Re: [Nea] PT-EAP I-D Ready for IESG Evaluation
Stephen Farrell <stephen.farrell@cs.tcd.ie> Mon, 19 November 2012 22:46 UTC
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: nea@ietfa.amsl.com
Delivered-To: nea@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 47D5321F872A for <nea@ietfa.amsl.com>; Mon, 19 Nov 2012 14:46:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.599
X-Spam-Level:
X-Spam-Status: No, score=-101.599 tagged_above=-999 required=5 tests=[AWL=-0.666, BAYES_00=-2.599, SARE_FWDLOOK=1.666, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mLBeQ3oul79x for <nea@ietfa.amsl.com>; Mon, 19 Nov 2012 14:46:44 -0800 (PST)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) by ietfa.amsl.com (Postfix) with ESMTP id 038DC21F8720 for <nea@ietf.org>; Mon, 19 Nov 2012 14:46:44 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 033BDBE27; Mon, 19 Nov 2012 22:46:20 +0000 (GMT)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fEYvcHHgLInt; Mon, 19 Nov 2012 22:46:18 +0000 (GMT)
Received: from [10.87.48.10] (unknown [86.42.17.136]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 26146BE25; Mon, 19 Nov 2012 22:46:18 +0000 (GMT)
Message-ID: <50AAB6B9.4040005@cs.tcd.ie>
Date: Mon, 19 Nov 2012 22:46:17 +0000
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:16.0) Gecko/20121028 Thunderbird/16.0.2
MIME-Version: 1.0
To: Stephen Hanna <shanna@juniper.net>
References: <28EBD44EA702D74DB2B6AABD0511BBEF1FE022@xmb-rcd-x06.cisco.com> <50A99D2F.6090109@cs.tcd.ie> <F1DFC16DCAA7D3468651A5A776D5796E068AC79D@SN2PRD0510MB372.namprd05.prod.outlook.com>
In-Reply-To: <F1DFC16DCAA7D3468651A5A776D5796E068AC79D@SN2PRD0510MB372.namprd05.prod.outlook.com>
X-Enigmail-Version: 1.4.6
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Cc: "nea@ietf.org" <nea@ietf.org>
Subject: Re: [Nea] PT-EAP I-D Ready for IESG Evaluation
X-BeenThere: nea@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Network Endpoint Assessment discussion list <nea.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nea>, <mailto:nea-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/nea>
List-Post: <mailto:nea@ietf.org>
List-Help: <mailto:nea-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nea>, <mailto:nea-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Nov 2012 22:46:45 -0000
Thanks Steve, I've marked this as revised I-D needed and look forward to the editors' response, Cheers, S. On 11/19/2012 10:37 PM, Stephen Hanna wrote: > Stephen, > > Thanks for your prompt review and solid comments. I have > talked with Susan and with the spec editors. We agreed > that it's best to address your suggestions before we send > the document off for IETF Last Call. Otherwise, we'd just > be wasting the time of IETF Last Call participants because > they'd be reviewing a document that wasn't quite done yet. > > The spec editors are working up a response now and should > have it for you shortly. > > Thanks, > > Steve > >> -----Original Message----- >> From: nea-bounces@ietf.org [mailto:nea-bounces@ietf.org] On Behalf Of >> Stephen Farrell >> Sent: Sunday, November 18, 2012 9:45 PM >> To: Susan Thomson (sethomso) >> Cc: nea@ietf.org >> Subject: Re: [Nea] PT-EAP I-D Ready for IESG Evaluation >> >> >> Hi Susan, all, >> >> My AD review of this is below. I'm not sure if the >> chairs/authors would prefer make changes and/or argue >> before IETF LC (either is fine), so I'll mark this as >> being in AD eval while we figure that out. >> >> My first (numbered) list of questions are things I >> need to see answered before I start IETF LC. I'd say >> only question #1 might be tricky and its certainly >> ok to say that changes resulting from #2 & #3 will >> be put in after IETF LC, if some are needed, so >> #1 is (by far) the main deal. >> >> The other stuff you can consider as just some >> random-dude comments to take or leave:-) >> >> Cheers, >> S. >> >> questions I'd like answered before IETF LC: >> >> 1) Doesn't the non-existence of a standards-track EAP outer >> method that meets the needs of NEA (section 5, 2nd para) >> mean that this draft ought stay in the RFC editor queue >> until TEAP is done, and that TEAP ought be MTI for PT-EAP? >> (Which could be easily done if the wg wanted it.) >> If the wg's answer to is "no, its ok now", then I'm >> confused, since you seem to require a standards track EAP >> outer method that does not exist. Wouldn't that imply that >> this protocol cannot be implemented as currently specified >> and wouldn't that be a bad outcome for the IETF? >> >> 2) 4.1.1: If the PTS trusts the PTC this way then its >> crazy! If this is saying that a PTS ought not include code >> to validate syntax then that'd be broken. What's wrong >> here? Seems like maybe its a case of putting in too many >> words? I think this 2nd bullet list in 4.1.1 might be >> better if it disappeared. I also think the last paragraph >> on 4.1.1 should also disappear. Is that unreasonable or ok? >> >> 3) 4.2.5, last para: on what basis can one say that an EMA >> is effective, other than by definition, which doesn't seem >> convincing? I do agree that some EMA implementation might >> be effective but not that all things calling themselves an >> EMA are effective. It therefore seems wrong to have text >> that appears to depend on the effectiveness of all EMAs. >> >> ----------------- >> >> "random-dude" comments to take or leave: >> >> abstract: not sure if EAP needs expanding there or not >> >> abstract: s/tunnel method/EAP tunnel method/ ? >> >> intro: why does 1st sentence not use same terminology as >> abstract? >> >> intro: PB-TNC should be expanded >> >> intro: it might be good to briefly explain the terms inner >> and outer for EAP methods, but only if that text is not >> going to be contentious. >> >> 1.5: the forward-looking statement about what TCG might do >> in future seems out of place and was modified in the pt-tls >> draft I think. The same change seems right here. >> >> section 2: "MUST only" is odd, better would be to either >> s/only// or phrase this with a MUST NOT. >> >> 3.1: is the phrase "round robin exchange" clear or more >> confusing? It could be the latter since the term is mostly >> used in relation to load-balancing. That sentence is also >> pretty unclear, maybe what you mean is that there cannot be >>> 1 PB-TNC batch in flight at any given time, if so, better >> to say so. I don't get the last sentence in the 3rd para >> here. >> >> 3.1: 3rd last and 2nd last paras are hard to get (at first >> reading at least). >> >> 3.1: last para seems unnecessary >> >> 3.3: It'd be good to give the figures names/captions to >> make 'em easier to reference. >> >> 3.3: 1st para, might be nice to name the 4 fields that are >> mandated. Also be good to say which of these fields are bog >> standard EAP and which are nea-specific, (in case someone >> codes up nea stuff to fit into some eap framwork or >> something). For example the start bit on p7 could be >> pt-eap-specific or not. >> >> section 4: This entire section seems to fall between two >> stools. On the one hand it could be an ab-initio analysis >> of threats to a generic PT-EAP, or else if could be a >> post-facto analysis of residual threats that need to be >> countered given the final PT-EAP design. Its hard to tell >> which is intended and I think the text oscilates between >> the two. I think making sure that's crystal clear would >> help here, in terms of giving the reader an easier time. >> >> 4.1.1: I don't get what "not observe" means here. How can a >> piece of code send out some bytes that it has not >> "observed" in some sense? >> >> 4.2, title is odd - what threat or countermeasure is >> nothing to do with security? suggest s/Security// in the >> title. (Same in 1st para of 4.2 and anywhere else.) >> >> 4.2.1: I'm not sure what "theft" means in the title here - >> presumably is involves a bad actor doing more than just >> copying the bytes, but what, in general? Maybe change >> title to "message confidentiality"? >> >> 4.2.1: who is "*the* adversary"? (my emphasis) Maybe >> s/the/an/ >> >> 4.2.1: "housed in" is an odd term likely to be easily >> misunderstood e.g. by non-native English speakers, "carried >> by" would seem better >> >> 4.2.1: EAP-FAST and EAP-TTLS could do with references on >> first use. (Same later for other methods, e.g. TEAP in >> 4.2.3.) >> >> 4.2.2: What'd it mean to creat a DoS against aspects of >> an assessment? I don't get that. >> >> 4.2.2: 1st para, malformed octets don't really seem like >> message fabrication. >> >> 4.2.2: last sentence - something wrong here, you can't >> say that unless you have an MTI outer EAP method that >> does guarantee that or else they all do, but do they >> all? >> >> 4.2.3: last sentence - is this missing a 2119 REQUIRED? >> >> 4.2.4: "encrypted and hashed" is pretty imprecise. >> >> 4.3: I think if the use of TLS is significant then you >> need a reference to 5246. Maybe also 5280 but that could >> be implied by TLS. >> >> 4.3: Is the parenthetic "using TLVs" text here stuff that >> ought go away? I think it probably is. >> >> section 6: the "MUST NOT observe" here seems like nonsense >> and nothing to do with 2119. >> >> 7.1: is "PT-EAP Versions" a top-level registry or part of >> something else? I think you can answer this by saying >> what URL you think would be good for accessing this >> registry. >> _______________________________________________ >> Nea mailing list >> Nea@ietf.org >> https://www.ietf.org/mailman/listinfo/nea > > > >
- [Nea] PT-EAP I-D Ready for IESG Evaluation Susan Thomson (sethomso)
- Re: [Nea] PT-EAP I-D Ready for IESG Evaluation Stephen Farrell
- Re: [Nea] PT-EAP I-D Ready for IESG Evaluation Stephen Farrell
- Re: [Nea] PT-EAP I-D Ready for IESG Evaluation Stephen Hanna
- Re: [Nea] PT-EAP I-D Ready for IESG Evaluation Stephen Farrell
- Re: [Nea] PT-EAP I-D Ready for IESG Evaluation Nancy Cam-Winget (ncamwing)
- [Nea] MTI EAP outer method (was: Re: PT-EAP I-D R… Stephen Farrell
- Re: [Nea] PT-EAP I-D Ready for IESG Evaluation Stephen Farrell
- Re: [Nea] MTI EAP outer method (was: Re: PT-EAP I… Joseph Salowey (jsalowey)
- Re: [Nea] MTI EAP outer method (was: Re: PT-EAP I… Nancy Cam-Winget (ncamwing)
- Re: [Nea] MTI EAP outer method (was: Re: PT-EAP I… Stephen Hanna
- Re: [Nea] MTI EAP outer method (was: Re: PT-EAP I… Stephen Farrell
- Re: [Nea] MTI EAP outer method (was: Re: PT-EAP I… Joseph Salowey (jsalowey)