[dtn] Roman Danyliw's No Objection on draft-ietf-dtn-bpsec-18: (with COMMENT)

Roman Danyliw via Datatracker <noreply@ietf.org> Tue, 04 February 2020 03:26 UTC

Return-Path: <noreply@ietf.org>
X-Original-To: dtn@ietf.org
Delivered-To: dtn@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id DF90C12002F; Mon, 3 Feb 2020 19:26:38 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: Roman Danyliw via Datatracker <noreply@ietf.org>
To: "The IESG" <iesg@ietf.org>
Cc: draft-ietf-dtn-bpsec@ietf.org, Scott Burleigh <Scott.C.Burleigh@jpl.nasa.gov>, dtn-chairs@ietf.org, Scott.C.Burleigh@jpl.nasa.gov, dtn@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.116.1
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Roman Danyliw <rdd@cert.org>
Message-ID: <158078679891.28568.13665294441251920793.idtracker@ietfa.amsl.com>
Date: Mon, 03 Feb 2020 19:26:38 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/dtn/uCVVAvsjQa7uAnTlWVHpnfuJCXM>
Subject: [dtn] Roman Danyliw's No Objection on draft-ietf-dtn-bpsec-18: (with COMMENT)
X-BeenThere: dtn@ietf.org
X-Mailman-Version: 2.1.29
List-Id: "Delay Tolerant Networking \(DTN\) discussion list at the IETF." <dtn.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dtn>, <mailto:dtn-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dtn/>
List-Post: <mailto:dtn@ietf.org>
List-Help: <mailto:dtn-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dtn>, <mailto:dtn-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Feb 2020 03:26:39 -0000

Roman Danyliw has entered the following ballot position for
draft-ietf-dtn-bpsec-18: No Objection

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-dtn-bpsec/



----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

** Section 2.  Per “The application of security services in a DTN is a complex
endeavor that must consider …”, the current and future threat environment is
also a needed consideration.

** Section 3.6, Please explicitly state that the values of this ID should come
from the registry defined in Section 11.2.

** Section 3.7.  Per “The Security Context Id MUST utilize an end-to-end
authentication cipher or an end-to-end error detection cipher.”, what is a
“end-to-end” in this context?

** Section 4.  “Reserved flags  MUST NOT be included in any canonicalization as
it is not known if those flags will change in transit.”, to which protocol
fields is this “reserved flags” referring to?

** Section 8.2.1.  Please add text to note that irrespective of whether BPSec
is used, traffic analysis will be possible

** Section 8.2.4.  Per “With these attacks Mallory's objectives may vary, but
may be targeting either the bundle protocol or application-layer protocols
conveyed by the bundle protocol.”, please add that the target could also be the
storage and compute of the nodes running the bundle or application layer
protocols (e.g., a denial of service to flood on the storage of the
store-and-forward mechanism; or compute which would process the packets and
perhaps prevent other activities)

** Editorial Nits
-- Section 3.8.  Editorial nit.  Section 3.7 uses a bulleted list for the
properties of the block.  Here there are no bullets.

-- Section 3.8.  Per “The determination of where to place these data is a
function of the cipher suite and security context used” -- s/place these
data/place this data/

-- Section 5.1.1 and 5.1.2. s/be be treated/be treated/

-- Section 8.2.2. Expand the IND-CCA2 acronym.