[secdir] Secdir last call review of draft-ietf-lwig-crypto-sensors-05

Christian Huitema <huitema@huitema.net> Mon, 19 February 2018 20:22 UTC

Return-Path: <huitema@huitema.net>
X-Original-To: secdir@ietf.org
Delivered-To: secdir@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id E1104124E15; Mon, 19 Feb 2018 12:22:40 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Christian Huitema <huitema@huitema.net>
To: <secdir@ietf.org>
Cc: lwip@ietf.org, ietf@ietf.org, draft-ietf-lwig-crypto-sensors.all@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.72.2
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <151907176089.18767.4773052547289438438@ietfa.amsl.com>
Date: Mon, 19 Feb 2018 12:22:40 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/_m6MkJmjfWJL5icWkF5yG-1aPEQ>
Subject: [secdir] Secdir last call review of draft-ietf-lwig-crypto-sensors-05
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Feb 2018 20:22:41 -0000

Reviewer: Christian Huitema
Review result: Ready

I already reviewed the previous version of this draft. I like its practical
approach of implementations and the cost of various algorithms, and I think
that the data in the draft will be useful when discussing security approaches
for small devices. I am happy to see the feedback on privacy issues was taken
into account. The document now states clearly that "long-term static identities
makes it easy to track the devices (and their owners) when they move... (or)
across ownership changes."

I have just one small nit. I like the recommendation "to generate new
identities at appropriate times during their lifecycle.  For example, after a
factory reset or an ownership handover." I wish that it would be somehow listed
as one of the bullets in section 9, "Summary".