[ippm] Secdir last call review of draft-ietf-ippm-stamp-srpm-11

Kathleen Moriarty via Datatracker <noreply@ietf.org> Sat, 27 May 2023 12:01 UTC

MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Kathleen Moriarty via Datatracker <noreply@ietf.org>
To: secdir@ietf.org
Cc: draft-ietf-ippm-stamp-srpm.all@ietf.org, ippm@ietf.org, last-call@ietf.org
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <168518891417.37288.16035640571886484945@ietfa.amsl.com>
Reply-To: Kathleen Moriarty <Kathleen.Moriarty.ietf@gmail.com>
Date: Sat, 27 May 2023 05:01:54 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/ippm/TNY0Z6a2ETqEf_TOVHpllnqJo1Q>
Subject: [ippm] Secdir last call review of draft-ietf-ippm-stamp-srpm-11

Reviewer: Kathleen Moriarty
Review result: Has Nits

The security considerations could be slightly expanded to refer to the
"encrypted mode" and "authenticated mode" that is referenced from RFC8545
security considerations. Perhaps a direct reference to where those are
specified would be better than the current reference as that just states in the
security considerations section that they are recommended, but that document
does not define those options. The reader would then be able to jump to those
documents/sections rather than having to take multiple steps to see what the
additional security options include.

The limit on where this protocol used provides good context. It's also good
that the integrity protection is built-in. I appreciate the working group and
authors efforts to build-in security options. Well done!

[ippm] Secdir last call review of draft-ietf-ippm… Kathleen Moriarty via Datatracker