IETF Logo Mail Archive

Re: [ippm] Secdir early review of draft-ietf-ippm-encrypted-pdmv2-01

"nalini.elkins@insidethestack.com" <nalini.elkins@insidethestack.com> Wed, 29 June 2022 12:23 UTC

Return-Path: <nalini.elkins@insidethestack.com>
X-Original-To: ippm@ietfa.amsl.com
Delivered-To: ippm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7BB78C15C7E5 for <ippm@ietfa.amsl.com>; Wed, 29 Jun 2022 05:23:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=yahoo.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HDoyVlas_ohn for <ippm@ietfa.amsl.com>; Wed, 29 Jun 2022 05:22:58 -0700 (PDT)
Received: from sonic314-26.consmr.mail.ne1.yahoo.com (sonic314-26.consmr.mail.ne1.yahoo.com [66.163.189.152]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CD010C157B4B for <ippm@ietf.org>; Wed, 29 Jun 2022 05:22:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1656505371; bh=/RH3OL63LUY98A/u/FZdFN5ICbAxPu7yVOPWRe+LB+c=; h=Date:From:To:Cc:In-Reply-To:References:Subject:From:Subject:Reply-To; b=K5T+Pr4D59AJTr4+vowLk67i4Fhc2kQDIxkfXa38EX/VF5FZpzsHoAN6dRK2B5VaulhFbnWCjpQUDqh24s23NWhYbY6FQPc9rKlXTakOjWQk/NNeimTrkEkkS60lLQyKfsd3M86Ux9neE4Xp7nh2QG6m1KBQKKv/niAwsDRc+TDVz7oG9AQrnzvIF/nKiA/2xXebwxawbLVRd2JWgR2wPcNx+PbT5m4npnhcPiWah4JSGNLRZjgqxpA5hdqTwjaXqeDGsuEhak9NwxEw831Gf2/AFEzb9YMZUny3c58ed34tijqVoOXcdyTvyQeLpJ0r6vDfUwVUg17PpLGfr6Zqyg==
X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1656505371; bh=o5eiYdS8vX6L9neSKLPOOgJCQQH57OpJUCAeZWop97x=; h=X-Sonic-MF:Date:From:To:Subject:From:Subject; b=EyRwLomtIW74Q7VIsUlnfJNsLJ0VO/86d30PHcVaZOzSJhD9C5BBqxtyzaSF9zN8TGwGzJ4bWThM0jPszO9U3AKgUd7N8WyS7wJEZG7kR7ydYjvB0163UauuuJEM4A2GpSdlp8qrRTzGmODMxQgSx0cXXju5DgS0b6H6bZFRBB2y2/gjCgNwl7MfbUvf5eqBus7B//lkd/os9h6weoKD1IsGgcs3r01vMDyCMwjOgrBbwumg1bl9lzMKvnKjY+JT1SmNt+eZKlxoLHYjWagzsyWB2wwTuf9cR5Vxb9oQXTAzpG/+sd/u7zi+cwlIgPmPSEgbC+nofvTLu7b3r7y6Kw==
X-YMail-OSG: V2P89PcVM1lJuhEdkufdxthFNooM19NpZ_JitoqFTCLHUf_xuFMzBJ_WVCfE2UN atkvhCsyvNy0WmwbjP9o5tZOh.pc8vKZUsPqJ.pIiw7gLlYlSf.FdEalXrD6drOyU8X11kg2NCmJ Z5_Q4GbLrD9sS8P14GLyvbwyEvavOozA3Ko1lKzr1fAhwyyex53h4IVK9KXqw_IjWf28HYNxu6Og vrpu.Xj.29ZNyH8EhYzRpVzK0YGpv_JBKtgbVdvSr1T_tIKSa_XlimLeh9Y.F_5H6U0zA2HrCOat OZbB0k4HL49yb.I6sMPC3v_vlH1ZYp0k2W.cgQk1O1w4dmg2X.yn7gkKtphJY5NU19Z5HY2qNs23 6cNntMc7jURnEzBrPu6AF.orkYo77FikYwEvLuS6ZsdGLgeYPQjtg0unnmporPoe.msb1dULtSBP QrDQQz.q4n91ORNyQXqM4HOtDqT2ylCpPVN.QPRxgYAbbIEs7SD7KHXn8kS4iRItCQxuSXYSnbdV UaXPQHYg0DgWN2W5PDr0ozn2UAlFfsU6Egt_ZeOxM9mwfqHsyttdqqaOnLrYiZ0cKSHQWxeroDhK 9x3pT7.UHCrcFchh9obODoy4xOffnmaAAV67L841YnJ9t.JWTaymliq3iikianiRvv7ZCBK.3DiF UMrm_yGQXkZC4B95Ts51quc1Tatj912KDmCRqYy3Vv_0hJ.PWWysBdkl9u9l_6QIi8V_2hD6A4XV 9IJEdt2.n4cMUF9fp1bUyQPyaDvFpVM5_HjmTd1FhXgnma1Ot5TajYGZJW97AifjbqeIcC.w.KwZ Qk.L_By9t.KZiL.1poX8FSuV3QNGguQ6S_6Y2efTC3LsMSC7iV_pkaCGhHG4pI2F6xPQ1tmGoFYM uTsuRcoCSivfRGoFIoPRSq_gUbzVsxmZimAfiIw.cGVLf3RhewIjFYDuLmbJjmJKsHhN5Zy87UYD qSRmznVD1d.DbxPXmRxvfONx4oJ0QzzB8_LjPzXavu9zlJnWqaBfoUrntx8mxKw60wweIPyS5IAu 5b0s7HfQ7avALTgHjlEMT08CaaIQ8KXY6iJ9dDWvcbyhcCYhybJeVpHhCY4gm99mM4TqZv49RSyo 03KDFjcpujy9btz3MUtI9kipDcUmwnJRluUfG1vknCoOabhOXMbxaAu1TLBCrPAytm4B4b5U_yuD bYdP47XHd1nmNqEWhdz68NEPiOAcEOItGUrNVG_0F0uiPc035.Wmo9GZG8G7rmKzV0TD7LGn.cXn 3G6MlxqdnlVsPQES8jUBifRg4B006vhHXo1e7JCAVjDt5WbedZhv_wb8URGkU3xaE4GNrpa80dZ2 CeqX2CldOhNJ7xU_mdPm2EAlHMqaU_Lu9b2vM4DJfAx0bydECzqf8dz7JskkllLbWXnLjsvGZb_7 rws4UWXPYxEpylFYsk7mzR89nACz8zoe8lXK0ZVqUtSACrhU5bcBUvdHfHJzHovKojIABMB7zsEd gNdf0IZptFyET2dTs6Aafo.1bk_AM1jACvi7NjH6B9nYdX9kgoglkmSRDBntQgqgx0o_sL3pjEVo xtRfF6S8Ao3g39TImIzJJizT9f5YXCRbIqz.szdaQrkd8cR1iLPiiWoKf9IL_H.fH43uM4Vsdoyy S2Ryc0ZLG0QoOI3EYo4Z7VucIe3mwtwVMWN7iWFW8mWaRT_VBFXl9rsAO_xXe1vfyYDsWmbQjHfy XgjI7S4aHyRG7.xIHvy_JXQH96FAbaclsUNA_jqo6nja.j58fFCw0ntGbMoCbCwF1s.ndibQXqFa hANotqmCZs6nuvsht6aHLeLrkIbNL.buaQtMslKWMpe8boyfir5bLFuh8GVv5bfHjxye3SdPIIur 4.Ghvn.gQc_zf_N_fH9meXmt6h3JKyAxqTDzQGTqlZ.765EwzVGZ4Qwxg2CGYGR0.mc4_exfv3Hj Mb3OlaRCuF9pPQQumicPx4h4hFX9fAvGjTiMN83Xj1xmYiv3FpEfbbSjVhx6QhdIg2U0EqPzBmxv RaJK.pwdDW17sw_F6nH_ai4zajTdIVgflBoUGpkx82DO4mYg0AM6sOueP2iudDsdsR8mrIiAQKkJ _fl6ZwSgOcZp7._KCK3tEAItPOB.v2Bnn1kK4dyF02LSSrNsSLPC6rYRgpEkWmR46qJ3IM3b3rEN 78P49ayNh.UgSsvtfv2WWQVJXLarc3UogqfgRniAkbtUl40SzO5DKTIUHBcbIpqWzwXgHuTv8mJC uWzLStSjN5wSZX_pDkh9hYomoKGWUwXPxxE_OldXgHSGvVWQr8yo4t8QRKgsEjDOtDSTh50etpA- -
X-Sonic-MF: <nalini.elkins@insidethestack.com>
Received: from sonic.gate.mail.ne1.yahoo.com by sonic314.consmr.mail.ne1.yahoo.com with HTTP; Wed, 29 Jun 2022 12:22:51 +0000
Date: Wed, 29 Jun 2022 12:22:47 +0000
From: "nalini.elkins@insidethestack.com" <nalini.elkins@insidethestack.com>
To: "secdir@ietf.org" <secdir@ietf.org>, Adam Montville <adam.montville.sdo@gmail.com>
Cc: "draft-ietf-ippm-encrypted-pdmv2.all@ietf.org" <draft-ietf-ippm-encrypted-pdmv2.all@ietf.org>, "ippm@ietf.org" <ippm@ietf.org>
Message-ID: <1110626473.10352022.1656505367893@mail.yahoo.com>
In-Reply-To: <165645046783.27142.13270958883597547653@ietfa.amsl.com>
References: <165645046783.27142.13270958883597547653@ietfa.amsl.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_Part_10352021_1150982069.1656505367890"
X-Mailer: WebService/1.1.20280 YMailNorrin
Archived-At: <https://mailarchive.ietf.org/arch/msg/ippm/sHwmfyj8kyUlbG_IOEdi8dZJZw8>
Subject: Re: [ippm] Secdir early review of draft-ietf-ippm-encrypted-pdmv2-01
X-BeenThere: ippm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IETF IP Performance Metrics Working Group <ippm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ippm>, <mailto:ippm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ippm/>
List-Post: <mailto:ippm@ietf.org>
List-Help: <mailto:ippm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ippm>, <mailto:ippm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Jun 2022 12:23:02 -0000

Adam,
Thanks so much for your review.   We will look at the "TBD" in "5.3 Security Goals for Authentication". 
As the draft (and implementation) progresses,  we will keep everyone posted. 
Nalini Elkins
CEO and Founder
Inside Products, Inc.
www.insidethestack.com
(831) 659-8360 

    On Tuesday, June 28, 2022, 02:07:53 PM PDT, Adam Montville via Datatracker <noreply@ietf.org> wrote:  
 
 Reviewer: Adam Montville
Review result: Not Ready

I apologize for missing the deadline for this early review.

I'm saying the draft is not yet ready primarily because it's early, and there
is a "TBD" in "5.3 Security Goals for Authentication". That said, I'm not sure
there's much to add here beyond the communicating parties being mutually
authenticated.

The security considerations section addresses authentication by stating, "the
Authentication and Authorization of Clients and Servers is thus delegated to
the respective Organizations." I would add that the selected encryption scheme
(HPKE incorporating KEM, KDF, and AEAD) should cover this requirement.

I'll also mention that authentication is mentioned in 5.3 but seemingly ignored
in the list of things PDMv3 DOH needs to consider (see the middle of page 12).

Otherwise, the security considerations section covers the relevant threat
scenarios reasonably well, and the document seems to provide a methodology to
provide delegated trust, as claimed.


_______________________________________________
ippm mailing list
ippm@ietf.org
https://www.ietf.org/mailman/listinfo/ippm

v2.23.0 | Report a Bug | By Email