[secdir] SECDIR review of draft-ietf-6lowpan-usecases-09.txt

Donald Eastlake <d3e3e3@gmail.com> Mon, 28 February 2011 03:42 UTC

Return-Path: <d3e3e3@gmail.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id AD4C03A6998; Sun, 27 Feb 2011 19:42:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -104.252
X-Spam-Level:
X-Spam-Status: No, score=-104.252 tagged_above=-999 required=5 tests=[AWL=-0.653, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yJWIyEJ4Pnmz; Sun, 27 Feb 2011 19:42:25 -0800 (PST)
Received: from mail-wy0-f172.google.com (mail-wy0-f172.google.com [74.125.82.172]) by core3.amsl.com (Postfix) with ESMTP id 7A9AD3A698D; Sun, 27 Feb 2011 19:42:24 -0800 (PST)
Received: by wyb42 with SMTP id 42so3558233wyb.31 for <multiple recipients>; Sun, 27 Feb 2011 19:43:23 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:from:date:message-id:subject:to :content-type:content-transfer-encoding; bh=05zEgxLRHDz7ysBRqkIIOzIm74JT4WWNG0DR4LVYHew=; b=DJUUh+dsZKHmX6daCLrZ5eV3m2Zuk0IRD3J+Ujw/fETq5m6KNxt5WyTgxAcoP0PFht KV1IofLhP4XJALdmg2iVHbM0x39Arn1EO2VCGPL0EIdgGOKSUhQW1bbgI2HeNWM7jseo s89G2IfsIPooQPouO8SsNq9r8K+dUUaQMzrY8=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:from:date:message-id:subject:to:content-type :content-transfer-encoding; b=xr3A4kbziAYoom34kMsBWMxNioSpP7AzbZ8k6u3zXprjPMaMQBh4qhvJJgq6UBtT7h HrS2ynu7ih22jO3bSUcKeXyKHG3lz6YJbDK5lqoMHeXdbqdZsCb/XAUm+kApdyziGRVR ZL2KtR15eFrPUWrSdMrcPGuKPq473YIFBgqDk=
Received: by 10.227.9.222 with SMTP id m30mr4461270wbm.211.1298864603160; Sun, 27 Feb 2011 19:43:23 -0800 (PST)
MIME-Version: 1.0
Received: by 10.227.68.140 with HTTP; Sun, 27 Feb 2011 19:43:03 -0800 (PST)
From: Donald Eastlake <d3e3e3@gmail.com>
Date: Sun, 27 Feb 2011 22:43:03 -0500
Message-ID: <AANLkTikErRCyk5CryOvRXO-zz6OYd55KUDESf81gZQjv@mail.gmail.com>
To: iesg@ietf.org, secdir@ietf.org, draft-ietf-6lowpan-usecases.all@tools.ietf.org
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Subject: [secdir] SECDIR review of draft-ietf-6lowpan-usecases-09.txt
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Feb 2011 03:42:25 -0000

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG. Document editors and WG chairs should treat
these comments just like any other last call comments

As you might guess from the draft name, this is an informational
document describing a number of use cases for low-power wireless
personal area networks. The security considerations section,
reasonably enough, briefly indicates why different use cases may have
considerably different security requirements and what some types of
such security requirements could be.

The thing that I think is lacking is some hint as to where to look to
find possible mechanisms to meet those requirements. For this type of
document, no detailed analysis of mechanisms is needed. But I would
feel better if a sentence could be added such as follow (with some
alternative wording in square brackets): "These varied security
requirement [can commonly][are expected to] be met by the use of
mechanisms such as IPsec and IKE, TLS, or 802.15.4 link security.". If
there is an appropriate security mechanism survey document that would
be fine. I did look at RFC 4919 as something that could be referenced
and it seems too preliminary and tentative. RFC 4944 is only a little
better. Perhaps there should be a reference to
draft-qiu-6lowpan-secure-router at least as an example of work in
progress in this area.

Thanks,
Donald
=============================
 Donald E. Eastlake 3rd   +1-508-333-2270 (cell)
 155 Beaver Street
 Milford, MA 01757 USA
 d3e3e3@gmail.com