[secdir] secdir review of draft-richardson-roll-applicability-template-01

"Dan Harkins" <dharkins@lounge.org> Wed, 20 February 2013 22:32 UTC

Return-Path: <dharkins@lounge.org>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B47A721E8041; Wed, 20 Feb 2013 14:32:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.265
X-Spam-Level:
X-Spam-Status: No, score=-6.265 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pmytrG1QRHuj; Wed, 20 Feb 2013 14:32:11 -0800 (PST)
Received: from colo.trepanning.net (colo.trepanning.net [69.55.226.174]) by ietfa.amsl.com (Postfix) with ESMTP id 7AAE621E803A; Wed, 20 Feb 2013 14:31:53 -0800 (PST)
Received: from www.trepanning.net (localhost [127.0.0.1]) by colo.trepanning.net (Postfix) with ESMTP id 4C68E1022404C; Wed, 20 Feb 2013 14:31:53 -0800 (PST)
Received: from 69.12.173.8 (SquirrelMail authenticated user dharkins@lounge.org) by www.trepanning.net with HTTP; Wed, 20 Feb 2013 14:31:53 -0800 (PST)
Message-ID: <11d667a994d9c2f139958c2e605048fa.squirrel@www.trepanning.net>
Date: Wed, 20 Feb 2013 14:31:53 -0800 (PST)
From: "Dan Harkins" <dharkins@lounge.org>
To: secdir@ietf.org, iesg@ietf.org, draft-richardson-roll-applicability-template.all@tools.ietf.org
User-Agent: SquirrelMail/1.4.14 [SVN]
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
Subject: [secdir] secdir review of draft-richardson-roll-applicability-template-01
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Feb 2013 22:32:11 -0000

  Hello,

  I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

  Boilerplate aside, I hope that this document is not being processed
by the IESG because I don't think it's suitable for publishing even as
an Informational RFC (it's intended status). It seems to have the right
sections to properly articulate the ROLL Applicability Statement but
there is no content there so it is not suitable for any purpose as a
stand-alone document and it's not really possible to review it. This
seems more like an internal placeholder document for the ROLL WG
to work on as a precursor to producing a real applicability statement
and not the kind of document that the IETF normally produces, and
that the Security Area Directorate normally reviews.

  Some suggestions for improving this template so some other
draft that would be suitable for advancement could be written:

  - Instead of "Hello", I think the content of "1. Introduction"
     should be a description of what the applicability statement
     will be and what it's for, that way this text can just be copied
     into the real applicability statement. It seems like a template
     should provide this information.
  - Make a 1.2 for terminology and put "RPL" and "trickle" there
     along with some other ROLL-related terms.
  - there are probably different security considerations for P2P
     and P2MP communication, probably split those out in
     section 6 so the applicability statement addresses them.
  - 4.2.1 should be "Services Provided at Layer 2" or something
     general like that. If you need an expert that might be better
     noted as a parenthetical comment for 4.2.

  regards,

  Dan.