[i2rs] Alvaro Retana's No Objection on draft-ietf-i2rs-protocol-security-requirements-07: (with COMMENT)
"Alvaro Retana" <aretana@cisco.com> Thu, 18 August 2016 01:53 UTC
Return-Path: <aretana@cisco.com>
X-Original-To: i2rs@ietf.org
Delivered-To: i2rs@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 833B012D18A; Wed, 17 Aug 2016 18:53:27 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: Alvaro Retana <aretana@cisco.com>
To: The IESG <iesg@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 6.29.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <147148520752.23682.12743310118152055665.idtracker@ietfa.amsl.com>
Date: Wed, 17 Aug 2016 18:53:27 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/i2rs/lZ12VGNI3Xbo8KfBbLijszzva7k>
Cc: Jeffrey Haas <jhaas@pfrc.org>, i2rs@ietf.org, i2rs-chairs@ietf.org, draft-ietf-i2rs-protocol-security-requirements@ietf.org
Subject: [i2rs] Alvaro Retana's No Objection on draft-ietf-i2rs-protocol-security-requirements-07: (with COMMENT)
X-BeenThere: i2rs@ietf.org
X-Mailman-Version: 2.1.17
List-Id: "Interface to The Internet Routing System \(IRS\)" <i2rs.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/i2rs>, <mailto:i2rs-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/i2rs/>
List-Post: <mailto:i2rs@ietf.org>
List-Help: <mailto:i2rs-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/i2rs>, <mailto:i2rs-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Aug 2016 01:53:27 -0000
Alvaro Retana has entered the following ballot position for draft-ietf-i2rs-protocol-security-requirements-07: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-i2rs-protocol-security-requirements/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- I have the same concerns as others around the secure transport, but I'm not putting in a DISCUSS because the concerns are already well represented. Just one additional comment on the topic: I think there is a contradiction between SEC-REQ-09 ("The I2RS protocol MUST be able to transfer data over a secure transport and optionally MAY be able to transfer data over a non-secure transport") and this text from Section 3. (Security-Related Requirements): "…MUST be able to exchange data over a secure transport, but some functions may operate on a non-secure transport." The latter text talks bout "some functions" using a non-secure transport, while SEC-REQ-09 implies that everything may use it. Other comments from Section 3.1. (Mutual authentication of an I2RS client and an I2RS Agent) -- The text says that the "I2RS architecture [I-D.ietf-i2rs-architecture] sets the following requirements". I'm not sure what you mean my "sets", as there are no requirements (labeled as such) in the architecture document. If there are, then this section doesn't seem to be needed (as others have mentioned). Maybe "these requirements are derived from the architecture", or something similar may be more appropriate. -- What is a "valid identifier"? A couple of requirements where a "valid identifier" "MUST" be confirmed are listed, but no indication as to what that may be in this document or the architecture one. The definition of identifier doesn't help… -- SEC-REQ-05 and SEC-REQ-06 sound the same to me. What is the difference? BTW, if there is a difference, instead of "IETF" I think that "standardized" may be better.
- Re: [i2rs] Alvaro Retana's No Objection on draft-… Susan Hares
- Re: [i2rs] Alvaro Retana's No Objection on draft-… Alvaro Retana (aretana)
- Re: [i2rs] Alvaro Retana's No Objection on draft-… Alvaro Retana (aretana)
- Re: [i2rs] Alvaro Retana's No Objection on draft-… Susan Hares
- Re: [i2rs] Alvaro Retana's No Objection on draft-… Susan Hares
- [i2rs] Alvaro Retana's No Objection on draft-ietf… Alvaro Retana