[secdir] review of draft-ietf-karp-threats-reqs-05
Stephen Kent <kent@bbn.com> Wed, 11 July 2012 19:42 UTC
Return-Path: <kent@bbn.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8E85821F8541 for <secdir@ietfa.amsl.com>; Wed, 11 Jul 2012 12:42:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0
X-Spam-Level:
X-Spam-Status: No, score=x tagged_above=-999 required=5 tests=[]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id te4iv7zS2ijZ for <secdir@ietfa.amsl.com>; Wed, 11 Jul 2012 12:42:53 -0700 (PDT)
Received: from smtp.bbn.com (smtp.bbn.com [128.33.0.80]) by ietfa.amsl.com (Postfix) with ESMTP id D689421F8549 for <secdir@ietf.org>; Wed, 11 Jul 2012 12:42:51 -0700 (PDT)
Received: from dhcp89-089-043.bbn.com ([128.89.89.43]:50786) by smtp.bbn.com with esmtp (Exim 4.77 (FreeBSD)) (envelope-from <kent@bbn.com>) id 1Sp2ob-000MSB-Ca; Wed, 11 Jul 2012 15:43:13 -0400
Message-ID: <4FFDD751.2050200@bbn.com>
Date: Wed, 11 Jul 2012 15:43:13 -0400
From: Stephen Kent <kent@bbn.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:13.0) Gecko/20120614 Thunderbird/13.0.1
MIME-Version: 1.0
To: secdir <secdir@ietf.org>
Content-Type: multipart/mixed; boundary="------------020507060409010901070104"
Cc: manav.bhatia@alcatel-lucent.com, gregory.ietf@gmail.com, stbryant@cisco.com
Subject: [secdir] review of draft-ietf-karp-threats-reqs-05
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Jul 2012 19:42:53 -0000
This is a re-review of this document. I reviewed version -03 in August of 2011. I provided an extensive set of comments and edits in an effort to improve the readability of this doc. Some of the edits were accepted, but many others have been ignored. New text (several pages worth) has been added, which has not improved the overall quality of the document. This document is very, very badly written. It includes made-up names for attacks, bad definitions, a messed-up terminology section, an inconsistent discussion of threats and attacks, and a set of "requirements" that are a mix of useful, vague, and silly statements. (One of my favorite examples is the definition of INTERFERENCE attacks, which begins by saying that "ADDING NOISE" is a type of INTERFERENCE attack. Since this does not appear to be a discussion taking place in the RF context, this is not a helpful bullet! The extensive use of uppercase words is also not much of an aid to readability.) The threat/attack discussion is a hodgepodge; it gives the reader the sense that the topics that have been included are arbitrary, with no sense of a taxonomy or a comprehensive, consistent treatment of threats and attacks. This document requires significant work to become an RFC that will be a useful guide for the KARP WG, and not an embarrassment to the IETF. An annotated, edited version of the doc is attached. Steve
- [secdir] review of draft-ietf-karp-threats-reqs-05 Stephen Kent