Re: [pcp] Terry Manderson's No Objection on draft-ietf-pcp-authentication-13: (with COMMENT)
"Tirumaleswar Reddy (tireddy)" <tireddy@cisco.com> Thu, 09 July 2015 14:12 UTC
Return-Path: <tireddy@cisco.com>
X-Original-To: pcp@ietfa.amsl.com
Delivered-To: pcp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C1E861A916A; Thu, 9 Jul 2015 07:12:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.511
X-Spam-Level:
X-Spam-Status: No, score=-14.511 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WM03_uYrrwoO; Thu, 9 Jul 2015 07:12:14 -0700 (PDT)
Received: from rcdn-iport-3.cisco.com (rcdn-iport-3.cisco.com [173.37.86.74]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3CD711A9168; Thu, 9 Jul 2015 07:12:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2539; q=dns/txt; s=iport; t=1436451134; x=1437660734; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=mSVPNhHnbrZZwNx4LdSHqy1MqfT7TmZmzyKZbohj2Qo=; b=MJWuhFjDkfv3Vp5vxGthpgCmDN3uJYR5ZByPKsBTqjXz2klAZ8C2VqdF omnejXdJlCtVa0+tFHM/OzGHnGqNR8B+43oi3Q8q4GgMvphpxUvXEh7AZ UTARvaCrcF5N+/TZPlz+xSx4U0/6kLw3nZazWmWDW6FjWLoDYyMZhjT1J w=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0CTAwCTgJ5V/5BdJa1bgxJUYAa6JAF1CYFnCoV3AoFYOBQBAQEBAQEBgQqEIwEBAQMBAQEBNzEDBAcMBAIBCBEEAQELFAkHJwsUCQgCBAENBQiIHggNzwEBAQEBAQEBAQEBAQEBAQEBAQEBAQEXi0uEIxEBIDECBQaDEYEUBYcJjSQBhGaIVoQYgw+QAyZjgVqBPm8BgQw6gQQBAQE
X-IronPort-AV: E=Sophos;i="5.15,440,1432598400"; d="scan'208";a="13987843"
Received: from rcdn-core-8.cisco.com ([173.37.93.144]) by rcdn-iport-3.cisco.com with ESMTP; 09 Jul 2015 14:12:13 +0000
Received: from xhc-aln-x05.cisco.com (xhc-aln-x05.cisco.com [173.36.12.79]) by rcdn-core-8.cisco.com (8.14.5/8.14.5) with ESMTP id t69ECDmZ013948 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Thu, 9 Jul 2015 14:12:13 GMT
Received: from xmb-rcd-x10.cisco.com ([169.254.15.123]) by xhc-aln-x05.cisco.com ([173.36.12.79]) with mapi id 14.03.0195.001; Thu, 9 Jul 2015 09:12:13 -0500
From: "Tirumaleswar Reddy (tireddy)" <tireddy@cisco.com>
To: Terry Manderson <terry.manderson@icann.org>, The IESG <iesg@ietf.org>
Thread-Topic: [pcp] Terry Manderson's No Objection on draft-ietf-pcp-authentication-13: (with COMMENT)
Thread-Index: AQHQuSoj13H+S8Yt7k6rulJrnNE/0p3TK1pw
Date: Thu, 09 Jul 2015 14:12:12 +0000
Message-ID: <913383AAA69FF945B8F946018B75898A4788BA7C@xmb-rcd-x10.cisco.com>
References: <20150708025739.480.3240.idtracker@ietfa.amsl.com>
In-Reply-To: <20150708025739.480.3240.idtracker@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.65.44.176]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/pcp/mrpZM9SF02WglfbzoEgAJIsY15g>
Cc: "pcp@ietf.org" <pcp@ietf.org>
Subject: Re: [pcp] Terry Manderson's No Objection on draft-ietf-pcp-authentication-13: (with COMMENT)
X-BeenThere: pcp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: PCP wg discussion list <pcp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pcp>, <mailto:pcp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pcp/>
List-Post: <mailto:pcp@ietf.org>
List-Help: <mailto:pcp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pcp>, <mailto:pcp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Jul 2015 14:12:16 -0000
> -----Original Message----- > From: pcp [mailto:pcp-bounces@ietf.org] On Behalf Of Terry Manderson > Sent: Wednesday, July 08, 2015 8:28 AM > To: The IESG > Cc: pcp@ietf.org > Subject: [pcp] Terry Manderson's No Objection on draft-ietf-pcp- > authentication-13: (with COMMENT) > > Terry Manderson has entered the following ballot position for > draft-ietf-pcp-authentication-13: No Objection > > When responding, please keep the subject line intact and reply to all email > addresses included in the To and CC lines. (Feel free to cut this introductory > paragraph, however.) > > > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html > for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-pcp-authentication/ > > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > Thanks for addressing an aspect of security in relation to PCP, especially the > Advanced Threat Model from RFC6887. > > I have a few comments > > 1) I'm sure the RFC editor will pick these up, however there is some comma > usage in the document that caused me to re-read some of the paragraphs to > understand. The Abstract is one example of this. I'm certainly no expert so > perhaps have a skim over this: > http://www.grammarbook.com/punctuation/commas.asp > > 2) s 3.1.1, please consider rewording the text "Section 5.1 updates the PCP > request message format to have a result code." to something like "Section 5.1 > updates the PCP request message format with result codes for the PCP > Authentication mechanism" ...The wording as it stands seems a little non- > specific. Thanks, fixed in my local copy. > > 3) Basic DoS attacks (such as state bloat) are mentioned in the security section, > are there any complex DoS attacks that can be leveraged using the PCP > authentication mechanism itself ? I don't think so. Attack on PCP authentication depends on the EAP method used, for example if TEAP is used various possible DoS attacks and mitigations are discussed in TEAP protocol https://tools.ietf.org/html/rfc7170. -Tiru > > > _______________________________________________ > pcp mailing list > pcp@ietf.org > https://www.ietf.org/mailman/listinfo/pcp
- [pcp] Terry Manderson's No Objection on draft-iet… Terry Manderson
- Re: [pcp] Terry Manderson's No Objection on draft… Tirumaleswar Reddy (tireddy)
- Re: [pcp] Terry Manderson's No Objection on draft… Terry Manderson