[i2rs] Alissa Cooper's Discuss on draft-ietf-i2rs-protocol-security-requirements-11: (with DISCUSS and COMMENT)

"Alissa Cooper" <alissa@cooperw.in> Mon, 26 September 2016 19:07 UTC

Return-Path: <alissa@cooperw.in>
X-Original-To: i2rs@ietf.org
Delivered-To: i2rs@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id C695112B1F8; Mon, 26 Sep 2016 12:07:29 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Alissa Cooper <alissa@cooperw.in>
To: The IESG <iesg@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 6.34.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <147491684980.4980.3899605336197818600.idtracker@ietfa.amsl.com>
Date: Mon, 26 Sep 2016 12:07:29 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/i2rs/2VA6J07wXoixaL15yXLKInDww4A>
Cc: jhaas@pfrc.org, i2rs@ietf.org, i2rs-chairs@ietf.org, draft-ietf-i2rs-protocol-security-requirements@ietf.org
Subject: [i2rs] Alissa Cooper's Discuss on draft-ietf-i2rs-protocol-security-requirements-11: (with DISCUSS and COMMENT)
X-BeenThere: i2rs@ietf.org
X-Mailman-Version: 2.1.17
List-Id: "Interface to The Internet Routing System \(IRS\)" <i2rs.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/i2rs>, <mailto:i2rs-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/i2rs/>
List-Post: <mailto:i2rs@ietf.org>
List-Help: <mailto:i2rs-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/i2rs>, <mailto:i2rs-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Sep 2016 19:07:30 -0000

Alissa Cooper has entered the following ballot position for
draft-ietf-i2rs-protocol-security-requirements-11: Discuss

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-i2rs-protocol-security-requirements/



----------------------------------------------------------------------
DISCUSS:
----------------------------------------------------------------------

Thanks for resolving my previous DISCUSS point. I have just one further
point that hopefully will be easy to fix: Section 3.2 trails off in
mid-sentence.


----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

= Section 1 =

The abstract talks about multi-headed writes but Section 1 talks about
multi-headed reads -- I'm assuming these are supposed to be aligned.

= Section 3.1 =

"I2RS also requires a secure transport protocol and key distribution
   protocols."

This is the first sentence of the section -- what does the "also" refer
to?

"The following protocols will need to be extended to provide
   confidentiality, data integrity, peer authentication, and key
   distribution protocols: SSH, SCTP, or the ForCES TML layer over
SCTP."

I'm a little confused by the implications of "will need to be extended."
Is this document proposing that they be extended? Or is the idea that if
any of these protocols is chosen as a transport for I2RS, they would need
to be extended to meet the I2RS security requirements? Also, note the
existence of draft-ietf-tsvwg-sctp-dtls-encaps-09.

= Section 3.2 =

"The last new security feature is the ability to allow non-
   confidential data to be transfered over a non-secure transport."

How is this a security feature?

= Section 3.3 =

I'm not sure what "options described above" is referring to.

= Section 4 =

"Data passed over the insecure
   transport channel MUST not contain any data which identifies a person
   or any "write" transactions."

Assuming this should say "MUST NOT".