[secdir] Secdir early review of draft-ietf-anima-autonomic-control-plane-13

Liang Xia <frank.xialiang@huawei.com> Sat, 24 February 2018 03:28 UTC

Return-Path: <frank.xialiang@huawei.com>
X-Original-To: secdir@ietf.org
Delivered-To: secdir@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 69E7812895E; Fri, 23 Feb 2018 19:28:05 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Liang Xia <frank.xialiang@huawei.com>
To: <secdir@ietf.org>
Cc: anima@ietf.org, ietf@ietf.org, draft-ietf-anima-autonomic-control-plane.all@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.72.4
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <151944288538.13853.12008661353663855742@ietfa.amsl.com>
Date: Fri, 23 Feb 2018 19:28:05 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/4pcdI-DkVzdNfT8IqDGZmOQWnow>
Subject: [secdir] Secdir early review of draft-ietf-anima-autonomic-control-plane-13
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 24 Feb 2018 03:28:05 -0000

Reviewer: Liang Xia
Review result: Has Issues

In general, this document is well-written and considers security issues
carefully throughout the whole architecture.

nits:
Abstract: /or not misconfigured/or misconfigured/

the fifth paragraph of section 6.1: the last ")" is redundant, therefore can be
deleted

some section titles don't comply the rule of starting from a capital letter

section 6.5
/("IP security", see [RFC4301] and "Internet Key Exchange protocol version 2",
see [RFC7296]/("IP security", see [RFC4301] and "Internet Key Exchange protocol
version 2", see [RFC7296])/

suggestion:
all the Figures (e.g., Figure 1,2...) should have a title for explanation

section 2, please update the last paragraph to reference RFC8174 to indicate
that lowercase versions of the keywords are not normative

Section 11 (Security Considerations) Since section 9.2 has described the
self-protection properties of ACP well, it may be useful in this section to
mention them as a whole.