[Suit] Secdir last call review of draft-ietf-suit-architecture-11

Rich Salz via Datatracker <noreply@ietf.org> Thu, 27 August 2020 16:11 UTC

Return-Path: <noreply@ietf.org>
X-Original-To: suit@ietf.org
Delivered-To: suit@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 4D29E3A0FE9; Thu, 27 Aug 2020 09:11:24 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Rich Salz via Datatracker <noreply@ietf.org>
To: secdir@ietf.org
Cc: last-call@ietf.org, draft-ietf-suit-architecture.all@ietf.org, suit@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 7.14.1
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <159854468417.31349.14137152546699566319@ietfa.amsl.com>
Reply-To: Rich Salz <rsalz@akamai.com>
Date: Thu, 27 Aug 2020 09:11:24 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/IS23icuWQHTVfuCuezgiBDWeDd0>
Subject: [Suit] Secdir last call review of draft-ietf-suit-architecture-11
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Aug 2020 16:11:25 -0000

Reviewer: Rich Salz
Review result: Ready

The security directorate tries to review all IETF documents prior to IESG
review. This should be considered as input to the security AD's, or otherwise
general Last Call comments.

I apologize for the lateness of this review. Hopefully since a new draft is
expected, this might be useful anyway.

This is READY (reasonable folks may disagree of course).  There are no nits
that aren't already covered. I have some suggestions: - I wish the terminology
were in alphabetical order. - The requirements list should say "each is covered
in more detail in the following subsections" or similar.

The topic, updating firmware on IoT devices, is very important. The document
defines requirements, explains why, and then describes an architecture that
could meet those requirements. Examples cover a variety of instantiations. I
think this is the first time I have seen a ladder diagram for processing steps,
as opposed to protocol interchanges.  This is a very well-written document.