I have reviewed this document as part of the security directorate's 
ongoing effort to review all IETF documents being processed by the 
IESG.  These comments were written primarily for the benefit of the 
security area directors.  Document editors and WG chairs should treat 
these comments just like any other last call comments.

Document: draft-ietf-nfsv4-scsi-layout-nvme-05
Reviewer: Deb Cooley
Review Date: 2023-11-02

Please note that I know very little about NFS or SCSI, but I did spend some time trying to understand some of the nuance of these technologies.

The summary of the review is 'Ready'.

Comment:  I think the draft is well written, concise, and clear to understand.

This is mostly to attempt to address the comments made in the GENART review:

It appears to me that this protocol can be run over a wide variety of transports*.  Some can be protected by physical mechanisms, some cannot.  Even some use of TCP might be protected by isolation mechanisms (small, disconnected LANs, for example) where the attack surface is minimal.  I agree that TLS should be a very strong SHOULD in the case where TCP is used for transport, but I can see situations where it might not be completely necessary.  The normative reference (NVME-TCP) lays out some pretty reasonable TLS requirements (TLS 1.2 or 1.3, decent ciphers, etc.).

*I'm happy to be corrected if I've interpreted this incorrectly.