[secdir] secdir review of draft-ietf-ippm-multimetrics

[Stephen Farrell <stephen.farrell@cs.tcd.ie>]

Hi,

This is a security directorate review; editors should treat these
comments as any other last call comments.

The draft defines new "spatial" and multi-party metrics.

1. The security considerations section refers to the same section in
RFCs 2679, 2680 (are those identical?), 3393 and 3432. Those are all
pretty brief (~3 paragraphs) and don't really say much. Presumably this
was considered ok when those were produced so if the ADs are happy that
that remains the case, then its ok that this draft refers to those as
if they were more detailed than they are.

2. If I am a point of interest presumably I could send bad results in
order to attempt to get someone to reconfigure the network so as to
offer me better service or give someone else worse service. I would
think that that may warrant a specific mention as a security
consideration. The current text doesn't seem to cover that and I
guess I'd argue that this is more likely for a one-to-group measurement.

Regards,
Stephen.

Editorial/Nits:

- Are the "x" and "X" characters different in Figure 2? I think they
are, but the legend only mentions the "x" as not being of interest.
Maybe use Y/N instead but do say if the "X" (or "Y") are of interest.

- The acronym ipdv is used without expansion in section 3.

- 5.1.5 s/DTi+1/dTi+1/

- 5.2 s/from the section 2/from section 2/

- 8.0 s/This kind of statistics/This kind of statistic/ or
       /These kinds of statistics/

- 8.1 s/The packet loss/Packet loss/  (There are a number of
such language changes that should be made.)

- 10.4 In the informationm model should hosts_serie be hosts_series?
(same for other xxx_serie elements)