RE: [rddp] Re: [Gen-art] IETF LC reviews: rddp security andapplicability
"Jim Pinkerton" <jpink@windows.microsoft.com> Tue, 25 April 2006 14:35 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1FYOdQ-0000oc-2T; Tue, 25 Apr 2006 10:35:24 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FYOa6-0000eM-1n; Tue, 25 Apr 2006 10:31:58 -0400
Received: from mail2.microsoft.com ([131.107.1.7]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FYOa3-0002wd-EV; Tue, 25 Apr 2006 10:31:58 -0400
Received: from mailout6.microsoft.com ([157.54.69.150]) by mail2.microsoft.com with Microsoft SMTPSVC(6.0.3790.1830); Tue, 25 Apr 2006 07:31:54 -0700
Received: from tuk-hub-04.redmond.corp.microsoft.com ([157.54.70.30]) by mailout6.microsoft.com with Microsoft SMTPSVC(6.0.3790.1830); Tue, 25 Apr 2006 07:31:54 -0700
Received: from win-imc-01.wingroup.windeploy.ntdev.microsoft.com ([157.54.0.39]) by tuk-hub-04.redmond.corp.microsoft.com with Microsoft SMTPSVC(6.0.3790.1830); Tue, 25 Apr 2006 07:31:54 -0700
Received: from WIN-MSG-21.wingroup.windeploy.ntdev.microsoft.com ([157.54.62.26]) by win-imc-01.wingroup.windeploy.ntdev.microsoft.com with Microsoft SMTPSVC(6.0.3790.1830); Tue, 25 Apr 2006 07:31:53 -0700
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: RE: [rddp] Re: [Gen-art] IETF LC reviews: rddp security andapplicability
Date: Tue, 25 Apr 2006 07:31:39 -0700
Message-ID: <271CF87FD652F34DBF877CB0CB5D16FC7C0110@WIN-MSG-21.wingroup.windeploy.ntdev.microsoft.com>
In-Reply-To: <7.0.1.0.0.20060417151610.03638760@stevecrocker.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [rddp] Re: [Gen-art] IETF LC reviews: rddp security andapplicability
thread-index: AcZlq806ecLB3WfLSa2neXiqwcrz4gCJn1gg
From: Jim Pinkerton <jpink@windows.microsoft.com>
To: "Joel M. Halpern" <joel@stevecrocker.com>, Mary Barnes <mary.barnes@nortel.com>, gen-art@ietf.org
X-OriginalArrivalTime: 25 Apr 2006 14:31:53.0935 (UTC) FILETIME=[FF89BDF0:01C66874]
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 1676547e4f33b5e63227e9c02bd359e3
X-Mailman-Approved-At: Tue, 25 Apr 2006 10:35:22 -0400
Cc: lars.eggert@netlab.nec.de, rddp@ietf.org
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/gen-art>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
Errors-To: gen-art-bounces@ietf.org
Thanks for the feedback Joel. Comments in-line. Jim > -----Original Message----- > From: Joel M. Halpern [mailto:joel@stevecrocker.com] > Sent: Friday, April 21, 2006 6:10 PM > To: Mary Barnes; gen-art@ietf.org > Cc: lars.eggert@netlab.nec.de; rddp@ietf.org > Subject: [rddp] Re: [Gen-art] IETF LC reviews: rddp security > andapplicability > > I was selected as General Area Review Team reviewer for this specification > (for background on Gen-ART, please see > http://www.alvestrand.no/ietf/gen/art/gen-art-FAQ.html). > > (These reviews treat DDP and RDMAP as given, and do not comment > directly on those protocols.) > > RDDP/ RDMAP Security > Given the nature of RDDP, this document is a very good idea. I > am glad to see it. > This review does not check the completeness of the security > coverage. However, as a lay reader I am quite impressed. > > The document is ready for publication as an Informational RFC, > and probably ready as a Proposed Standard. > Personally, I would put the one IPSec requirement into the main > document, and consider the rest of the material to be in the category > of good advice. This is driven by the fact that the actual advice is > somewhere between difficult and impossible to observe on the wire. > > minor point: The last sentence of the introduction reads: > > If all recommended mitigations are in place the implemented usage > models, the RDMAP/DDP protocol can be shown to not expose any new > security vulnerabilities. > > Aside from the linguistic oddity of this sentence, it is unclear > what state is being compared. I.e., compared with what condition is > there an absence of new security vulnerabilities. (Presumably some > state other than "not communicating".) There are scattered other odd > English usages. [<jim>] Good point. Below is the suggested rewording to address your concerns, plus after rereading the section, it doesn't summarize the appendices (it does summarize all the other sections), so I add some informative text describing them just before this text. The appendices provide focused summaries of this specification. Section 11 Appendix A: ULP Issues for RDDP Client/Server Protocols focuses on implementers of traditional client/server protocols. Section 12 Appendix B: Summary of RNIC and ULP Implementation Requirements summarizes all normative requirements in this specification. Section 13 Appendix C: Partial Trust Taxonomy provides an abstract model for categorizing trust boundaries. If an RDMAP/DDP protocol implementation uses the mitigations recommended in this document, that implementation should not exhibit additional security vulnerabilities above and beyond those of an implementation of the transport protocol (i.e., TCP or SCTP) and protocols beneath it (e.g., IP) without RDMAP/DDP. > minor: In section 2.3.2, in describing three mechanisms, the text > refers to one mechanism (X) and one mechanism (Y and Z). It should > refer to two mechanisms (Y and Z). > [<jim>] Thanks. Fixed. > IDNits reports some references missing and some unused. > > [<jim>] Thanks. Reran and fixed the issues. Jim > RDMA/DDP Applicability: > Other than needing a good English language editor, this document > appears ready for publication as an Informational RFC. > An example of this is that the references ought to actually be > referenced in the body of the document. > > > > At 03:46 PM 4/13/2006, Mary Barnes wrote: > >Reviewer: Joel Halpern > > > >- 'DDP/RDMAP Security ' > > <draft-ietf-rddp-security-08.txt> as a Proposed Standard > >- 'Applicability of Remote Direct Memory Access Protocol (RDMA) and > >Direct Data > > Placement (DDP) ' > > <draft-ietf-rddp-applicability-05.txt> as an Informational RFC > > > >IETF LC ends on 2006-04-19. > > > >The file can be obtained via > >http://www.ietf.org/internet-drafts/draft-ietf-rddp-security-08.txt > >http://www.ietf.org/internet-drafts/draft-ietf-rddp-applicability-05.tx t > > > _______________________________________________ > rddp mailing list > rddp@ietf.org > https://www1.ietf.org/mailman/listinfo/rddp _______________________________________________ Gen-art mailing list Gen-art@ietf.org https://www1.ietf.org/mailman/listinfo/gen-art
- [Gen-art] A *new* batch of IETF LC reviews - Apri… Mary Barnes
- Re: [Gen-art] IETF LC reviews: rddp security and … Joel M. Halpern
- RE: [rddp] Re: [Gen-art] IETF LC reviews: rddp se… Jim Pinkerton
- RE: [rddp] Re: [Gen-art] IETF LC reviews: rddp se… Joel M. Halpern