[secdir] Secdir last call review of draft-ietf-ippm-stamp-srpm-11

Kathleen Moriarty via Datatracker <noreply@ietf.org> Sat, 27 May 2023 12:01 UTC

Return-Path: <noreply@ietf.org>
X-Original-To: secdir@ietf.org
Delivered-To: secdir@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 2DE69C15199D; Sat, 27 May 2023 05:01:54 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Kathleen Moriarty via Datatracker <noreply@ietf.org>
To: secdir@ietf.org
Cc: draft-ietf-ippm-stamp-srpm.all@ietf.org, ippm@ietf.org, last-call@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 10.4.1
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <168518891417.37288.16035640571886484945@ietfa.amsl.com>
Reply-To: Kathleen Moriarty <Kathleen.Moriarty.ietf@gmail.com>
Date: Sat, 27 May 2023 05:01:54 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/J8Cfa3nCl3AGq5cd24cQq-InmKM>
Subject: [secdir] Secdir last call review of draft-ietf-ippm-stamp-srpm-11
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.39
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 27 May 2023 12:01:54 -0000

Reviewer: Kathleen Moriarty
Review result: Has Nits

The security considerations could be slightly expanded to refer to the
"encrypted mode" and "authenticated mode" that is referenced from RFC8545
security considerations. Perhaps a direct reference to where those are
specified would be better than the current reference as that just states in the
security considerations section that they are recommended, but that document
does not define those options. The reader would then be able to jump to those
documents/sections rather than having to take multiple steps to see what the
additional security options include.

The limit on where this protocol used provides good context. It's also good
that the integrity protection is built-in. I appreciate the working group and
authors efforts to build-in security options. Well done!