Deb, Thank you very much for the additional comments and the suggested wording. They are reflected in the revision -38.
Linda -----Original Message----- From: Deb Cooley <[email protected]> Sent: Monday, March 18, 2024 8:24 AM To: Linda Dunbar <[email protected]> Cc: [email protected]; [email protected]; [email protected] Subject: Re: Secdir last call review of draft-ietf-rtgwg-net2cloud-problem-statement-36 Here is my review update for draft-ietf-rtgwg-net2cloud-problem-statement-37: I will update my review in the datatracker. original comments (in black), updates (in blue) 1. Section 5.1, paragraph 2: Certainly the principles and assumptions of RFC 4535* would apply to any group key management situation (note the word change from 'group encryption' to 'group key management'). The specific protocol addressed by that RFC isn't being used here (even though they mention ISAKMP). How about something like this: "The group key management protocol documented in [RFC4535] outlines the relevant security risks for any group key management system in Section 3 (Security Considerations). While this particular protocol isn't being suggested, the drawbacks and risks of group key management are still relevant." done. [Linda] Thank you for the suggestion. They are changed in -38. 2. Section 5.1, paragraph 3: The draft referenced here is expired and the security of the methods would have to be reviewed. (that is listed in Section 7) The expired draft has been replaced with another draft. The security of the methods would have to be reviewed. Please list that in Section 7. [Linda] The referenced draft has been uploaded. 3. Section 5.2: The draft referenced in this section is (currently) an individual draft, and again the security of the methods would have to be reviewed. (I see that WG adoption has been requested, and the draft is listed in Section 7). This is just a note to the WG - no action required as long as the WG agrees. [Linda] the WG chair said they will start the WG adoption soon.
_______________________________________________ rtgwg mailing list [email protected] https://www.ietf.org/mailman/listinfo/rtgwg
