Roman Danyliw has entered the following ballot position for draft-ietf-6tisch-minimal-security-13: No Objection
When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-6tisch-minimal-security/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- ** Section 3. Per the definition of the PSK, the text says “The PSK SHOULD be a cryptographically strong key, at least 128-bits in length, indistinguishable by feasible computation from a random uniform string of the same length. -- Under what circumstances would a MUST not be more appropriate? (i.e., when would one want a cryptographically weak key)? -- per the “128-bits in length” is that a statement about the actual numbers of bits in the key or a requirement for the key strength? Section 8.4.2. Per the “join rate”, how is the average data rate supposed to be calculated? ** Section 8.4.3.1. Is it fair to say that how the JRC has determined “that the new key has been made available to all” is out of scope for this draft? If so, it is worth saying explicitly. ** Section 8.4.4.1. Per “If a misconfiguration occurs, and the same short address is assigned twice under the same link-layer key, the loss of security properties is eminent”, do you mean s/eminent/imminent/? If not, could you please clarify what you mean here. ** Section 9. Per “Many vendors are known to use unsafe practices when generating and provisioning PSKs.”, this is a strong statement (i.e., “many vendors”) to make without supporting evidence. Either provide citation or weaken the sentence. ** Section 9, Per “As a reminder, recall the well-known problem with Bluetooth headsets with a "0000" pin.”, please provide a citation and short explanation. _______________________________________________ 6tisch mailing list 6tisch@ietf.org https://www.ietf.org/mailman/listinfo/6tisch
