Re: [Dime] I-D Action: draft-ietf-dime-e2e-sec-req-02.txt
Steve Donovan <srdonovan@usdonovans.com> Tue, 24 March 2015 21:05 UTC
Return-Path: <srdonovan@usdonovans.com>
X-Original-To: dime@ietfa.amsl.com
Delivered-To: dime@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 80F3C1A1A13 for <dime@ietfa.amsl.com>; Tue, 24 Mar 2015 14:05:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.12
X-Spam-Level:
X-Spam-Status: No, score=-1.12 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_NEUTRAL=0.779] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zIiwwLEQEMTV for <dime@ietfa.amsl.com>; Tue, 24 Mar 2015 14:05:52 -0700 (PDT)
Received: from biz131.inmotionhosting.com (biz131.inmotionhosting.com [173.247.247.250]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 357731A0419 for <dime@ietf.org>; Tue, 24 Mar 2015 14:05:52 -0700 (PDT)
Received: from dhcp-b5c1.meeting.ietf.org ([31.133.181.193]:62393) by biz131.inmotionhosting.com with esmtpsa (UNKNOWN:RC4-SHA:128) (Exim 4.82) (envelope-from <srdonovan@usdonovans.com>) id 1YaW1E-000A42-1H for dime@ietf.org; Tue, 24 Mar 2015 14:05:50 -0700
Message-ID: <5511D1AA.40804@usdonovans.com>
Date: Tue, 24 Mar 2015 16:05:46 -0500
From: Steve Donovan <srdonovan@usdonovans.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:31.0) Gecko/20100101 Thunderbird/31.5.0
MIME-Version: 1.0
To: dime@ietf.org
References: <20150126150303.15610.1562.idtracker@ietfa.amsl.com>
In-Reply-To: <20150126150303.15610.1562.idtracker@ietfa.amsl.com>
Content-Type: multipart/alternative; boundary="------------070402090300090206000404"
X-OutGoing-Spam-Status: No, score=-2.9
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - biz131.inmotionhosting.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - usdonovans.com
X-Get-Message-Sender-Via: biz131.inmotionhosting.com: authenticated_id: srd+usdonovans.com/only user confirmed/virtual account not confirmed
Archived-At: <http://mailarchive.ietf.org/arch/msg/dime/CSxJku-6Z8gH-B-wL2gY-lfzrqI>
Subject: Re: [Dime] I-D Action: draft-ietf-dime-e2e-sec-req-02.txt
X-BeenThere: dime@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Diameter Maintanence and Extentions Working Group <dime.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dime>, <mailto:dime-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dime/>
List-Post: <mailto:dime@ietf.org>
List-Help: <mailto:dime-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dime>, <mailto:dime-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Mar 2015 21:05:53 -0000
A few comments on this document. I would suggest adding the following requirement -- The solution MUST ensure that routing AVPs are always sent in the clear. Requirement 5 does indicate that not all AVPs are covered by the " cryptographic protection". I think it would be better to be clear that there is a set of AVPs that MUST NOT be encrypted. In addition, the following requirement might be useful -- The solution MUST support the ability to identify other non routing AVPs that must always be sent in the clear. This would be to cover overload, load, message priority and other AVPs that need to be accessible by all nodes in the path of a transaction. Regards, Steve On 1/26/15 9:03 AM, internet-drafts@ietf.org wrote: > A New Internet-Draft is available from the on-line Internet-Drafts directories. > This draft is a work item of the Diameter Maintenance and Extensions Working Group of the IETF. > > Title : Diameter AVP Level Security End-to-End Security: Scenarios and Requirements > Authors : Hannes Tschofenig > Jouni Korhonen > Glen Zorn > Kervin Pillay > Filename : draft-ietf-dime-e2e-sec-req-02.txt > Pages : 9 > Date : 2015-01-26 > > Abstract: > This specification discusses requirements for providing Diameter > security at the level of individual Attribute Value Pairs. > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-dime-e2e-sec-req/ > > There's also a htmlized version available at: > http://tools.ietf.org/html/draft-ietf-dime-e2e-sec-req-02 > > A diff from the previous version is available at: > http://www.ietf.org/rfcdiff?url2=draft-ietf-dime-e2e-sec-req-02 > > > Please note that it may take a couple of minutes from the time of submission > until the htmlized version and diff are available at tools.ietf.org. > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > _______________________________________________ > DiME mailing list > DiME@ietf.org > https://www.ietf.org/mailman/listinfo/dime >
- Re: [Dime] I-D Action: draft-ietf-dime-e2e-sec-re… Steve Donovan
- Re: [Dime] I-D Action: draft-ietf-dime-e2e-sec-re… Jouni Korhonen
- Re: [Dime] I-D Action: draft-ietf-dime-e2e-sec-re… Steve Donovan
- Re: [Dime] I-D Action: draft-ietf-dime-e2e-sec-re… Jouni.nosmap
- Re: [Dime] I-D Action: draft-ietf-dime-e2e-sec-re… Steve Donovan
- Re: [Dime] I-D Action: draft-ietf-dime-e2e-sec-re… Jouni Korhonen
- Re: [Dime] I-D Action: draft-ietf-dime-e2e-sec-re… Steve Donovan
- Re: [Dime] I-D Action: draft-ietf-dime-e2e-sec-re… Ben Campbell
- [Dime] I-D Action: draft-ietf-dime-e2e-sec-req-02… internet-drafts