[alto] SECDIR review of draft-ietf-alto-new-transport-07
Donald Eastlake <d3e3e3@gmail.com> Tue, 28 March 2023 15:10 UTC
Return-Path: <d3e3e3@gmail.com>
X-Original-To: alto@ietfa.amsl.com
Delivered-To: alto@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2A6BFC1516F2; Tue, 28 Mar 2023 08:10:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.847
X-Spam-Level:
X-Spam-Status: No, score=-1.847 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id M-q78WT--_AD; Tue, 28 Mar 2023 08:10:08 -0700 (PDT)
Received: from mail-ed1-x52f.google.com (mail-ed1-x52f.google.com [IPv6:2a00:1450:4864:20::52f]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3F293C14CE24; Tue, 28 Mar 2023 08:10:08 -0700 (PDT)
Received: by mail-ed1-x52f.google.com with SMTP id r11so51088284edd.5; Tue, 28 Mar 2023 08:10:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; t=1680016205; h=cc:to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=hPIPfTCrO77TOusBIntuh46K2cB3s1TDJs824gcfFwI=; b=g9JU32dXb+cmViWc0uJ6aCd+lX4AjoKvQjrQn7UaCXL6rC7j7hokCIwg+U8SIb6/Hy Wxenp2nlkmji8WvHxuRDAUdIro5Snxde2ghrUvCWNsOrKgVyykOptGytGgjKUKfAnU+V fyClKxRgvcqupyxuGdiD5ItdlhvszM9y7s7ZDtF2QMMFxT4+HJKwXUTFSYlFGZ4E3/rh /vqXX3lGeY1QYT/Qjvivmdo2E3ie60GQC3QSzYYIGJeTk/C2FWph0oZT+gecbiMwwYrp 34ARz1pQz3196BJpPUUvVM/eD2a/p8093FjK5iBcjtCxk5ieZb0cvxBvlRCA/Qe8ePop eLzA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1680016205; h=cc:to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=hPIPfTCrO77TOusBIntuh46K2cB3s1TDJs824gcfFwI=; b=Dfp+J2yKIOda6vfmoJlFrPcy76KXfeeB5kNlPiANRx5IHEpMgY+QjGYNFZhglM1CIw tpM3I5T1kiRYuGKoNFwTv0am0XjBvHUffM8p+U+hAFYqpB9kzu1DBK9EVUlW+5gltpT6 ojB5kNbXlX/SqzFEVkYR0MnUL3+vXh0k4knTfnARQ+2cGZFlG/G2/Ar/orR0logVL6Ry VS+iK508WqCStdavvGM4FyPqymC3y8FpyoRTsbHvdNZI/KdAsJflwVJjpaf5CYFb/LoK AH+mDd34dS6bbe/+r7Yf0n7+F0/6DidMZCsYCFfNo3TxKZktkwq934MMruBG6gFJlVre gW7g==
X-Gm-Message-State: AAQBX9cyJtIIvIw+Elxc2SO+KifTh7u0HiVL57ah9h4aof1iBm/eNcvA bLAISug7vtV8B4XqZTKPdTzdFMxvZzDQpFPHUTSQfa8gmoT3dg==
X-Google-Smtp-Source: AKy350aez+D4iOKa3K8ubbMeA/RHBMLJDeUohjIsjsggBEGGeIrwJyv1DmqX+WEYWgBqIoUhDXOpcguvF2Wow7bmr7w=
X-Received: by 2002:a17:906:ee8b:b0:93e:739f:b0b8 with SMTP id wt11-20020a170906ee8b00b0093e739fb0b8mr6823035ejb.3.1680016205360; Tue, 28 Mar 2023 08:10:05 -0700 (PDT)
MIME-Version: 1.0
From: Donald Eastlake <d3e3e3@gmail.com>
Date: Tue, 28 Mar 2023 11:09:53 -0400
Message-ID: <CAF4+nEHvsgTs3DKz99sa3Uqxz2wkbpXcChqiknUtA4WQLcxvqg@mail.gmail.com>
To: "iesg@ietf.org" <iesg@ietf.org>
Cc: secdir <secdir@ietf.org>, draft-ietf-alto-new-transport.all@ietf.org, IETF ALTO <alto@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000233c8305f7f741d7"
Archived-At: <https://mailarchive.ietf.org/arch/msg/alto/rCAfWOpCZcCexQThBjX3Aa9K8yo>
Subject: [alto] SECDIR review of draft-ietf-alto-new-transport-07
X-BeenThere: alto@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Application-Layer Traffic Optimization \(alto\) WG mailing list" <alto.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/alto>, <mailto:alto-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/alto/>
List-Post: <mailto:alto@ietf.org>
List-Help: <mailto:alto-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/alto>, <mailto:alto-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Mar 2023 15:10:14 -0000
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. Document editors and WG chairs should treat these comments just like any other comments. The summary of the review is Ready with Nits. *Security:* While I'm not all that into ALTO, it seems to me that this draft is all about messages and message exchanges between ALTO entities where the security (authentication, encryption, ...) has been specified in previous standards track documents such as RFC 7285. There are a few additional security considerations which seem to be well covered by the Security Considerations section of this draft. *Nits:* Section 1.0, Page 4: OLD functioning for HTTP/1.x. TIPS also provides an ALTO server to NEW functioning for HTTP/1.x. TIPS also provides for an ALTO server to Section 2.1.1, Page 8: Seems too vague. A sentence about tips-view-uri wouldn't hurt. At the bottom it says "Use the URI as above". Which URI above? What exactly does "use" mean? Section 2.2, Page 9, Figure 3: Figure looks kind of incomplete. Shouldn't there be arrows from R1 to R2/R3? Section 2.3, Page 10: In the text on "Information Resource Directory" the first sentence is confusing. What is the thing that is requested to discover? Maybe you should replace "Requested" at the start of the sentence with "Produced when a server is requested"... Section 2.3, Page 11 at top: That's Figure 4, not 1. Section 2.4, Page 12, 1st paragraph: I think a service runs "over" a connection, not "inside" a connection. Section 4.4, Page 23: Seems kind of feeble. How about, given that a disconnect is treated as a DELETE, something like the following, which probably implies that the server maintains a use count. (This document need not mention such a count.) OLD set associated with the TIPS view. A server will not want to delete NEW set associated with the TIPS view. A server MUST NOT delete Thanks, Donald =============================== Donald E. Eastlake 3rd +1-508-333-2270 (cell) 2386 Panoramic Circle, Apopka, FL 32703 USA d3e3e3@gmail.com
- [alto] SECDIR review of draft-ietf-alto-new-trans… Donald Eastlake
- Re: [alto] SECDIR review of draft-ietf-alto-new-t… Lachlan Keller
- Re: [alto] SECDIR review of draft-ietf-alto-new-t… Donald Eastlake