[secdir] Secdir review of draft-dukhovni-opportunistic-security-04 (re-review)

"Takeshi Takahashi" <takeshi_takahashi@nict.go.jp> Wed, 17 September 2014 19:27 UTC

Return-Path: <takeshi_takahashi@nict.go.jp>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 399C81A0B05; Wed, 17 Sep 2014 12:27:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.444
X-Spam-Level:
X-Spam-Status: No, score=-0.444 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_JP=1.244, HOST_EQ_JP=1.265, J_CHICKENPOX_62=0.6, RP_MATCHES_RCVD=-1.652, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id I1HfBGB0Kqov; Wed, 17 Sep 2014 12:27:54 -0700 (PDT)
Received: from ns2.nict.go.jp (ns2.nict.go.jp [IPv6:2001:df0:232:300::2]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 213281A0B12; Wed, 17 Sep 2014 12:27:51 -0700 (PDT)
Received: from gw2.nict.go.jp (gw2 [133.243.18.251]) by ns2.nict.go.jp with ESMTP id s8HJRlYq010814; Thu, 18 Sep 2014 04:27:47 +0900 (JST)
Received: from VAIO (ssh.nict.go.jp [133.243.3.49]) by gw2.nict.go.jp with ESMTP id s8HJRjBg022584; Thu, 18 Sep 2014 04:27:46 +0900 (JST)
From: "Takeshi Takahashi" <takeshi_takahashi@nict.go.jp>
To: <iesg@ietf.org>, <secdir@ietf.org>, <draft-dukhovni-opportunistic-security@tools.ietf.org>
Date: Thu, 18 Sep 2014 04:27:44 +0900
Message-ID: <00a001cfd2ad$763e8e20$62bbaa60$@nict.go.jp>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 14.0
Thread-Index: Ac/SrXL7WucnfVevRDeYZKJxlMvw+Q==
Content-Language: ja
X-Virus-Scanned: clamav-milter 0.97.8 at zenith2
X-Virus-Status: Clean
Archived-At: http://mailarchive.ietf.org/arch/msg/secdir/-f33OsE3S_lMlf1_13E3gc0zwqE
Subject: [secdir] Secdir review of draft-dukhovni-opportunistic-security-04 (re-review)
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Sep 2014 19:27:56 -0000

Hello,

I have reviewed current version of this document as part of the security
directorate's ongoing effort to review all IETF documents being processed by
the IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat these
comments just like any other last call comments.

I have commented on the 01 version of this document in June. (My minor
comment there was that definition of the term "opportunistic security"
should have been appeared at the earlier part of the draft.)
I have read the current version of the draft, where I found that the draft
explains the definition of opportunistic security just after the terminology
section.
As such, I think my (minor) comment (in any case, minor comment) was
reflected.

By the way, the comment from our Security AD would be worth considering;
please reconsider reflecting the comments from the Security AD.

As mentioned at the time of 02 version review, I think this document is
ready.

Kind regards,
Take

> -----Original Message-----
> From: Takeshi Takahashi [mailto:takeshi_takahashi@nict.go.jp]
> Sent: Friday, July 18, 2014 7:33 PM
> To: iesg@ietf.org; secdir@ietf.org;
> 'draft-dukhovni-opportunistic-security@tools.ietf.org'
> Subject: Secdir review of draft-dukhovni-opportunistic-security-01
> 
> Hello,
> 
> I have reviewed this document as part of the security directorate's
ongoing
> effort to review all IETF documents being processed by the IESG.  These
> comments were written primarily for the benefit of the security area
> directors.  Document editors and WG chairs should treat these comments
just
> like any other last call comments.
> 
> This document defines the term "opportunistic security" and describes its
> design philosophy.
> The document begins with describing the difficulties to realize perfect
> security and talks about the benefit of having opportunistic security.
> The term "opportunistic security" is roughly defined at the end of section
> 1, and section 2 describes the design principles that realize the
> opportunistic security.
> Finally, the 2nd last paragraph of the section 2 clearly defines the term
> "opportunistic security"
> 
> It is an interesting document, and I think it is ready.
> Considering the intensive discussions in these months(on the saag mailing
> list) and the nature of the document (informational), I see no reason to
> block the document moving forward.
> 
> Below are minor comments.
> 
> 1.
> In addition to defining the term "opportunistic security", this document
> also describes the design philosophy of opportunistic security (in section
> 2).
> The abstract could be changed so that it can say this document also talks
> about the design philosophy.
> 
> 2.
> It is really just a comment.
> When I was reading this document for the first time, I was feeling a bit
> uneasy; I was expecting to see the clear definition of the term first,
then
> to see the design philosophy, but this document describes the design
> philosophy of the opportunistic security before having clear definition
> of the term(2nd last paragraph of section 2, starting with "In summary").
> Having said that, the current structure is also fine, since this document
> is short and concise.
> Moreover, readers can have clear picture of the opportunistic security in
> mind by the time they reach the sentences defining the term.
> 
> 3.
> The security consideration is fairly short, but I think it is ok.
> All it says is that opportunistic security is not the maximal security,
> but it is much secure than no security. That explanation is fine for me.
> 
> Kind regards,
> 
> Take
>