[Last-Call] Secdir last call review of draft-ietf-ace-cmpv2-coap-transport-05

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Reviewer: Valery Smyslov
Review result: Has Nits

I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG.  These
comments were written primarily for the benefit of the security area directors.
Document editors and WG chairs should treat these comments just like any other
last call comments.

This document defines the use of Constrained Application Protocol
(CoAP) as a transport for the Certificate Management Protocol (CMP).

Nits:
1. I believe that the security considerations from RFC 6712 should be either
echoed in this document (where applicable), or at least be referenced.

2. I think that Section 3 (Using CoAP over DTLS) should be moved to the
Security Considerations section, or be referenced from there.

3. Section 5. I think that the sentence

   The CoAP is vulnerable due to the connectionless characteristics of UDP
   itself.

should either be expanded of what particular vulnerabilities are meant (because
not all CoAP vulnerabilities are concerned with using UDP) or deleted.



-- 
last-call mailing list
last-call@xxxxxxxx
https://www.ietf.org/mailman/listinfo/last-call



[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux