Re: [dhcwg] Ben Campbell's Yes on draft-ietf-dhc-relay-server-security-04: (with COMMENT)
"Ben Campbell" <ben@nostrum.com> Thu, 13 April 2017 02:52 UTC
Return-Path: <ben@nostrum.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E6FC0127867; Wed, 12 Apr 2017 19:52:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.88
X-Spam-Level:
X-Spam-Status: No, score=-1.88 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.001, T_SPF_HELO_PERMERROR=0.01, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YD7NclgSeD97; Wed, 12 Apr 2017 19:52:56 -0700 (PDT)
Received: from nostrum.com (raven-v6.nostrum.com [IPv6:2001:470:d:1130::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B62AE1286B1; Wed, 12 Apr 2017 19:52:56 -0700 (PDT)
Received: from [10.0.1.63] (cpe-66-25-7-22.tx.res.rr.com [66.25.7.22]) (authenticated bits=0) by nostrum.com (8.15.2/8.15.2) with ESMTPSA id v3D2qrSY090626 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Wed, 12 Apr 2017 21:52:54 -0500 (CDT) (envelope-from ben@nostrum.com)
X-Authentication-Warning: raven.nostrum.com: Host cpe-66-25-7-22.tx.res.rr.com [66.25.7.22] claimed to be [10.0.1.63]
From: Ben Campbell <ben@nostrum.com>
To: Bernie Volz <volz@cisco.com>
Cc: The IESG <iesg@ietf.org>, Tomek Mrugalski <tomasz.mrugalski@gmail.com>, "dhc-chairs@ietf.org" <dhc-chairs@ietf.org>, "draft-ietf-dhc-relay-server-security@ietf.org" <draft-ietf-dhc-relay-server-security@ietf.org>, "dhcwg@ietf.org" <dhcwg@ietf.org>
Date: Wed, 12 Apr 2017 21:52:53 -0500
Message-ID: <CB02997F-BAE5-4F0D-9BD9-43D5FD4ACDDB@nostrum.com>
In-Reply-To: <D4BF03B4-792A-42A9-BDE6-5FA203D4D7F7@cisco.com>
References: <149202959436.15730.7482173620764260658.idtracker@ietfa.amsl.com> <D4BF03B4-792A-42A9-BDE6-5FA203D4D7F7@cisco.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
X-Mailer: MailMate (1.9.6r5347)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dhcwg/T6SZAWxL6RdZWfFc5cckb8y0Ghk>
Subject: Re: [dhcwg] Ben Campbell's Yes on draft-ietf-dhc-relay-server-security-04: (with COMMENT)
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Apr 2017 02:52:59 -0000
On 12 Apr 2017, at 17:31, Bernie Volz (volz) wrote: > Hi: > > For: > > -3, third paragraph: "MUST exchange messages securely" > "Securely" is too ambiguous for a MUST. What specific protections > are > required? > > I believe this also was the 4th paragraph? Yes > I guess there are two choices here: > 1. Drop “securely” as we are just specifying to use IPsec. > 2. Replace “securely” with “encrypted and authenticated”. > Seems to be #1 might be better (as it should be unnecessary given that > is what this document is about). Is ESP with null encryption allowed? > > > -3, paragraph 4: > The list starts with no context. A sentence or paragraph > describing the > purpose of the list would be helpful. > > RFC 3315 had before this list: > Relay agents and servers that support secure relay agent to server > or > relay agent to relay agent communication use IPsec under the > following conditions: > > But I’m not sure “conditions” is the best word? Not sure if > there is a better word to use to describe these items? Rules? Configuration? (But I don't think "conditions" is awful) > > Perhaps replacing the first sentence in that 4th paragraph with: > > Relay agents and servers MUST exchange messages using the > IPsec mechanisms described in [RFC4301] with the conditions > as follows: > > And, move the remaining text in that 4th paragraph to the end of > section 4 as a separate paragraph. > > - Bernie > > On 4/12/17, 4:39 PM, "Ben Campbell" <ben@nostrum.com> wrote: > > Ben Campbell has entered the following ballot position for > draft-ietf-dhc-relay-server-security-04: Yes > > When responding, please keep the subject line intact and reply to > all > email addresses included in the To and CC lines. (Feel free to cut > this > introductory paragraph, however.) > > > Please refer to > https://www.ietf.org/iesg/statement/discuss-criteria.html > for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found > here: > https://datatracker.ietf.org/doc/draft-ietf-dhc-relay-server-security/ > > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > I am balloting "Yes", but I share the curiosity about whether > people will > really do this. > > -3, third paragraph: "MUST exchange messages securely" > "Securely" is too ambiguous for a MUST. What specific protections > are > required? > > -3, paragraph 4: > The list starts with no context. A sentence or paragraph > describing the > purpose of the list would be helpful.
- [dhcwg] Ben Campbell's Yes on draft-ietf-dhc-rela… Ben Campbell
- Re: [dhcwg] Ben Campbell's Yes on draft-ietf-dhc-… Bernie Volz (volz)
- Re: [dhcwg] Ben Campbell's Yes on draft-ietf-dhc-… Ben Campbell
- Re: [dhcwg] Ben Campbell's Yes on draft-ietf-dhc-… Bernie Volz (volz)
- Re: [dhcwg] Ben Campbell's Yes on draft-ietf-dhc-… Ben Campbell
- Re: [dhcwg] Ben Campbell's Yes on draft-ietf-dhc-… Bernie Volz (volz)