[i2rs] Alvaro Retana's No Objection on draft-ietf-i2rs-protocol-security-requirements-07: (with COMMENT)

"Alvaro Retana" <aretana@cisco.com> Thu, 18 August 2016 01:53 UTC

Return-Path: <aretana@cisco.com>
X-Original-To: i2rs@ietf.org
Delivered-To: i2rs@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 833B012D18A; Wed, 17 Aug 2016 18:53:27 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: "Alvaro Retana" <aretana@cisco.com>
To: "The IESG" <iesg@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 6.29.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <147148520752.23682.12743310118152055665.idtracker@ietfa.amsl.com>
Date: Wed, 17 Aug 2016 18:53:27 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/i2rs/lZ12VGNI3Xbo8KfBbLijszzva7k>
Cc: Jeffrey Haas <jhaas@pfrc.org>, i2rs@ietf.org, i2rs-chairs@ietf.org, draft-ietf-i2rs-protocol-security-requirements@ietf.org
Subject: [i2rs] Alvaro Retana's No Objection on draft-ietf-i2rs-protocol-security-requirements-07: (with COMMENT)
X-BeenThere: i2rs@ietf.org
X-Mailman-Version: 2.1.17
List-Id: "Interface to The Internet Routing System \(IRS\)" <i2rs.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/i2rs>, <mailto:i2rs-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/i2rs/>
List-Post: <mailto:i2rs@ietf.org>
List-Help: <mailto:i2rs-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/i2rs>, <mailto:i2rs-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Aug 2016 01:53:27 -0000

Alvaro Retana has entered the following ballot position for
draft-ietf-i2rs-protocol-security-requirements-07: No Objection

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-i2rs-protocol-security-requirements/



----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

I have the same concerns as others around the secure transport, but I'm
not putting in a DISCUSS because the concerns are already well
represented.  Just one additional comment on the topic:

I think there is a contradiction between SEC-REQ-09 ("The I2RS protocol
MUST be able to transfer data over a secure transport and optionally MAY
be able to transfer data over a non-secure transport") and this text from
Section 3. (Security-Related Requirements): "…MUST be able to exchange
data over a secure transport, but some functions may operate on a
non-secure transport."  The latter text talks bout "some functions" using
a non-secure transport, while SEC-REQ-09 implies that everything may use
it.


Other comments from Section 3.1. (Mutual authentication of an I2RS client
and an I2RS Agent) 

-- The text says that the "I2RS architecture [I-D.ietf-i2rs-architecture]
sets the following requirements".  I'm not sure what you mean my "sets",
as there are no requirements (labeled as such) in the architecture
document.  If there are, then this section doesn't seem to be needed (as
others have mentioned).  Maybe "these requirements are derived from the
architecture", or something similar may be more appropriate.

-- What is a "valid identifier"?  A couple of requirements where a "valid
identifier" "MUST" be confirmed are listed, but no indication as to what
that may be in this document or the architecture one.   The definition of
identifier doesn't help…

-- SEC-REQ-05 and SEC-REQ-06 sound the same to me.  What is the
difference?  BTW, if there is a difference, instead of "IETF" I think
that "standardized" may be better.