Early Review of draft-ietf-roll-applicability-ami-07
review-ietf-roll-applicability-ami-07-secdir-early-lonvick-2013-12-19-00

Request Review of draft-ietf-roll-applicability-ami
Requested rev. no specific revision (document currently at 15)
Type Early Review
Team Security Area Directorate (secdir)
Deadline 2016-05-03
Requested 2013-11-28
Authors Nancy Cam-Winget, Jonathan Hui, Daniel Popa
Draft last updated 2013-12-19
Completed reviews Genart Last Call review of -12 by Christer Holmberg (diff)
Secdir Early review of -07 by Chris Lonvick (diff)
Secdir Last Call review of -12 by Chris Lonvick (diff)
Opsdir Last Call review of -12 by Susan Hares (diff)
Assignment Reviewer Chris Lonvick 
State Completed
Review review-ietf-roll-applicability-ami-07-secdir-early-lonvick-2013-12-19
Reviewed rev. 07 (document currently at 15)
Review result Has Issues
Review completed: 2013-12-19

Review
review-ietf-roll-applicability-ami-07-secdir-early-lonvick-2013-12-19

Hi,

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.



The document is incomplete but it appears that the authors know where they 


want to go with it.






I would recommend that the Security Considerations section point to the 


Security Considerations section of RFC 6550 (RPL) and say that the 


roll-applicability-ami document is a description of the applicability of 


6550 to the ami, therefore the considerations of 6550 apply.






The authors note that other security mechanisms may be used, which would 


mean that the security functions of RPL would not be needed.  I would 


recommend that a section of the Security Considerations be added for each 


instance where the RPL security mechanism are not to be used.  Each of 


those sections should show how the replacement mechanisms will meet the 


requirements of the RPL security services that are described in 6550.






I also see that the authors are also trying to address the initial 


deployment and incremental deployments, which is laudable.  The authors 


may wish to look at restructuring the Security Considerations section to 


address these things through the FCAPS model or something similar. 


(

http://en.wikipedia.org/wiki/FCAPS

)




Regards,
Chris