[tcpinc] Secdir telechat review of draft-ietf-tcpinc-tcpcrypt-09

Barry Leiba <barryleiba@computer.org> Sun, 12 November 2017 05:16 UTC

Return-Path: <barryleiba@computer.org>
X-Original-To: tcpinc@ietf.org
Delivered-To: tcpinc@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 5FBC1128D8B; Sat, 11 Nov 2017 21:16:13 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: Barry Leiba <barryleiba@computer.org>
To: <secdir@ietf.org>
Cc: draft-ietf-tcpinc-tcpcrypt.all@ietf.org, tcpinc@ietf.org, ietf@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.65.1
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <151046377334.30804.5873766900092971520@ietfa.amsl.com>
Date: Sat, 11 Nov 2017 21:16:13 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/tcpinc/tTSvtVqM_cQ5-vaZ1ivrgkFC_9E>
Subject: [tcpinc] Secdir telechat review of draft-ietf-tcpinc-tcpcrypt-09
X-BeenThere: tcpinc@ietf.org
X-Mailman-Version: 2.1.22
List-Id: "Working group mailing list for TCP Increased Security \(tcpinc\)" <tcpinc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpinc>, <mailto:tcpinc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tcpinc/>
List-Post: <mailto:tcpinc@ietf.org>
List-Help: <mailto:tcpinc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpinc>, <mailto:tcpinc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 12 Nov 2017 05:16:13 -0000

Reviewer: Barry Leiba
Review result: Has Issues

I’ve looked at Stephen Kent’s review and the discussion thereof, and have
little to add to that.  A couple of small things:

1. Section 3 says that the subsections “describes the tcpcrypt protocol at an
abstract level.”  There is no sense in which this description is abstract, and
I’d prefer that we not try to say it is, because that gives a reader an
expectation that it will be high-level, and perhaps even non-normative.  Maybe
this?:

NEW
   This section provides details of the operation of the tcpcrypt protocol.
   The wire format of all messages is specified in Section 4.
END

2. In Section 7 (IANA), you say:

   Tcpcrypt's TEP identifiers will need to be incorporated in IANA's
   "TCP encryption protocol identifiers" registry under the
   "Transmission Control Protocol (TCP) Parameters" registry

I can find no such registry.  Can you help me here, maybe give me a URL?

Also, with respect to the new “tcpcrypt AEAD Algorithm" registry:

   Future assignments are to be made under the "RFC Required" policy

Note that that policy allows for assignments to be made in any RFC stream,
which includes the IRTF, the IAB, and the Independent Stream.  Do you really
want people to be able to send documents to the Independent Stream Editor, and
to have them published and make assignments with minimal review?

You might consider whether “IETF Review” is more appropriate.  That allows RFCs
of any type (Standards Track, Informational, Experimental, BCP), but requires
that they be in the IETF stream and have a formal IETF last call.

It will also help IANA if you make it clear what the valid range of values is
for the “Value” column.  Is 0x0000 valid?  Is 0xFFFF the maximum?  Explicitly
saying that values must be in the range 0x0001 to 0xFFFF inclusive will be
helpful.  (I say this with particular note that you changed how the Value field
is specified between -07 and -09, so this clearly has not even been clear to
the spec developers.)