Re: [i2rs] RTG-DIR QA review: draft-ietf-i2rs-protocol-security-requirements-04.txt
"Susan Hares" <shares@ndzh.com> Fri, 20 May 2016 14:05 UTC
Return-Path: <shares@ndzh.com>
X-Original-To: i2rs@ietfa.amsl.com
Delivered-To: i2rs@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E09C112D98E; Fri, 20 May 2016 07:05:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.739
X-Spam-Level: *
X-Spam-Status: No, score=1.739 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DOS_OUTLOOK_TO_MX=2.845, HTML_MESSAGE=0.001, RDNS_NONE=0.793] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Jasng2igxoJG; Fri, 20 May 2016 07:05:37 -0700 (PDT)
Received: from hickoryhill-consulting.com (unknown [50.245.122.97]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C00EB12D988; Fri, 20 May 2016 07:05:36 -0700 (PDT)
X-Default-Received-SPF: pass (skip=loggedin (res=PASS)) x-ip-name=174.124.182.128;
From: Susan Hares <shares@ndzh.com>
To: 'Tomonori Takeda' <tomonori.takeda@ntt.com>, rtg-ads@ietf.org
References: <EB0F2EAC05E9C64D80571F2042700A2A6C7FDAB7@C0561I0.coe.ntt.com>
In-Reply-To: <EB0F2EAC05E9C64D80571F2042700A2A6C7FDAB7@C0561I0.coe.ntt.com>
Date: Fri, 20 May 2016 10:05:33 -0400
Message-ID: <00c701d1b2a0$ad254f30$076fed90$@ndzh.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_00C8_01D1B27F.2616BC70"
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQFZkbV8xMTMF+FMKLR7WGNqnq+0AaCxLJGA
Content-Language: en-us
X-Authenticated-User: skh@ndzh.com
Archived-At: <http://mailarchive.ietf.org/arch/msg/i2rs/mUHk8BvqoOlDbKeiigKActXyFs0>
Cc: rtg-dir@ietf.org, draft-ietf-i2rs-protocol-security-requirements.all@ietf.org, i2rs@ietf.org
Subject: Re: [i2rs] RTG-DIR QA review: draft-ietf-i2rs-protocol-security-requirements-04.txt
X-BeenThere: i2rs@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Interface to The Internet Routing System \(IRS\)" <i2rs.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/i2rs>, <mailto:i2rs-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/i2rs/>
List-Post: <mailto:i2rs@ietf.org>
List-Help: <mailto:i2rs-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/i2rs>, <mailto:i2rs-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 20 May 2016 14:05:39 -0000
Takeda-san: Thank you for your excellent review. My responses to your comments are below. I've released a version-05 to address your comments. Sue -----Original Message----- From: i2rs [mailto:i2rs-bounces@ietf.org] On Behalf Of Tomonori Takeda Sent: Thursday, May 19, 2016 12:39 PM To: rtg-ads@ietf.org Cc: 'rtg-dir@ietf.org'; 'draft-ietf-i2rs-protocol-security-requirements.all@ietf.org'; i2rs@ietf.org Subject: [i2rs] RTG-DIR QA review: draft-ietf-i2rs-protocol-security-requirements-04.txt Hi, I have been selected as the Routing Directorate QA reviewer for this draft. Document: draft-ietf-i2rs-protocol-security-requirements-04.txt Reviewer: Tomonori Takeda Review Date: May 20, 2016 Intended Status: Standards Track I am not following I2RS work closely, but in the spirit of QA review, this is OK in my understanding. https://trac.tools.ietf.org/area/rtg/trac/wiki/RtgDirDocQa Here are my comments. I think it is very important to have documents dedicated for security for new protocols such as I2RS protocols. Overall, I think the document is well organized and clear what are security requirements for I2RS. Some specific comments. 1) The document is intended to be Standards Track. I do not think it is common for requirement drafts to be Standards Track. Sue: You are correct. This is my error. I should have changed it this morning. 2) In Section 3.1, requirements are mentioned that are set in draft-ietf-i2rs-architecture-15. Some of these requirements are not directly mentioned in draft-ietf-i2rs-architecture-15, but rather implied. For example, draft-ietf-i2rs-architecture-15 mentions identifier for I2RS client, but does not mention identifier for I2RS agent (IMO). Please note that I think requirements mentioned in Section 3.1. makes sense and valid. I am just commenting on the way of writing. Sue: You are correct that the mutual identification implies an identity for the agent. Also in Section 2 of draft-ietf-i2rs-architecture-15 mentions: role or security role: A security role specifies the scope, resources, priorities, etc. that a client or agent has. If a identity has multiple roles in the security system, the identity is permitted to perform any operations any of those roles permit. Multiple identities may use the same security role. 3) I think there is dependency on requirements mentioned in this document. Specifically, if mutual authentication (Section 3.1), secure transport (Section 3.2), and role-based security (Section 3.3) are met, confidentiality (Section 3.3) and integrity (Section 3.4) can be achieved (expect SEC-REQ-16: traceability requirement). Perhaps, it depends on in which aspects security requirements should be written (in terms of mechanisms or in terms of features). Again, I am just commenting on the way of writing. Sue: You make an excellent point: I have added to the first part section 3.0 after the first paragraph: New/ <t>There are dependencies in some of the requirements below. For confidentiality (section 3.3) and integrity (section 3.4) to be achieved, the client-agent must have mutual authentication (section 3.1) and secure transport (section 3.2). I2RS allows the use of an insecure transport for portions of data models that clearly indicate insecure transport. If insecure transport is used, then confidentiality and integrity cannot be achieved. </t> 4) This is just an edit, but in page.10, "Requirements SEC-REQ-13 and SEC-REQ-14" should be "Requirements SEC-REQ-14 and SEC-REQ-15". --- Thank you for the editorial comment Thanks, Tomonori Takeda _______________________________________________ i2rs mailing list i2rs@ietf.org https://www.ietf.org/mailman/listinfo/i2rs
- [i2rs] RTG-DIR QA review: draft-ietf-i2rs-protoco… Tomonori Takeda
- Re: [i2rs] RTG-DIR QA review: draft-ietf-i2rs-pro… Susan Hares
- Re: [i2rs] RTG-DIR QA review: draft-ietf-i2rs-pro… Tomonori Takeda
- Re: [i2rs] RTG-DIR QA review: draft-ietf-i2rs-pro… Susan Hares