Early Review of draft-ietf-p2psip-share-08

Request Review of draft-ietf-p2psip-share
Requested rev. no specific revision (document currently at 10)
Type Early Review
Team Security Area Directorate (secdir)
Deadline 2016-11-01
Requested 2016-03-31
Draft last updated 2016-04-07
Completed reviews Genart Last Call review of -09 by Matthew Miller (diff)
Secdir Early review of -08 by Russ Housley (diff)
Secdir Last Call review of -09 by Russ Housley (diff)
Opsdir Last Call review of -09 by Rick Casarez (diff)
Assignment Reviewer Russ Housley
State Completed
Review review-ietf-p2psip-share-08-secdir-early-housley-2016-04-07
Reviewed rev. 08 (document currently at 10)
Review result Not Ready
Review completed: 2016-04-07


I reviewed this document for the Security Directorate after a request
by the ART AD for an early review.

Version reviewed: draft-ietf-p2psip-share-08

Summary: Not Ready (from a Security Directorate perspective)

Major Concerns:

In Section 3.1, there is an algorithm for assigning index values, and
the text says that the high-order 24 bits of the Node-ID serve as a
pseudo-random identifier.  Since these 24 bits are obtained from the
certificate that will be used to sign the stored data, the I think that
the same bits will be used over and over.  If I got this correct, then
they are not pseudo-random.

In addition, Section 3.1 points to RFC 3550, Section 8.1 for a
discussion of the probability of a collision.  The consequences of a
collision seem to be different in the two documents.  The consequences
of a collision in the index should be clearly described in this

Minor Concerns:  None


Please pick one spelling for Resource-IDs. (This is the spelling used
in RFC 6940.)  However, this document sometimes uses "Resource Id".

Section 4.1 includes several examples for array indices.  All of
them are more than 32 bits: 0x123abc001, 0x123abc002, 0x123abc003,
0x123abc004, and 0x456def001.  The most straightforward solution is
to drop one of the zero digits.

To improve readability, I think the first sentence of Section 5.1
should read: "In certain use cases, such as conferencing, it is

Section 5.1 says:

   When defining the pattern, care must be taken to avoid conflicts
   arising from two user names of witch one is a substring of the other.

I think this paragraph would be improved with an acceptable example and
a problematic example.

In Section 5.3: s/AOR/Address of Record (AOR)/

In Section 6.2: s/This allows to invalidate entire subtrees/
                 /This allows the invalidation of entire subtrees/

In Section 8, please provide a reference for RELOAD.