IETF Logo Mail Archive

[radext] Secdir review of draft-ietf-radext-dynamic-discovery-13

"Brian Weis (bew)" <bew@cisco.com> Wed, 01 April 2015 04:54 UTC

Return-Path: <bew@cisco.com>
X-Original-To: expand-draft-ietf-radext-dynamic-discovery.all@virtual.ietf.org
Delivered-To: radext@ietfa.amsl.com
Received: by ietfa.amsl.com (Postfix, from userid 65534) id 4D7E61A8856; Tue, 31 Mar 2015 21:54:11 -0700 (PDT)
X-Original-To: xfilter-draft-ietf-radext-dynamic-discovery.all@ietfa.amsl.com
Delivered-To: xfilter-draft-ietf-radext-dynamic-discovery.all@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 28DBE1A8852 for <xfilter-draft-ietf-radext-dynamic-discovery.all@ietfa.amsl.com>; Tue, 31 Mar 2015 21:54:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.5
X-Spam-Level:
X-Spam-Status: No, score=-9.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, USER_IN_DEF_DKIM_WL=-7.5] autolearn=unavailable
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WgfiQ0RI7wwO for <xfilter-draft-ietf-radext-dynamic-discovery.all@ietfa.amsl.com>; Tue, 31 Mar 2015 21:54:10 -0700 (PDT)
Received: from zinfandel.tools.ietf.org (zinfandel.tools.ietf.org [IPv6:2001:1890:123a::1:2a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 517871A8851 for <draft-ietf-radext-dynamic-discovery.all@ietf.org>; Tue, 31 Mar 2015 21:54:10 -0700 (PDT)
Received: from rcdn-iport-5.cisco.com ([173.37.86.76]:29812) by zinfandel.tools.ietf.org with esmtps (TLS1.0:RSA_ARCFOUR_128_SHA1:128) (Exim 4.82_1-5b7a7c0-XX) (envelope-from <bew@cisco.com>) id 1YdAfI-0001vm-Qk for draft-ietf-radext-dynamic-discovery.all@tools.ietf.org; Tue, 31 Mar 2015 21:54:10 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=551; q=dns/txt; s=iport; t=1427864049; x=1429073649; h=from:to:cc:subject:date:message-id:content-id: content-transfer-encoding:mime-version; bh=uru6G7oRJqqKoaPBNlunvwc70nyhmhHtkc5kkGhsX6M=; b=U6pclGECyb8V5IjBd3j5JjQ+NpoX1QSHC0CSLU7k0h+d75rz8wdsvBzv A5EI/i8vEcxBT8yrsPK+rx5re24pzKmuXDUBj7H/OIDoky0Sr3cQ6D1IA qcJdskNTCgBJ6Ivf6GhKKO6tSmAinDYjKYiqfJ6H9q5NAVtZFNTQi//DL Q=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0ANBQDFeBtV/5FdJa1cgwaBM8t4gUZMAQEBAQEBfYQbeRIBgQAnBAENiDTODAEBAQEBAQEBAQEBAQEBAQEBAQEZkCGDHoEWAQSQYol1lDsig26CM38BAQE
X-IronPort-AV: E=Sophos;i="5.11,503,1422921600"; d="scan'208";a="408264193"
Received: from rcdn-core-9.cisco.com ([173.37.93.145]) by rcdn-iport-5.cisco.com with ESMTP; 01 Apr 2015 04:54:01 +0000
Received: from xhc-aln-x14.cisco.com (xhc-aln-x14.cisco.com [173.36.12.88]) by rcdn-core-9.cisco.com (8.14.5/8.14.5) with ESMTP id t314s0GY021157 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Wed, 1 Apr 2015 04:54:00 GMT
Received: from xmb-aln-x04.cisco.com ([169.254.9.86]) by xhc-aln-x14.cisco.com ([173.36.12.88]) with mapi id 14.03.0195.001; Tue, 31 Mar 2015 23:54:00 -0500
From: "Brian Weis (bew)" <bew@cisco.com>
To: The IESG <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
Thread-Topic: Secdir review of draft-ietf-radext-dynamic-discovery-13
Thread-Index: AQHQbDfeNoJmN5Gq3EulDPmlP6Vogw==
Date: Wed, 01 Apr 2015 04:54:00 +0000
Message-ID: <779642F1-4094-4524-A6B8-EE4E40B1CF8A@cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.32.244.211]
Content-Type: text/plain; charset="Windows-1252"
Content-ID: <A2ED409B9E7A7745ADE7E2C79808B1C5@emea.cisco.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-SA-Exim-Connect-IP: 173.37.86.76
X-SA-Exim-Rcpt-To: draft-ietf-radext-dynamic-discovery.all@tools.ietf.org
X-SA-Exim-Mail-From: bew@cisco.com
X-SA-Exim-Version: 4.2.1 (built Mon, 26 Dec 2011 16:24:06 +0000)
X-SA-Exim-Scanned: Yes (on zinfandel.tools.ietf.org)
Resent-To: draft-ietf-radext-dynamic-discovery.all@ietf.org
Resent-Message-Id: <20150401045410.517871A8851@ietfa.amsl.com>
Resent-Date: Tue, 31 Mar 2015 21:54:10 -0700
Resent-From: bew@cisco.com
Archived-At: <http://mailarchive.ietf.org/arch/msg/draft-ietf-radext-dynamic-discovery.all@tools/W0PJ2EjftCsOae-zkrFDOSJFqgk>
Archived-At: <http://mailarchive.ietf.org/arch/msg/radext/0mi07dzBBassj2XKvFZ_B9jZRfA>
X-Mailman-Approved-At: Tue, 31 Mar 2015 22:58:38 -0700
Cc: "draft-ietf-radext-dynamic-discovery.all@tools.ietf.org" <draft-ietf-radext-dynamic-discovery.all@tools.ietf.org>
Subject: [radext] Secdir review of draft-ietf-radext-dynamic-discovery-13
X-BeenThere: radext@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: RADIUS EXTensions working group discussion list <radext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/radext>, <mailto:radext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/radext/>
List-Post: <mailto:radext@ietf.org>
List-Help: <mailto:radext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/radext>, <mailto:radext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Apr 2015 04:54:11 -0000

I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. 

Previously I reviewed draft-ietf-radext-dynamic-discovery-12, and while I didn’t have any particular issues with it there were some questions and suggestions for clarifying trust model. The current draft added some really valuable text and figures. I believe it is ready to be published.

Brian

v2.23.0 | Report a Bug | By Email