| | 1 | The actual document shepherd writeup for draft-ietf-nea-asokan: |
| | 2 | |
| | 3 | (1) What type of RFC is being requested (BCP, Proposed Standard, |
| | 4 | Internet Standard, Informational, Experimental, or Historic)? Why is |
| | 5 | this the proper type of RFC? Is this type of RFC indicated in the title |
| | 6 | page header? |
| | 7 | |
| | 8 | Informational is requested and indicated in the title page header. |
| | 9 | |
| | 10 | (2) The IESG approval announcement includes a Document |
| | 11 | Announcement Write-Up. Please provide such a Document |
| | 12 | Announcement Write-Up. Recent examples can be found in the |
| | 13 | "Action" announcements for approved documents. The approval |
| | 14 | announcement contains the following sections: |
| | 15 | |
| | 16 | Technical Summary: |
| | 17 | The Network Endpoint Assessment protocols are subject to a |
| | 18 | subtle forwarding attack that has become known as the NEA |
| | 19 | Asokan Attack. This document describes the attack and |
| | 20 | countermeasures that may be mounted. |
| | 21 | |
| | 22 | Working Group Summary: |
| | 23 | |
| | 24 | The WG formed a design team in July 2010 with the goal of |
| | 25 | recommending a general-purpose counter-measure that would |
| | 26 | work for both of the PT protocols under specification in the WG. |
| | 27 | The design team analysis and recommendation is the subject |
| | 28 | of this document. The recommendation of the design team was |
| | 29 | presented to the WG at the IETF meeting in November 2010 |
| | 30 | where it received solid support. The result was confirmed on the |
| | 31 | mailing list in January 2011, and the recommended counter- |
| | 32 | measure subsequently incorporated into the two PT protocols |
| | 33 | specified in the NEA WG. The two PT protocols, PT-TLS and PT- |
| | 34 | EAP, are separately specified in two standards-track documents, |
| | 35 | and reference this document as an Informative reference. |
| | 36 | |
| | 37 | Document Quality: |
| | 38 | This document does not specify a protocol. Rather, it describes |
| | 39 | counter-measures that PT-TLS and PT-EAP can use to mitigate |
| | 40 | against the NEA Asokan attack. The PT-TLS and PT-EAP |
| | 41 | specifications describe how these counter-measures should be used |
| | 42 | in these particular protocols. As described above, this |
| | 43 | document is the result of active participation from several WG |
| | 44 | members and received substantive review from the WG. |
| | 45 | |
| | 46 | Personnel: |
| | 47 | Susan Thomson is the Document Shepherd. Stephen Farrell is |
| | 48 | the Responsible Area Director. |
| | 49 | |
| | 50 | (3) Briefly describe the review of this document that was performed by |
| | 51 | the Document Shepherd. If this version of the document is not ready |
| | 52 | for publication, please explain why the document is being forwarded to |
| | 53 | the IESG. |
| | 54 | |
| | 55 | I have reviewed the document and do not have issues with it. |
| | 56 | |
| | 57 | (4) Does the document Shepherd have any concerns about the depth |
| | 58 | or breadth of the reviews that have been performed? |
| | 59 | |
| | 60 | No. |
| | 61 | |
| | 62 | (5) Do portions of the document need review from a particular or from |
| | 63 | broader perspective, e.g., security, operational complexity, AAA, DNS, |
| | 64 | DHCP, XML, or internationalization? If so, describe the review that took |
| | 65 | place. |
| | 66 | |
| | 67 | No broader review is known to be needed. |
| | 68 | |
| | 69 | (6) Describe any specific concerns or issues that the Document |
| | 70 | Shepherd has with this document that the Responsible Area Director |
| | 71 | and/or the IESG should be aware of? For example, perhaps he or she |
| | 72 | is uncomfortable with certain parts of the document, or has concerns |
| | 73 | whether there really is a need for it. In any event, if the WG has |
| | 74 | discussed those issues and has indicated that it still wishes to advance |
| | 75 | the document, detail those concerns here. |
| | 76 | |
| | 77 | No concerns. The attack and the need for a counter-measure was |
| | 78 | thoroughly vetted within the NEA WG. |
| | 79 | |
| | 80 | (7) Has each author confirmed that any and all appropriate IPR |
| | 81 | disclosures required for full conformance with the provisions of BCP 78 |
| | 82 | and BCP 79 have already been filed. If not, explain why? |
| | 83 | |
| | 84 | Yes. |
| | 85 | |
| | 86 | (8) Has an IPR disclosure been filed that references this document? If |
| | 87 | so, summarize any WG discussion and conclusion regarding the IPR |
| | 88 | disclosures. |
| | 89 | |
| | 90 | No. |
| | 91 | |
| | 92 | (9) How solid is the WG consensus behind this document? Does it |
| | 93 | represent the strong concurrence of a few individuals, with others |
| | 94 | being silent, or does the WG as a whole understand and agree with it? |
| | 95 | |
| | 96 | There is strong consensus from the WG. The attack itself was reviewed |
| | 97 | within the WG at multiple IETF meetings, and the recommendation for |
| | 98 | a counter-measure made by the design team received strong |
| | 99 | consensus and has been incorporated into the relevant PT |
| | 100 | specifications. |
| | 101 | |
| | 102 | (10) Has anyone threatened an appeal or otherwise indicated extreme |
| | 103 | discontent? If so, please summarise the areas of conflict in separate email |
| | 104 | messages to the Responsible Area Director. (It should be in a separate |
| | 105 | email because this questionnaire is publicly available.) |
| | 106 | |
| | 107 | No. |
| | 108 | |
| | 109 | (11) Identify any ID nits the Document Shepherd has found in this |
| | 110 | document. (See http://www.ietf.org/tools/idnits/ and the Internet- |
| | 111 | Drafts Checklist). Boilerplate checks are not enough; this check needs |
| | 112 | to be thorough. |
| | 113 | |
| | 114 | None. Idnits tool flags no issues. |
| | 115 | |
| | 116 | (12) Describe how the document meets any required formal review |
| | 117 | criteria, such as the MIB Doctor, media type, and URI type reviews. |
| | 118 | |
| | 119 | Not Applicable. |
| | 120 | |
| | 121 | (13) Have all references within this document been identified as either |
| | 122 | normative or informative? |
| | 123 | |
| | 124 | Yes. All references are informative. |
| | 125 | |
| | 126 | (14) Are there normative references to documents that are not ready |
| | 127 | for advancement or are otherwise in an unclear state? If such |
| | 128 | normative references exist, what is the plan for their completion? |
| | 129 | |
| | 130 | No. There are no normative references. |
| | 131 | |
| | 132 | (15) Are there downward normative references (see RFC 3967)? If so, |
| | 133 | list these downward references to support the Area Director in the Last |
| | 134 | Call procedure. |
| | 135 | |
| | 136 | No. |
| | 137 | |
| | 138 | (16) Will publication of this document change the status of any |
| | 139 | existing RFCs? Are those RFCs listed on the title page header, listed in |
| | 140 | the abstract, and discussed in the introduction? If the RFCs are not |
| | 141 | listed in the Abstract and Introduction, explain why, and point to the |
| | 142 | part of the document where the relationship of this document to the |
| | 143 | other RFCs is discussed. If this information is not in the document, |
| | 144 | explain why the WG considers it unnecessary. |
| | 145 | |
| | 146 | No. |
| | 147 | |
| | 148 | (17) Describe the Document Shepherd's review of the IANA |
| | 149 | considerations section, especially with regard to its consistency with |
| | 150 | the body of the document. Confirm that all protocol extensions that |
| | 151 | the document makes are associated with the appropriate reservations |
| | 152 | in IANA registries. Confirm that any referenced IANA registries have |
| | 153 | been clearly identified. Confirm that newly created IANA registries |
| | 154 | include a detailed specification of the initial contents for the registry, |
| | 155 | that allocations procedures for future registrations are defined, and a |
| | 156 | reasonable name for the new registry has been suggested (see RFC |
| | 157 | 5226). |
| | 158 | |
| | 159 | Not applicable. The document specifies no actions for IANA. |
| | 160 | |
| | 161 | (18) List any new IANA registries that require Expert Review for future |
| | 162 | allocations. Provide any public guidance that the IESG would find |
| | 163 | useful in selecting the IANA Experts for these new registries. |
| | 164 | |
| | 165 | Not applicable. The document specifies no actions for IANA. |
| | 166 | |
| | 167 | (19) Describe reviews and automated checks performed by the |
| | 168 | Document Shepherd to validate sections of the document written |
| | 169 | in a formal language, such as XML code, BNF rules, MIB |
| | 170 | definitions, etc. |
| | 171 | |
| | 172 | Not applicable. None of the document is written in a formal |
| | 173 | language. |
![(please configure the [header_logo] section in trac.ini)](https://www.ietf.org/images/ietflogotrans.gif)
