Re: [Int-dir] INT area directorate review for draft-ietf-hip-rfc5206-bis-12
Gonzalo Camarillo <Gonzalo.Camarillo@ericsson.com> Wed, 31 August 2016 07:50 UTC
Return-Path: <gonzalo.camarillo@ericsson.com>
X-Original-To: int-dir@ietfa.amsl.com
Delivered-To: int-dir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5911312D958; Wed, 31 Aug 2016 00:50:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -104.221
X-Spam-Level:
X-Spam-Status: No, score=-104.221 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, USER_IN_WHITELIST=-100] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QVXhBXf8tUVd; Wed, 31 Aug 2016 00:50:12 -0700 (PDT)
Received: from sessmg22.ericsson.net (sessmg22.ericsson.net [193.180.251.58]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7A21312D907; Wed, 31 Aug 2016 00:50:11 -0700 (PDT)
X-AuditID: c1b4fb3a-0618b980000009bd-57-57c68c31737e
Received: from ESESSHC004.ericsson.se (Unknown_Domain [153.88.183.30]) by (Symantec Mail Security) with SMTP id 22.7B.02493.03C86C75; Wed, 31 Aug 2016 09:50:09 +0200 (CEST)
Received: from [131.160.126.239] (153.88.183.153) by smtp.internal.ericsson.com (153.88.183.32) with Microsoft SMTP Server id 14.3.301.0; Wed, 31 Aug 2016 09:50:07 +0200
To: Jean-Michel Combes <jeanmichel.combes@gmail.com>, Tom Henderson <tomh@tomh.org>, Terry Manderson <terry.manderson@icann.org>
References: <CAA7e52ok4US3ekt9Rxf_7nt_XkPe_f6FVur1BfYuLweWC=-bQg@mail.gmail.com> <577FDD73.7060207@tomh.org> <CAA7e52qCMoMmYSMdcy7afWuewq+_v3aOhaaszHMW86c0YeAagg@mail.gmail.com>
From: Gonzalo Camarillo <Gonzalo.Camarillo@ericsson.com>
Message-ID: <0aa05deb-4a10-5dfd-19bd-5cee4c51a5dd@ericsson.com>
Date: Wed, 31 Aug 2016 10:50:07 +0300
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.2.0
MIME-Version: 1.0
In-Reply-To: <CAA7e52qCMoMmYSMdcy7afWuewq+_v3aOhaaszHMW86c0YeAagg@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFnrLLMWRmVeSWpSXmKPExsUyM2K7nK5hz7Fwg8s7DSzaLu5jsmjdsYnJ ovHddkaLzwdPM1o8utLNYjGl9SSbRevRm6wWjXf/MFksn6HpwOkx5fdGVo+ds+6yexy+cJ/F Y8mSn0we364DxfZc0/D4cvkzWwB7FJdNSmpOZllqkb5dAlfGvc6rLAWfxCqmtLezNjCuFOhi 5OSQEDCRWDjrCEsXIxeHkMB6Rombe28wQjhrGSWOb9zFDlIlLBAmcfLKS0YQW0SgiVFi8i8x iKKtjBIXZ69hBXGYBW4xSjR0HALrYBOwkNhy6z7QXA4OXgF7iSMtgiBhFgFViU2NS5lBwqIC MRLr+xJAwrwCghInZz5hAbE5BQIlNk+awwpSwiygKbF+lz5ImFlAXmL72znMILaQgLbE8mct LBMYBWYh6Z6F0DELSccCRuZVjKLFqcXFuelGRnqpRZnJxcX5eXp5qSWbGIGRcHDLb6sdjAef Ox5iFOBgVOLhXXDyaLgQa2JZcWXuIUYJDmYlEd7nXcfChXhTEiurUovy44tKc1KLDzFKc7Ao ifP6v1QMFxJITyxJzU5NLUgtgskycXBKNTBGdM6Q67xy5fFF/fLdBwW64gW1TFxWhn3we/5r j1ZDiId40ZamolXOv/mO3Z+y/B//ga7whhlRtQl3JUo0Zx3Kkl8q9ZZzyQsFs1+Wy51dnTon TSvZlC8uvXfOszOHN3uejfibycr74cBJ1atLM2+X7o+Jddjne8VU/9zBi07XOZwkOSy9qjYq sRRnJBpqMRcVJwIAbxoMMIACAAA=
Archived-At: <https://mailarchive.ietf.org/arch/msg/int-dir/c9FtCsNtE00LYCtlM4uzpV8eC3U>
Cc: "Bernie Volz (volz)" <volz@cisco.com>, int-ads@ietf.org, int-dir@ietf.org, "cjbc@it.uc3m.es" <cjbc@it.uc3m.es>, draft-ietf-hip-rfc5206-bis@tools.ietf.org, Brian E Carpenter <brian.e.carpenter@gmail.com>
Subject: Re: [Int-dir] INT area directorate review for draft-ietf-hip-rfc5206-bis-12
X-BeenThere: int-dir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This list is for discussion between the members of the Internet Area directorate." <int-dir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/int-dir>, <mailto:int-dir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/int-dir/>
List-Post: <mailto:int-dir@ietf.org>
List-Help: <mailto:int-dir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/int-dir>, <mailto:int-dir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 31 Aug 2016 07:50:13 -0000
Hi Terry, in his INT area review, Jean Michel asks for a security-area review of the document (see email below). The HIP documents have been reviewed by the security area several times in the past, but if you want them to have a fresh look at them, you should probably ask the security ADs to perform such a review as part of the IESG evaluation process. In any case, please get back to Tom (who is editing this draft) so that he understands who you want to proceed. Thanks, Gonzalo On 11/07/2016 6:07 PM, Jean-Michel Combes wrote: > Hi Tom, > > To clarify, my concern is about: > (1) CBA is still an individual draft > (2) CBA is applied as a "MUST" > > IMHO, only copying text inside the document is a bad idea: using such a > security mechanism for a proposed Standard track document needs deep > security reviews (e.g., Security Area at least). > > Best regards, > > JMC. > > > 2016-07-08 19:05 GMT+02:00 Tom Henderson <tomh@tomh.org > <mailto:tomh@tomh.org>>: > > On 07/05/2016 12:32 PM, Jean-Michel Combes wrote: > > I am an assigned INT directorate reviewer for > draft-ietf-hip-rfc5206-bis-12. These > comments were written primarily for the benefit of the Internet Area > Directors. Document editors and shepherd(s) should treat these > comments > just like they would treat comments from any other IETF contributors > and resolve them along with any other Last Call comments that > have been > received. For more details on the INT Directorate, see > http://www.ietf.org/iesg/directorate.html > > o Mobile IP(v6) v.s. HIP > At first, I prefer to be frank: I must admit that I am not > pro-HIP ... > HIP, IMHO, looks like Mobile IP(v6) (modulo some parameters) > with many > drawbacks ... > > Now, please, trust me, my review has been done with a _neutral_ > point of > view. > > o HIP Security > I didn't review HIP basis RFCs/drafts, meaning that my review is > based > on the fact that security reviews have already been done. > > o draft-ietf-hip-rfc5206-bis-12 > > My main concern is the use of an Informative RFC to provide > security to > the protocol described inside this document: > Section 5,6, "To prevent redirection-based flooding attacks, the > use of > a Credit-Based Authorization (CBA) approach MUST be used when a host > sends data to an UNVERIFIED locator." > > > Thank you for the review; is your concern that the CBA mechanism is > used altogether, or that the specification relies on an Informative > RFC (in which case it may be remedied by avoiding the normative > reference by copying into this draft)? > > - Tom > >
- Re: [Int-dir] INT area directorate review for dra… Jean-Michel Combes
- Re: [Int-dir] INT area directorate review for dra… Carlos Jesús Bernardos Cano
- [Int-dir] INT area directorate review for draft-i… Jean-Michel Combes
- Re: [Int-dir] INT area directorate review for dra… Gonzalo Camarillo