relevant for protocols that
use unreliable transport?