[pcp] Stephen Farrell's No Objection on draft-ietf-pcp-anycast-07: (with COMMENT)
"Stephen Farrell" <stephen.farrell@cs.tcd.ie> Thu, 17 September 2015 11:35 UTC
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: pcp@ietfa.amsl.com
Delivered-To: pcp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AD65D1B2D42; Thu, 17 Sep 2015 04:35:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CwDz_XJTg4PM; Thu, 17 Sep 2015 04:35:00 -0700 (PDT)
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 389E91A1AA1; Thu, 17 Sep 2015 04:35:00 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
To: The IESG <iesg@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 6.4.1
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <20150917113500.19887.587.idtracker@ietfa.amsl.com>
Date: Thu, 17 Sep 2015 04:35:00 -0700
Archived-At: <http://mailarchive.ietf.org/arch/msg/pcp/u8bVeF7rgJ_cexRJE-0fo3ZVidw>
Cc: draft-ietf-pcp-anycast.ad@ietf.org, draft-ietf-pcp-anycast.shepherd@ietf.org, draft-ietf-pcp-anycast@ietf.org, pcp@ietf.org, pcp-chairs@ietf.org
Subject: [pcp] Stephen Farrell's No Objection on draft-ietf-pcp-anycast-07: (with COMMENT)
X-BeenThere: pcp@ietf.org
X-Mailman-Version: 2.1.15
List-Id: PCP wg discussion list <pcp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pcp>, <mailto:pcp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pcp/>
List-Post: <mailto:pcp@ietf.org>
List-Help: <mailto:pcp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pcp>, <mailto:pcp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Sep 2015 11:35:01 -0000
Stephen Farrell has entered the following ballot position for draft-ietf-pcp-anycast-07: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-pcp-anycast/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Say if PCP authentication is supported and the PCP client can authenticate with various different PCP servers, e.g. at home and in the office. Imagine further that the secrets for the home PCP authentication leak (or are guessed). Wouldn't we want the PCP client in the office in such a case to not accept a PCP server that uses the home secrets? Is that scenario possible? If so, and if the PCP client has some way to know that it is at home or in the office, (could it?), shouldn't there be some security considerations text saying to not accept authenticated responses that come from the "wrong" PCP server? That would probably mean extending the last paragraph of 5.2 to say "if the client knows what server it expects to authenticate to it after the anycast request was sent, then the client MUST check that the response is authenticated from that server (and not some other)." Separately, I hate one of the arguments used (twice!) in 5.2. What you are saying is "I don't need to do stuff because worse things can happen." If all protocol developers made that argument then we would never improve security or privacy. It's a bad argument. You need instead to argue that there's really nothing practical than can be done and that would be used and that would improve over doing nothing.
- [pcp] Stephen Farrell's No Objection on draft-iet… Stephen Farrell