Telechat Review of draft-ietf-tcpinc-tcpcrypt-09
review-ietf-tcpinc-tcpcrypt-09-secdir-telechat-leiba-2017-11-11-00

Request Review of draft-ietf-tcpinc-tcpcrypt
Requested rev. no specific revision (document currently at 10)
Type Telechat Review
Team Security Area Directorate (secdir)
Deadline 2017-11-28
Requested 2017-10-25
Other Reviews Rtgdir Telechat review of -07 by John Drake (diff)
Opsdir Last Call review of -07 by Zitao Wang (diff)
Secdir Last Call review of -07 by Stephen Kent (diff)
Genart Last Call review of -07 by Dale Worley (diff)
Review State Completed
Reviewer Barry Leiba
Review review-ietf-tcpinc-tcpcrypt-09-secdir-telechat-leiba-2017-11-11
Posted at https://mailarchive.ietf.org/arch/msg/secdir/oCFuC2f7dzt3x2_AJWR3rs9s3Po
Reviewed rev. 09 (document currently at 10)
Review result Has Issues
Draft last updated 2017-11-11
Review closed: 2017-11-11

Review
review-ietf-tcpinc-tcpcrypt-09-secdir-telechat-leiba-2017-11-11

I’ve looked at Stephen Kent’s review and the discussion thereof, and have little to add to that.  A couple of small things:

1. Section 3 says that the subsections “describes the tcpcrypt protocol at an abstract level.”  There is no sense in which this description is abstract, and I’d prefer that we not try to say it is, because that gives a reader an expectation that it will be high-level, and perhaps even non-normative.  Maybe this?:

NEW
   This section provides details of the operation of the tcpcrypt protocol.
   The wire format of all messages is specified in Section 4.
END

2. In Section 7 (IANA), you say:

   Tcpcrypt's TEP identifiers will need to be incorporated in IANA's
   "TCP encryption protocol identifiers" registry under the
   "Transmission Control Protocol (TCP) Parameters" registry

I can find no such registry.  Can you help me here, maybe give me a URL?

Also, with respect to the new “tcpcrypt AEAD Algorithm" registry:

   Future assignments are to be made under the "RFC Required" policy

Note that that policy allows for assignments to be made in any RFC stream, which includes the IRTF, the IAB, and the Independent Stream.  Do you really want people to be able to send documents to the Independent Stream Editor, and to have them published and make assignments with minimal review?

You might consider whether “IETF Review” is more appropriate.  That allows RFCs of any type (Standards Track, Informational, Experimental, BCP), but requires that they be in the IETF stream and have a formal IETF last call.

It will also help IANA if you make it clear what the valid range of values is for the “Value” column.  Is 0x0000 valid?  Is 0xFFFF the maximum?  Explicitly saying that values must be in the range 0x0001 to 0xFFFF inclusive will be helpful.  (I say this with particular note that you changed how the Value field is specified between -07 and -09, so this clearly has not even been clear to the spec developers.)