Re: [Roll] formulating a plan to normalize secdir reviews of ROLL applicability statements
Michael Richardson <mcr+ietf@sandelman.ca> Sun, 02 March 2014 14:53 UTC
Return-Path: <mcr@sandelman.ca>
X-Original-To: roll@ietfa.amsl.com
Delivered-To: roll@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B282D1A0789 for <roll@ietfa.amsl.com>; Sun, 2 Mar 2014 06:53:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 3.719
X-Spam-Level: ***
X-Spam-Status: No, score=3.719 tagged_above=-999 required=5 tests=[BAYES_50=0.8, FH_RELAY_NODNS=1.451, RDNS_NONE=0.793, SPF_SOFTFAIL=0.665, T_TVD_MIME_NO_HEADERS=0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id azT1Bp-eMZP7 for <roll@ietfa.amsl.com>; Sun, 2 Mar 2014 06:53:09 -0800 (PST)
Received: from tuna.sandelman.ca (unknown [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) by ietfa.amsl.com (Postfix) with ESMTP id D9B7E1A0766 for <roll@ietf.org>; Sun, 2 Mar 2014 06:53:08 -0800 (PST)
Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id 7D2A82002F for <roll@ietf.org>; Sun, 2 Mar 2014 11:11:28 -0500 (EST)
Received: by sandelman.ca (Postfix, from userid 179) id 98162647CA; Sun, 2 Mar 2014 09:53:04 -0500 (EST)
Received: from sandelman.ca (localhost [127.0.0.1]) by sandelman.ca (Postfix) with ESMTP id 8908863AB2 for <roll@ietf.org>; Sun, 2 Mar 2014 09:53:04 -0500 (EST)
From: Michael Richardson <mcr+ietf@sandelman.ca>
to: roll@ietf.org
In-Reply-To: <14216.1391615181@sandelman.ca>
References: <14216.1391615181@sandelman.ca>
X-Mailer: MH-E 8.2; nmh 1.3-dev; GNU Emacs 23.4.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha1"; protocol="application/pgp-signature"
Date: Sun, 02 Mar 2014 09:53:04 -0500
Message-ID: <2994.1393771984@sandelman.ca>
Sender: mcr@sandelman.ca
Archived-At: http://mailarchive.ietf.org/arch/msg/roll/QDrRuBQf1BBHvdskLi5PxUyqh38
Subject: Re: [Roll] formulating a plan to normalize secdir reviews of ROLL applicability statements
X-BeenThere: roll@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: Routing Over Low power and Lossy networks <roll@ietf.org>
List-Id: Routing Over Low power and Lossy networks <roll.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/roll>, <mailto:roll-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/roll/>
List-Post: <mailto:roll@ietf.org>
List-Help: <mailto:roll-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/roll>, <mailto:roll-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 02 Mar 2014 14:53:11 -0000
At my request there were early security reviews that occured for the ROLL applicability statements. These were done by: industrial: Alexey Melnikov <alexey.melnikov@isode.com> ami: Chris Lonvick <clonvick@cisco.com> home-building: Catherine Meadows <meadows@itd.nrl.navy.mil> in addition Stephen Kent <kent@bbn.com> did the review of security-threats and Dan Harkins <dharkins@lounge.org> had previously done a review of the applicability template. The result did not go as I intended, and there were some conversations that Ines and I had with the security ADs and the SecDir secretary (Tero) about how we went wrong. On Thursday the 27th, I asked the reviewers to give me some general feedback about how we could make things smoother. The summary is that we simply have not been explicit enough about the relationship between documents, and we need to insert some text into each document explaining it's relationship to other documents. I'm looking for someone to write that text: someone who has a fresh take on this, and will hopefully make explicit the things that I perhaps now regard as obvious. I did a new slide, number: 27 of http://tools.ietf.org/agenda/89/slides/slides-89-roll-1.pdf The relationship is: RFC6550 - defines some (security) mechanisms. PANA/ZigBee/15.4/.. - defines some more (security) mechanisms. roll-security-threats - details some attacks/threats, and explains whether they depend upon the deployment scenario. *-applicability - needs to detail the deployment scenario, ane explain what mechanisms are to be used to deal with threats. applicability-template - has some spaces for fill in the blank that references threats raised. Some specific todo: 1) applicability documents need to reference roll-security-threats, (some still reference security-framework document) 2) some (common) text in the applicability document needs to explain how the applicability document relates to other documents. This is what I have now, but I would certainly like improvements: >1.1. Relationship to other documents > > This applicability statement profiles a number of deployment > parameters from other protocols. It deals with base RPL trickle > parameters from RFC6550 [RFC6550], MPL trickle parameters from > RFC6206 [RFC6206], and addresses the security threats that > [I-D.ietf-roll-security-threats], details. -- Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works IETF ROLL WG co-chair. http://datatracker.ietf.org/wg/roll/charter/
- Re: [Roll] formulating a plan to normalize secdir… Michael Richardson
- [Roll] some small help needed. (was Re: formulati… Michael Richardson