[sacm] comments on draft-ietf-sacm-vuln-scenario-01
Jim Schaad <ietf@augustcellars.com> Sat, 20 August 2016 03:23 UTC
Return-Path: <ietf@augustcellars.com>
X-Original-To: sacm@ietfa.amsl.com
Delivered-To: sacm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1429F12D54F for <sacm@ietfa.amsl.com>; Fri, 19 Aug 2016 20:23:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.148
X-Spam-Level:
X-Spam-Status: No, score=-3.148 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-1.247, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id D6YgyBjXqaQT for <sacm@ietfa.amsl.com>; Fri, 19 Aug 2016 20:23:44 -0700 (PDT)
Received: from mail2.augustcellars.com (augustcellars.com [50.45.239.150]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 03EED12D532 for <sacm@ietf.org>; Fri, 19 Aug 2016 20:23:43 -0700 (PDT)
Received: from hebrews (50.39.87.194) by mail2.augustcellars.com (192.168.0.56) with Microsoft SMTP Server (TLS) id 15.0.1178.4; Fri, 19 Aug 2016 20:35:56 -0700
From: Jim Schaad <ietf@augustcellars.com>
To: draft-ietf-sacm-vuln-scenario@tools.ietf.org
Date: Fri, 19 Aug 2016 20:23:37 -0700
Message-ID: <000d01d1fa92$3f308a50$bd919ef0$@augustcellars.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AdH5BchGU+WjjgYHR8icVY2ujsZTSQ==
Content-Language: en-us
X-Originating-IP: [50.39.87.194]
Archived-At: <https://mailarchive.ietf.org/arch/msg/sacm/JjvnpiodY9X32yjq72W-FIMLpB4>
Cc: sacm@ietf.org
Subject: [sacm] comments on draft-ietf-sacm-vuln-scenario-01
X-BeenThere: sacm@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: SACM WG mail list <sacm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sacm>, <mailto:sacm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sacm/>
List-Post: <mailto:sacm@ietf.org>
List-Help: <mailto:sacm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sacm>, <mailto:sacm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 20 Aug 2016 03:23:46 -0000
Section 1 - first sentence. This says that it is detailed. I question that statement as I found it to gloss over almost everything The second sentence of the introduction makes a promise that I cannot find fulfilled anyplace in the core text of this document. How is this informing protocol or data model development? What I expect to see if a set of statements in the document along the lines of "This affects means that we need to have a protocol that does X" or "This affects the data model because it needs to do Y." I expect that this is going to be highlighted in the text if that is the function of the document. Section 1 - If prioritization is so important - should it affect the IM? Section 1 - Are we expecting to publish vulnerabilities in the IM long term? If so it would see that at least part of publication would be in scope. Section 2 - are you sure you want me to read this? Vulnerability description information: The subject of the first sentence is Information - so it appears to say Information which can adversely impact. Kill everything starting with which Section 3 - bullet point 1 - How much of the processing is processing into something that is SACM IM aware? Actually, looking at most of these assumptions they seem to be things that people have said that SACM should be able to do. It would be useful to call that out and say what things in SACM will support these assumptions. Section 3 - bullet point 4 - I have no idea what this says Section 4.2 - What components are we talking about that it is going to understood by? This is the first time that I know that you have used this word. As far as I know, there is current no reason for any of this data to be SACM data but could all be company proprietary. I found this document to be very hard to review. From my point of view it is lacking any useful information and therefore does not help progress any work in the group. If it is published I will do my best to forget that it ever existed and go forward. Jim Never ask for a review unless you really want one, you will probably not be happy with the results. Appendix I seems to be short on implementation specific details as promised in section 4.1 B.1 para #1 - The last sentence makes zero sense to me B.1 para #2-4 - You need to motivate these paragraphs. Nitpick - most of the time you say "would be handled by" or similar it should be "is handled by". Be direct not indirect in what you are stating.