[secdir] review of draft-ietf-karp-threats-reqs-05

Stephen Kent <kent@bbn.com> Wed, 11 July 2012 19:42 UTC

Return-Path: <kent@bbn.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 8E85821F8541 for <secdir@ietfa.amsl.com>; Wed, 11 Jul 2012 12:42:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0
X-Spam-Status: No, score=x tagged_above=-999 required=5 tests=[]
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id te4iv7zS2ijZ for <secdir@ietfa.amsl.com>; Wed, 11 Jul 2012 12:42:53 -0700 (PDT)
Received: from smtp.bbn.com (smtp.bbn.com []) by ietfa.amsl.com (Postfix) with ESMTP id D689421F8549 for <secdir@ietf.org>; Wed, 11 Jul 2012 12:42:51 -0700 (PDT)
Received: from dhcp89-089-043.bbn.com ([]:50786) by smtp.bbn.com with esmtp (Exim 4.77 (FreeBSD)) (envelope-from <kent@bbn.com>) id 1Sp2ob-000MSB-Ca; Wed, 11 Jul 2012 15:43:13 -0400
Message-ID: <4FFDD751.2050200@bbn.com>
Date: Wed, 11 Jul 2012 15:43:13 -0400
From: Stephen Kent <kent@bbn.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:13.0) Gecko/20120614 Thunderbird/13.0.1
MIME-Version: 1.0
To: secdir <secdir@ietf.org>
Content-Type: multipart/mixed; boundary="------------020507060409010901070104"
Cc: manav.bhatia@alcatel-lucent.com, gregory.ietf@gmail.com, stbryant@cisco.com
Subject: [secdir] review of draft-ietf-karp-threats-reqs-05
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Jul 2012 19:42:53 -0000

This is a re-review of this document.  I reviewed version -03 in August 
of 2011. I provided an extensive
set of comments and edits in  an effort to improve the readability of 
this doc.  Some of the edits were
accepted, but many others have been ignored. New text (several pages 
worth) has been added, which has not improved the overall quality of the 

This document is very, very badly written. It includes made-up names for 
attacks, bad definitions, a messed-up terminology section, an 
inconsistent discussion of threats and attacks, and a set of 
"requirements" that are a mix of useful, vague, and silly statements. 
(One of my favorite examples is the definition of INTERFERENCE attacks, 
which begins by saying that "ADDING NOISE" is a type of INTERFERENCE 
attack. Since this does not appear to be a discussion taking  place in 
the RF context, this is not a helpful bullet! The extensive use of 
uppercase words
is also not much of an aid to readability.)

The threat/attack discussion is a hodgepodge; it gives the reader the 
sense that the topics that have been included are arbitrary, with no 
sense of a taxonomy or a comprehensive, consistent treatment of threats 
and attacks.

This document requires significant work to become an RFC that will be a 
useful guide for the KARP WG,
and not an embarrassment to the IETF.

An annotated, edited version of the doc is attached.