[Roll] Secdir last call review of draft-ietf-roll-aodv-rpl-09

Tero Kivinen via Datatracker <noreply@ietf.org> Mon, 22 March 2021 16:41 UTC

Return-Path: <noreply@ietf.org>
X-Original-To: roll@ietf.org
Delivered-To: roll@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id C902C3A0CAF; Mon, 22 Mar 2021 09:41:13 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Tero Kivinen via Datatracker <noreply@ietf.org>
To: secdir@ietf.org
Cc: draft-ietf-roll-aodv-rpl.all@ietf.org, last-call@ietf.org, roll@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 7.27.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <161643127376.6337.10029863442550466574@ietfa.amsl.com>
Reply-To: Tero Kivinen <kivinen@iki.fi>
Date: Mon, 22 Mar 2021 09:41:13 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/roll/gERMHf7OBMWTPSZYH625f8xvw0w>
Subject: [Roll] Secdir last call review of draft-ietf-roll-aodv-rpl-09
X-BeenThere: roll@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Routing Over Low power and Lossy networks <roll.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/roll>, <mailto:roll-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/roll/>
List-Post: <mailto:roll@ietf.org>
List-Help: <mailto:roll-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/roll>, <mailto:roll-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Mar 2021 16:41:14 -0000

Reviewer: Tero Kivinen
Review result: Has Nits

I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG.  These
comments were written primarily for the benefit of the security area directors.
 Document editors and WG chairs should treat these comments just like any other
last call comments.

The title of the draft has some acronyms which are not expanded (AODV, P2P) and
if you expand them the title comes way too long. I would propose a usable
title, which might not need to use all possible acronyms, but would better
explain what this document is trying to do.

This draft defines a new mode of operation to the allow peer to peer on demand
routing in low power and lossy networks. I have not enough knowledge of RPL to
really know how the new mode differs from the old methods. The security
considerations section points to the RFC6550, and then explains that if rogue
router has key it can do all kind of things.

Nits:

In section 1 the text "RPL [RFC6550] (Routing Protocol for Low-Power and Lossy
Networks)" defines acronyms differently than what is used everywhere else. In
all other cases the document uses format where the acronym is in parenthesis
after the full text, i.e. "Routing Protocol for Low-Power and Lossy Networks
(RPL) [RFC6550]" format. I would propose using the same format also for here.

In section 1 there is acronym DAG which is not expanded, expand it on first
use. Also there are unexpanded acronyms DAO, P2MP, which are not used anywhere
else, perhaps just expand them here. In same paragraph there is also acronym
MOP which is not expanded here on its first use, but it is expanded later.
Expand it here on its first use.

What is the difference between different reserve bits X and r in sections
4.1/4.2 and 4.3?

Period missing from the end of sentence of the Option Length description in
Section 4.3.

In the IANA considerations section I propose add a note to RFC editor saying
that the sentences saying " The parenthesized numbers are only suggestions."
needs to be removed prior publication.