Re: [i2rs] RTG-DIR QA review: draft-ietf-i2rs-protocol-security-requirements-04.txt
"Susan Hares" <shares@ndzh.com> Tue, 24 May 2016 13:53 UTC
Return-Path: <shares@ndzh.com>
X-Original-To: i2rs@ietfa.amsl.com
Delivered-To: i2rs@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 50F9712D747; Tue, 24 May 2016 06:53:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.739
X-Spam-Level: *
X-Spam-Status: No, score=1.739 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DOS_OUTLOOK_TO_MX=2.845, HTML_MESSAGE=0.001, RDNS_NONE=0.793] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id d8bWv6S2NvxY; Tue, 24 May 2016 06:53:41 -0700 (PDT)
Received: from hickoryhill-consulting.com (unknown [50.245.122.97]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E999612D7C6; Tue, 24 May 2016 06:53:38 -0700 (PDT)
X-Default-Received-SPF: pass (skip=loggedin (res=PASS)) x-ip-name=174.124.182.128;
From: Susan Hares <shares@ndzh.com>
To: 'Tomonori Takeda' <tomonori.takeda@ntt.com>, rtg-ads@ietf.org
References: <EB0F2EAC05E9C64D80571F2042700A2A6C7FDAB7@C0561I0.coe.ntt.com> <00c701d1b2a0$ad254f30$076fed90$@ndzh.com> <EB0F2EAC05E9C64D80571F2042700A2A6C7FE8AE@C0561I0.coe.ntt.com>
In-Reply-To: <EB0F2EAC05E9C64D80571F2042700A2A6C7FE8AE@C0561I0.coe.ntt.com>
Date: Tue, 24 May 2016 09:53:35 -0400
Message-ID: <016501d1b5c3$ab225860$01670920$@ndzh.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0166_01D1B5A2.24132960"
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQFZkbV8xMTMF+FMKLR7WGNqnq+0AQL2u+8nAWQrjXCglYvzsA==
Content-Language: en-us
X-Authenticated-User: skh@ndzh.com
Archived-At: <http://mailarchive.ietf.org/arch/msg/i2rs/rMdhdgbCipTW9kIL5UbYfE8U8D4>
Cc: rtg-dir@ietf.org, draft-ietf-i2rs-protocol-security-requirements.all@ietf.org, i2rs@ietf.org
Subject: Re: [i2rs] RTG-DIR QA review: draft-ietf-i2rs-protocol-security-requirements-04.txt
X-BeenThere: i2rs@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Interface to The Internet Routing System \(IRS\)" <i2rs.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/i2rs>, <mailto:i2rs-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/i2rs/>
List-Post: <mailto:i2rs@ietf.org>
List-Help: <mailto:i2rs-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/i2rs>, <mailto:i2rs-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 May 2016 13:53:43 -0000
Tomonori: Thanks for noticing my error. I’ve released version -06 the change. Sue From: Tomonori Takeda [mailto:tomonori.takeda@ntt.com] Sent: Saturday, May 21, 2016 9:51 AM To: 'Susan Hares'; rtg-ads@ietf.org Cc: rtg-dir@ietf.org; draft-ietf-i2rs-protocol-security-requirements.all@ietf.org; i2rs@ietf.org Subject: RE: [i2rs] RTG-DIR QA review: draft-ietf-i2rs-protocol-security-requirements-04.txt Hi Sue, Thanks for the update. This version looks good to me, except one editorial comment. > 4) This is just an edit, but in page.10, > "Requirements SEC-REQ-13 and SEC-REQ-14" should be > "Requirements SEC-REQ-14 and SEC-REQ-15". > > --- Thank you for the editorial comment Now, text is “Requirements SEC-REQ-14 and SEC-REQ-16”, but it should be “Requirements SEC-REQ-14 and SEC-REQ-15”. (Again, this is just an editorial comment.) Thanks, Tomonori Takeda From: Susan Hares [mailto:shares@ndzh.com] Sent: Friday, May 20, 2016 11:06 PM To: Tomonori Takeda(武田知典); rtg-ads@ietf.org Cc: rtg-dir@ietf.org; draft-ietf-i2rs-protocol-security-requirements.all@ietf.org; i2rs@ietf.org Subject: RE: [i2rs] RTG-DIR QA review: draft-ietf-i2rs-protocol-security-requirements-04.txt Takeda-san: Thank you for your excellent review. My responses to your comments are below. I’ve released a version-05 to address your comments. Sue -----Original Message----- From: i2rs [mailto:i2rs-bounces@ietf.org] On Behalf Of Tomonori Takeda Sent: Thursday, May 19, 2016 12:39 PM To: rtg-ads@ietf.org Cc: 'rtg-dir@ietf.org'; 'draft-ietf-i2rs-protocol-security-requirements.all@ietf.org'; i2rs@ietf.org Subject: [i2rs] RTG-DIR QA review: draft-ietf-i2rs-protocol-security-requirements-04.txt Hi, I have been selected as the Routing Directorate QA reviewer for this draft. Document: draft-ietf-i2rs-protocol-security-requirements-04.txt Reviewer: Tomonori Takeda Review Date: May 20, 2016 Intended Status: Standards Track I am not following I2RS work closely, but in the spirit of QA review, this is OK in my understanding. https://trac.tools.ietf.org/area/rtg/trac/wiki/RtgDirDocQa Here are my comments. I think it is very important to have documents dedicated for security for new protocols such as I2RS protocols. Overall, I think the document is well organized and clear what are security requirements for I2RS. Some specific comments. 1) The document is intended to be Standards Track. I do not think it is common for requirement drafts to be Standards Track. Sue: You are correct. This is my error. I should have changed it this morning. 2) In Section 3.1, requirements are mentioned that are set in draft-ietf-i2rs-architecture-15. Some of these requirements are not directly mentioned in draft-ietf-i2rs-architecture-15, but rather implied. For example, draft-ietf-i2rs-architecture-15 mentions identifier for I2RS client, but does not mention identifier for I2RS agent (IMO). Please note that I think requirements mentioned in Section 3.1. makes sense and valid. I am just commenting on the way of writing. Sue: You are correct that the mutual identification implies an identity for the agent. Also in Section 2 of draft-ietf-i2rs-architecture-15 mentions: role or security role: A security role specifies the scope, resources, priorities, etc. that a client or agent has. If a identity has multiple roles in the security system, the identity is permitted to perform any operations any of those roles permit. Multiple identities may use the same security role. 3) I think there is dependency on requirements mentioned in this document. Specifically, if mutual authentication (Section 3.1), secure transport (Section 3.2), and role-based security (Section 3.3) are met, confidentiality (Section 3.3) and integrity (Section 3.4) can be achieved (expect SEC-REQ-16: traceability requirement). Perhaps, it depends on in which aspects security requirements should be written (in terms of mechanisms or in terms of features). Again, I am just commenting on the way of writing. Sue: You make an excellent point: I have added to the first part section 3.0 after the first paragraph: New/ <t>There are dependencies in some of the requirements below. For confidentiality (section 3.3) and integrity (section 3.4) to be achieved, the client-agent must have mutual authentication (section 3.1) and secure transport (section 3.2). I2RS allows the use of an insecure transport for portions of data models that clearly indicate insecure transport. If insecure transport is used, then confidentiality and integrity cannot be achieved. </t> 4) This is just an edit, but in page.10, "Requirements SEC-REQ-13 and SEC-REQ-14" should be "Requirements SEC-REQ-14 and SEC-REQ-15". --- Thank you for the editorial comment Thanks, Tomonori Takeda _______________________________________________ i2rs mailing list i2rs@ietf.org https://www.ietf.org/mailman/listinfo/i2rs
- [i2rs] RTG-DIR QA review: draft-ietf-i2rs-protoco… Tomonori Takeda
- Re: [i2rs] RTG-DIR QA review: draft-ietf-i2rs-pro… Susan Hares
- Re: [i2rs] RTG-DIR QA review: draft-ietf-i2rs-pro… Tomonori Takeda
- Re: [i2rs] RTG-DIR QA review: draft-ietf-i2rs-pro… Susan Hares