Re: Last Call: 'A Lightweight UDP Transfer Protocol for the the I nternet Registry Information Service' to Proposed Standard (draft-ietf-cr isp-iris-lwz)
Andrew Newton <andy@hxr.us> Thu, 17 August 2006 16:17 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1GDkYk-0003Yq-MH; Thu, 17 Aug 2006 12:17:30 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GDkYj-0003Y2-8a; Thu, 17 Aug 2006 12:17:29 -0400
Received: from zeke.ecotroph.net ([69.31.8.124]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GDkYe-000842-1n; Thu, 17 Aug 2006 12:17:29 -0400
Received: from [127.0.0.1] ([::ffff:208.50.38.5]) (AUTH: LOGIN anewton) by zeke.ecotroph.net with esmtp; Thu, 17 Aug 2006 12:12:00 -0400 id 0158805F.44E49550.00003D1A
Message-ID: <44E49548.6020102@hxr.us>
Date: Thu, 17 Aug 2006 12:11:52 -0400
From: Andrew Newton <andy@hxr.us>
User-Agent: Thunderbird 1.5.0.5 (Windows/20060719)
MIME-Version: 1.0
To: Sam Hartman <hartmans-ietf@mit.edu>
References: <0BF76B30C100624BA997C9CED19D81254C95B3@uspitsmsgusr08.win.marconi.com> <tslac63bc3s.fsf@cz.mit.edu>
In-Reply-To: <tslac63bc3s.fsf@cz.mit.edu>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 2409bba43e9c8d580670fda8b695204a
Cc: iesg@ietf.org, ietf@ietf.org, Mark Townsley <townsley@cisco.com>
Subject: Re: Last Call: 'A Lightweight UDP Transfer Protocol for the the I nternet Registry Information Service' to Proposed Standard (draft-ietf-cr isp-iris-lwz)
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
Errors-To: ietf-bounces@ietf.org
Sam Hartman wrote: >>>>>> "Gray," == Gray, Eric <Eric.Gray@marconi.com> writes: > > Gray,> Sam, I thought the Security Area Directorate was limited to > Gray,> determining if the description of security risks is > Gray,> adequate and that determination of whether security is > Gray,> adequate - for adequately described security risks - would > Gray,> be up to the end consumer. > > first, this document is in last call. It's very clear to me that I > can make a last call comment as an IETf contributor that I think the > security is inadequate. To be quite honest, I was unsure which hat you were wearing when you made your statement. I'm also unsure if it matters. All that being said, I agree that the security considerations section is missing quite a bit. It should explain the consequences of using this protocol from a security point of view. And the big thing it left out, is that not only should it mention that there are alternatives, but it should explicitly state what they are. In this case, the security considerations section ought to specifically point to XPC, which is also from the CRISP wg and being IETF last called at the moment. That draft is draft-ietf-crisp-iris-xpc-04.txt; a review of it would be helpful. -andy _______________________________________________ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
- RE: Last Call: 'A Lightweight UDP Transfer Protoc… Gray, Eric
- Re: Last Call: 'A Lightweight UDP Transfer Protoc… Sam Hartman
- Re: Last Call: 'A Lightweight UDP Transfer Protoc… Andrew Newton