Re: [DMM] Ben Campbell's Discuss on draft-ietf-dmm-4283mnids-04: (with DISCUSS and COMMENT)
Ben Campbell <ben@nostrum.com> Wed, 30 August 2017 19:55 UTC
Return-Path: <ben@nostrum.com>
X-Original-To: dmm@ietfa.amsl.com
Delivered-To: dmm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6AF86126B7E; Wed, 30 Aug 2017 12:55:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.88
X-Spam-Level:
X-Spam-Status: No, score=-1.88 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, T_SPF_HELO_PERMERROR=0.01, T_SPF_PERMERROR=0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ijnzpa_uHtEO; Wed, 30 Aug 2017 12:55:30 -0700 (PDT)
Received: from nostrum.com (raven-v6.nostrum.com [IPv6:2001:470:d:1130::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1AB47132027; Wed, 30 Aug 2017 12:55:30 -0700 (PDT)
Received: from [10.0.1.63] (cpe-66-25-7-22.tx.res.rr.com [66.25.7.22]) (authenticated bits=0) by nostrum.com (8.15.2/8.15.2) with ESMTPSA id v7UJtNTf068987 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Wed, 30 Aug 2017 14:55:24 -0500 (CDT) (envelope-from ben@nostrum.com)
X-Authentication-Warning: raven.nostrum.com: Host cpe-66-25-7-22.tx.res.rr.com [66.25.7.22] claimed to be [10.0.1.63]
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
From: Ben Campbell <ben@nostrum.com>
In-Reply-To: <148721684794.31572.814060328381329269.idtracker@ietfa.amsl.com>
Date: Wed, 30 Aug 2017 14:55:22 -0500
Cc: max.ldp@alibaba-inc.com, draft-ietf-dmm-4283mnids@ietf.org, dmm-chairs@ietf.org, dmm@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <9790D9AB-A943-420B-923D-5EF87F4A4D4C@nostrum.com>
References: <148721684794.31572.814060328381329269.idtracker@ietfa.amsl.com>
To: The IESG <iesg@ietf.org>, Suresh Krishnan <suresh.krishnan@gmail.com>
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmm/TVR3XZIC5K3PasZ_PjNs0lNlfXA>
Subject: Re: [DMM] Ben Campbell's Discuss on draft-ietf-dmm-4283mnids-04: (with DISCUSS and COMMENT)
X-BeenThere: dmm@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Distributed Mobility Management Working Group <dmm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmm>, <mailto:dmm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmm/>
List-Post: <mailto:dmm@ietf.org>
List-Help: <mailto:dmm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmm>, <mailto:dmm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Aug 2017 19:55:33 -0000
I apologize for taking a while to circle back on this—I missed the fact that there was an update. Version 5 changes the assertion that “some of these identifiers” may be considered private information to simply saying mobile identifiers are private information, and changes the lower-case “should" encrypt to a MUST. That resolves my DISCUSS point. I will clear. Thanks! Ben. > On Feb 15, 2017, at 9:47 PM, Ben Campbell <ben@nostrum.com> wrote: > > Ben Campbell has entered the following ballot position for > draft-ietf-dmm-4283mnids-04: Discuss > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html > for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-dmm-4283mnids/ > > > > ---------------------------------------------------------------------- > DISCUSS: > ---------------------------------------------------------------------- > > The security considerations says some of these identifiers can carry > sensitive information, and when they do you should encrypt. This leaves > it to the reader to decide which might be sensitive. The draft should > tell the reader which ones the working group thinks are sensitive, > keeping in mind that if an identifier is sometimes sensitive, it usually > needs to be treated as if always sensitive. (It's hard for deployed code > to figure out when it is or isn't sensitive.) > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > I agree with Stephen's, Alissa's, and Mirja's discusses. I especially > agree that we should not standardize new identifiers without justifying > each one. > > Section 5 says this document does not impact existing security > mechanisms. But it does add new data elements, and acknowledges some of > them may be sensitive. Thus I think the "does not impact" assertion needs > some supporting discussion. Are the existing mechanisms still adequate? > Why? > > There are a bunch of acronyms that would benefit from expansion on first > mention. > >
- [DMM] Ben Campbell's Discuss on draft-ietf-dmm-42… Ben Campbell
- Re: [DMM] Ben Campbell's Discuss on draft-ietf-dm… Ben Campbell
- Re: [DMM] Ben Campbell's Discuss on draft-ietf-dm… Suresh Krishnan