[Gen-art] Re: Gen-Art Review: draft-ietf-msec-newtype-keyid-01.txt
Lakshminath Dondeti <ldondeti@qualcomm.com> Thu, 16 February 2006 15:54 UTC
Received: from localhost.cnri.reston.va.us ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F9lSl-00014v-0O; Thu, 16 Feb 2006 10:54:35 -0500
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F9lSj-00014O-AH for gen-art@megatron.ietf.org; Thu, 16 Feb 2006 10:54:33 -0500
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA06531 for <gen-art@ietf.org>; Thu, 16 Feb 2006 10:52:44 -0500 (EST)
Received: from ithilien.qualcomm.com ([129.46.51.59]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1F9lgy-0002nQ-Bw for gen-art@ietf.org; Thu, 16 Feb 2006 11:09:16 -0500
Received: from neophyte.qualcomm.com (neophyte.qualcomm.com [129.46.61.149]) by ithilien.qualcomm.com (8.12.10/8.12.5/1.0) with ESMTP id k1GFsDc4020986 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Thu, 16 Feb 2006 07:54:13 -0800
Received: from LDONDETI.qualcomm.com (qconnect-10-50-68-98.qualcomm.com [10.50.68.98]) by neophyte.qualcomm.com (8.13.5/8.12.5/1.0) with ESMTP id k1GFs829023549 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Thu, 16 Feb 2006 07:54:11 -0800 (PST)
Message-Id: <6.2.5.6.2.20060216075112.05545998@qualcomm.com>
X-Mailer: QUALCOMM Windows Eudora Version 6.2.5.6
Date: Thu, 16 Feb 2006 07:54:05 -0800
To: Elwyn Davies <elwynd@googlemail.com>
From: Lakshminath Dondeti <ldondeti@qualcomm.com>
In-Reply-To: <86fd0f240602160536m62890e38m@mail.gmail.com>
References: <43F3BFC6.4050903@dial.pipex.com> <6.2.5.6.2.20060215163516.03d9b660@qualcomm.com> <86fd0f240602160536m62890e38m@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 8fbbaa16f9fd29df280814cb95ae2290
Cc: vesa.lehtovirta@ericsson.com, carrara@kth.se, karl.norrman@ericsson.com, gen-art@ietf.org, Russ Housely <housley@vigilsec.com>
Subject: [Gen-art] Re: Gen-Art Review: draft-ietf-msec-newtype-keyid-01.txt
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/gen-art>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
Sender: gen-art-bounces@ietf.org
Errors-To: gen-art-bounces@ietf.org
At 05:36 AM 2/16/2006, Elwyn Davies wrote: >Hi, Laksminath. > > >On 16/02/06, Lakshminath Dondeti ><<mailto:ldondeti@qualcomm.com>ldondeti@qualcomm.com> wrote: >Hi Elwyn, > >Thanks for your review. > >I interpret the word "cost" as cost of an attack, which is a >perfectly acceptable term in analyzing security properties of a >protocol or a mechanism. Your wording is also fine. I don't have >strong feelings either way. > > >The point is that the increased network resource cost is equated to >an increased purchase cost. The latter is not in the standard's >control. All the standard can do provide mechanisms that allow the >operator to make the network cost of the undesired option >sufficiently large that the operator can price the desired option at >a point where a sufficiently large fraction of potential users of >the service go down the paying route because the alternative is more painful. Hi Elwyn, This discussion could go on without end :-). Your version is also fine with me. (I will just note that we had this discussion in MSEC.) best, Lakshminath > >Regards, >Elwyn > >GMARCH is a typo and should be GKMARCH for Group key management >architecture (RFC 4046). > >Sam has a DISCUSS on this. The discussion so far indicates that >we'll need an -05-. I will ask Karl et. al. to wait until after the >IESG telecon is over (Thursday morning ET?) before starting revisions on this. > >thanks and regards, >Lakshminath > >At 03:56 PM 2/15/2006, Elwyn Davies wrote: > >Background for those on the CC list, who may be unaware of GenART: > >GenART is the Area Review Team for the General Area of the IETF. We > >advise the General Area Director (i.e. the IETF/IESG chair) by providing > >more in depth reviews than he could do himself of documents that come up > >for final decision in IESG telechat. I was selected as the GenART > >member to review this document. Below is my review, which was written > >specifically with an eye to the GenART process, but since I believe that > >it will be useful to have these comments more widely distributed, others > >outside the GenART group are being copied. > > > >Document: draft-ietf-msec-newtype-keyid-04.txt > >Intended Status: Proposed Standard > >Shepherding AD: Russ Housely > >Review Trigger: IESG Telechat 16 February 2006 > > > >Summary: > >This document is in much better shape than when I reviewed v01 for > >IETF LC. There are a couple of points which I think still need > >clarification before it is quite ready for PS: > > > >- In s1 the rationale talks about money costs: the IETF generally > >tries to avoid this as we are defining purely technical > >standards. I have suggested some alternative words below which > >reflect the purely technical approach. > >- There are some rather vague words in the start of the security > >considerations that lead one to wonder if the security > >considerations are incomplete. It is entirely possible that this is > >merely inappropriate English but this needs editing. > > > >There are also a couple of editorial nits which can be fixed during > >copy editing if more substantial changes are not to be made. > > > >Detailed Review: > > > >Issues: > > > >s1, para 3: I misunderstood what this was trying to say in v01. I > >can now discern the intent but it needs some tuning. In line with > >normal IETF practice we should specify a technical proposal which > >will achieve a business aim rather than actually specifying the > >business behaviour: > >> The rationale behind this is > >> that it will be costly for subscribers to re-distribute the > >> decryption keys to non-subscribers. The cost for re-distributing the > >> keys using the unicast channel should be higher than the cost of > >> purchasing the keys for this scheme to have an effect. > >How about: > > The rationale behind this is that it should be made substantially > > more inconvenient for subscribers to re-distribute the decryption > > keys to non-subscribers as compared with the non-subscribers > > becoming subscribers in order to acquire these keys. In order for > > this scheme to induce this behavior, the impact of the effort > > required to re-distribute the keys using separate unicast channels > > should therefore be sufficiently high that it will not be > > worthwhile for potential users of the service to access the content > > without subscribing. > > > >Security Considerations: > >s6, para 1: The phrase 'there are mainly two points...' sounds > >dangerous when it appears in Security Considerations. Is this > >supposed to mean there are (exactly) two points? If not, are there > >others which you don't tell us about: we need to know so we can > >check they aren't significant or alternatively they might not be > >about security, in which you might write 'There are two main points > >which affect the security considerations.' > > > >Editorial Nits: > >s2, last para: s/to the "empty map"/for the "empty map"/ > > > >s3: The acronym GMARCH is not defined and is only used in the > >section title. I take it is something about Group key Management > >ARCHitecture but it doesn't seem to be in general usage. > > > >s3, title: s/Relations/Relationship/ > > > >s6, para 1: s/designed./designed to be used./ > > > >s6: Acronyms not expanded: MAC, TESLA. > > > >s6, para 2: s/is not compatible with/is not appropriate for use with/ > > > > > _______________________________________________ Gen-art mailing list Gen-art@ietf.org https://www1.ietf.org/mailman/listinfo/gen-art
- [Gen-art] RE: Gen-Art Review: draft-ietf-msec-new… Karl Norrman (KI/EAB)
- Re: [Gen-art] RE: Gen-Art Review: draft-ietf-msec… Brian E Carpenter
- Re: [Gen-art] RE: Gen-Art Review: draft-ietf-msec… Russ Housley
- RE: [Gen-art] RE: Gen-Art Review: draft-ietf-msec… Vesa Lehtovirta (JO/LMF)
- [Gen-art] Gen-Art Review: draft-ietf-msec-newtype… Elwyn Davies
- [Gen-art] Re: Gen-Art Review: draft-ietf-msec-new… Lakshminath Dondeti
- Re: [Gen-art] Re: Gen-Art Review: draft-ietf-msec… Brian E Carpenter
- [Gen-art] Re: Gen-Art Review: draft-ietf-msec-new… Elwyn Davies
- [Gen-art] Re: Gen-Art Review: draft-ietf-msec-new… Lakshminath Dondeti