[bfcpbis] Kathleen Moriarty's Discuss on draft-ietf-bfcpbis-rfc4582bis-13: (with DISCUSS and COMMENT)
"Kathleen Moriarty" <Kathleen.Moriarty.ietf@gmail.com> Thu, 05 March 2015 15:24 UTC
Return-Path: <Kathleen.Moriarty.ietf@gmail.com>
X-Original-To: bfcpbis@ietfa.amsl.com
Delivered-To: bfcpbis@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EEC861A0381; Thu, 5 Mar 2015 07:24:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_ADSP_CUSTOM_MED=0.001, FREEMAIL_FROM=0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bTUIt-Z-Dogc; Thu, 5 Mar 2015 07:24:24 -0800 (PST)
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 971111A1A8D; Thu, 5 Mar 2015 07:22:02 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Kathleen Moriarty <Kathleen.Moriarty.ietf@gmail.com>
To: The IESG <iesg@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 5.12.0.p2
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <20150305152202.28872.54032.idtracker@ietfa.amsl.com>
Date: Thu, 05 Mar 2015 07:22:02 -0800
Archived-At: <http://mailarchive.ietf.org/arch/msg/bfcpbis/dDS5KCfx_fdeaQ8NKWMuLgZgQPg>
X-Mailman-Approved-At: Thu, 05 Mar 2015 08:14:17 -0800
Cc: mary.ietf.barnes@gmail.com, draft-ietf-bfcpbis-rfc4582bis.all@ietf.org, bfcpbis@ietf.org, bfcpbis-chairs@ietf.org
Subject: [bfcpbis] Kathleen Moriarty's Discuss on draft-ietf-bfcpbis-rfc4582bis-13: (with DISCUSS and COMMENT)
X-BeenThere: bfcpbis@ietf.org
X-Mailman-Version: 2.1.15
List-Id: BFCPBIS working group discussion list <bfcpbis.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/bfcpbis>, <mailto:bfcpbis-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/bfcpbis/>
List-Post: <mailto:bfcpbis@ietf.org>
List-Help: <mailto:bfcpbis-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bfcpbis>, <mailto:bfcpbis-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Mar 2015 15:24:26 -0000
Kathleen Moriarty has entered the following ballot position for draft-ietf-bfcpbis-rfc4582bis-13: Discuss When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to http://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: http://datatracker.ietf.org/doc/draft-ietf-bfcpbis-rfc4582bis/ ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- Thanks for your work on this draft, it was very well written which is much appreciated. I just have one item I'd like to discuss that should be very easy to resolve. This should be considered with Spencer's question on what happens when the fragments are larger or smaller than the path MTU. It's important to state this to prevent fragmentation overlap attacks (unless you can explain why we don't need to worry about that). In the second sentence on page 42, adding the ending clause may be helpful: The size of each of these N messages MUST be smaller than the path MTU to help prevent fragmentation overlap attacks. ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Spencer asked what happens when TLS/DTLS is not used, so perhaps rewording of the intro to the security considerations section would help to clear up his point. TLS/DTLS is the MTI with flexibility left in to support some other undefined mechanism to secure the channel. Since no MTU is set, but recommended, the first few sentences are a bit confusing. The rest of the paragraph is clear in terms of MTI and recommendations when TLD/DTLS is used as well as alternates options supporting the listed desired security properties. Security Considerations BFCP uses TLS/DTLS to provide mutual authentication between clients and servers. TLS/DTLS also provides replay and integrity protection and confidentiality.
- [bfcpbis] Kathleen Moriarty's Discuss on draft-ie… Kathleen Moriarty
- Re: [bfcpbis] Kathleen Moriarty's Discuss on draf… Spencer Dawkins at IETF
- Re: [bfcpbis] Kathleen Moriarty's Discuss on draf… Kathleen Moriarty
- Re: [bfcpbis] Kathleen Moriarty's Discuss on draf… Alissa Cooper
- Re: [bfcpbis] Kathleen Moriarty's Discuss on draf… Paul E. Jones
- Re: [bfcpbis] Kathleen Moriarty's Discuss on draf… Kathleen Moriarty
- Re: [bfcpbis] Kathleen Moriarty's Discuss on draf… Paul E. Jones
- Re: [bfcpbis] Kathleen Moriarty's Discuss on draf… Kathleen Moriarty