Hi Sean,
Thanks for the review and comments, really appreciate it. We've uploaded version -05 to address your comments, where the "Security Consideration" section has been rewritten, please let us know if you have more questions.
Answers to the detailed questions are below inline.
Thanks,
Yingzhen
On Thu, Feb 15, 2024 at 8:31 AM Sean Turner via Datatracker <noreply@xxxxxxxx> wrote:
Reviewer: Sean Turner
Review result: Has Issues
Hi! Thanks for the well written document. Two issues:
# Security considerations
While this document is purely about use cases and does not define a protocol
per se, I could see why you might think there are no security considerations.
So, two things on this:
1. I tend to think that there is at least one security consideration! Don't you
to at least have to at least mention the one issue that affects all of the
protocols: time synchronization? If I control your clock, I can make this not
work or work at times you didn't want it to. There has to be some text you can
refer to in NTP?
2. I also went and looked at the security considerations sections in other
"pure" use case RFCs. YMMV, but many non-security related use case RFCs
included text something like:
This document does not specify a mechanism, it merely motivates TVR.
Therefore, security considerations are described elsewhere, including
in TVR requirements [TVR-REQ] as well as in forthcoming documents
for specific routing protocols.
Totally not wed to the words above and assumes there will be at least one
security consideration related to time.
# Possibly an inconsistency.
The last para in s1 includes this text:
Non-deterministic scenarios such as vehicle-to-vehicle
communication is out of the scope of the document.
The 1st para of s5.3 includes this text:
There are a significant number of mobile node use cases, to include
vehicle-to-vehicle communications, swarms of unmanned aerial and
underwater vehicles, ships in shipping lanes, airplanes following
flight plans, and trains and subways.
I was surprised to see “vehicle-to-vehicle” in s5.3 if that’s out of scope.
But, it also made me wonder what is a deterministic scenario and if putting
vehicle-to-vehicle in s5.3 make the entire exemplar (and section) out of scope.
Can you explain?
[Yingzhen]: Thanks for noticing this. You're right, vehicle-to-vehicle communication is out of scope of this document, so I removed the first sentence in section 5.3 as it's not needed and only causes confusion.
--
Tvr mailing list
Tvr@xxxxxxxx
https://www.ietf.org/mailman/listinfo/tvr
-- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call
