Last Call Review of draft-ietf-manet-ibs-03
review-ietf-manet-ibs-03-genart-lc-thomson-2014-10-24-00

Request Review of draft-ietf-manet-ibs
Requested rev. no specific revision (document currently at 05)
Type Last Call Review
Team General Area Review Team (Gen-ART) (genart)
Deadline 2014-10-27
Requested 2014-10-16
Authors Christopher Dearlove
Draft last updated 2014-10-24
Completed reviews Genart Last Call review of -03 by Martin Thomson (diff)
Assignment Reviewer Martin Thomson 
State Completed
Review review-ietf-manet-ibs-03-genart-lc-thomson-2014-10-24
Reviewed rev. 03 (document currently at 05)
Review result Ready with Issues
Review completed: 2014-10-24

Review
review-ietf-manet-ibs-03-genart-lc-thomson-2014-10-24

I am the assigned Gen-ART reviewer for this draft. For background on
Gen-ART, please see the FAQ at
< 

http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>.

Please wait for direction from your document shepherd
or AD before posting a new version of the draft.

Document: draft-ietf-manet-ibs-03
Reviewer: Martin Thomson
Review Date: 2014-10-23
IETF LC End Date: 2014-10-27
IESG Telechat date: (if known)

Summary: Ready with questions.

The language is quite clear and precise.  I did find that
comprehension required a non-trivial amount of digging into other
documents, but nothing was particularly hard to find.

This has a downref to 6507 (I see this in the shepherd writeup).

Questions:
The security considerations notes that the trusted authority has
access to private keys.  That would seem to defeat much of the benefit
of using asymmetric crypto here.  Why is this considered acceptable in
this context?  (I'd have thought it to be unacceptable in any context
when superior alternatives exist.)

The document mentions revocation, but does not seem to specify
anything.  If that is intentional, shouldn't the draft be more forward
about that?  (I only skimmed 6507 and the other docs, so I apologize
if I missed something.

Nits:
S4.1: duplicate "in in"

S5: It's probably not necessary to amend the reserved codepoints in
the registry: that rots quickly.