Re: [secdir] SecDir review of draft-ietf-ecrit-car-crash-20

Randall Gellens <> Thu, 05 January 2017 19:12 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 0C84D129640; Thu, 5 Jan 2017 11:12:34 -0800 (PST)
X-Quarantine-ID: <N23SODGAmOnO>
X-Virus-Scanned: amavisd-new at
X-Amavis-Alert: BAD HEADER SECTION, Duplicate header field: "MIME-Version"
X-Spam-Flag: NO
X-Spam-Score: -5
X-Spam-Status: No, score=-5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-3.1] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id N23SODGAmOnO; Thu, 5 Jan 2017 11:12:33 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id 9F08A129646; Thu, 5 Jan 2017 11:12:28 -0800 (PST)
Received: from [] ( by with ESMTP (EIMS X 3.3.9); Thu, 5 Jan 2017 11:11:38 -0800
Mime-Version: 1.0
Message-Id: <p06240605d4944afd3ed4@[]>
In-Reply-To: <C02846B1344F344EB4FAA6FA7AF481F12B099E25@SZXEMA502-MBS.china.huawei.c om>
References: <C02846B1344F344EB4FAA6FA7AF481F12B099E25@SZXEMA502-MBS.china.huawei.c om>
X-Mailer: Eudora for Mac OS X
Date: Thu, 5 Jan 2017 11:12:23 -0800
To: "Xialiang (Frank)" <>, secdir <>, The IESG <>, "" <>
From: Randall Gellens <>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
X-Random-Sig-Tag: 1.0b28
X-Random-Sig-Tag: 1.0b28
X-Random-Sig-Tag: 1.0b28
X-Random-Sig-Tag: 1.0b28
Archived-At: <>
Subject: Re: [secdir] SecDir review of draft-ietf-ecrit-car-crash-20
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Security Area Directorate <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 05 Jan 2017 19:12:34 -0000

Hi Frank,

Thank you for your review.


At 3:36 AM +0000 1/5/17, Xialiang (Frank) wrote:

>  Hello,
>  I have reviewed this document as part of the security directorate's 
> ongoing effort to review all IETF documents being processed by the 
> IESG.  These comments were written primarily for the benefit of the 
> security area directors.  Document editors and WG chairs should 
> treat these comments just like any other last call comments.
>  This document describes how to use IP-based emergency services 
> mechanisms to support the next generation of emergency calls placed 
> by vehicles and conveying vehicle, sensor, and location data 
> related to the crash or incident. Comparing to the ECRIT basic 
> drafts [draft-ietf-ecrit-ecall] [RFC7852], this extension draft 
> mostly reuses the same technical aspects of the basic drafts, with 
> the introduction of some new things: a new set of vehicle (crash) 
> data -- the Vehicle Emergency Data Set (VEDS), new attribute values 
> to the metadata/control object, a new SIP INFO package of the VEDS 
> MIME type, etc.
>  Since most technical aspects of this draft are unchanged from the 
> basic drafts, all the security considerations in them apply for 
> this draft well. The security consideration in [RFC5069] applies 
> for this draft too. And these basic drafts already have very 
> comprehensive and detailed considerations about privacy and 
> security threats. Regarding the new introduced data and action 
> values, this draft discusses the general security mechanisms to 
> protect their CIA (e.g., certificate, encryption, ...) too. In 
> Summary, I have no more security issues.
>  Summary: this document appears in reasonably good shape, and is 
> written well. I think it is ready.
>  Thanks!
>  B.R.
>  Frank

Randall Gellens
Opinions are personal;    facts are suspect;    I speak for myself only
-------------- Randomly selected tag: ---------------
If you would look up bad labor relations in the dictionary, you
would have an American Airlines logo beside it.
    --U.S. District Judge Joe Kendall, issuing a restraining order
against an American Airlines APA pilot union sick out, 10 Feb 1999.