[secdir] Re: secdir early review of draft-ietf-sidrops-rrdp-same-origin
Job Snijders <job@fastly.com> Mon, 12 August 2024 08:52 UTC
Return-Path: <job@fastly.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DB936C151065 for <secdir@ietfa.amsl.com>; Mon, 12 Aug 2024 01:52:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Level:
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=fastly.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id F3ipnoi__Shr for <secdir@ietfa.amsl.com>; Mon, 12 Aug 2024 01:52:52 -0700 (PDT)
Received: from mail-ej1-x633.google.com (mail-ej1-x633.google.com [IPv6:2a00:1450:4864:20::633]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 46E98C180B52 for <secdir@ietf.org>; Mon, 12 Aug 2024 01:52:47 -0700 (PDT)
Received: by mail-ej1-x633.google.com with SMTP id a640c23a62f3a-a7a8caef11fso454635366b.0 for <secdir@ietf.org>; Mon, 12 Aug 2024 01:52:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fastly.com; s=google; t=1723452765; x=1724057565; darn=ietf.org; h=in-reply-to:content-transfer-encoding:content-disposition :mime-version:references:message-id:subject:cc:to:from:date:from:to :cc:subject:date:message-id:reply-to; bh=kUM9BCGA57wuBD480ZHFQXARKohhYmyo6vsrgS9OiPw=; b=MV6wjtUDxogJELhMnWUYXV6VzF72baU+xkfYQ47/C6VFVRVaaVcpCAwvM2bMCN4AIn lLCYigqlqqzVriUEELgNe8fSlrKJWsDCnIyawdeM8Johvr5vgOmQHj3E5wj6DMCqHmmY bwqfH1ol3CNFbgDeNSIiJwheBZQYmLgQycOZk=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1723452765; x=1724057565; h=in-reply-to:content-transfer-encoding:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=kUM9BCGA57wuBD480ZHFQXARKohhYmyo6vsrgS9OiPw=; b=Dkyo3VYZVm708nQflGMMw4pLenX2nRAErZzTLyQEw6PZXdQnZkMm3AZVa69cNPCDBe ychbLcrT3yUwQdaDDVuPaTq5GayLZSgGeobf7xuYtaZ9mrNQmDUW6wzvA8D5Et5F1Fzt w2OolXHPpgUj5lTAU8uArluM8emX9kcC4rKCeOeqtaVFX55yyLA+EN5uDLE6HCtfVYMI Y9JM+pjFeiZYnaOaW7kK69s624E8taiQLpTWE/bgl8k7vidSKnEFfsv5n3Uvo2Gk82S9 aWayG3lUN2xveVWOz39pwXKkGP6txSUcw4rgW4QRvfV1zOEwzgAhJE8Zq9agwSyJaoo0 FjqA==
X-Gm-Message-State: AOJu0YwrgqYeWmdI7FJPBH31JB5+eLZe8UpxHsxxYAFRlgsArz0pSeKN l0LrM7e1wWp7zPE9AZNAdyR7rNf8GbdvB9PlcoABa03v+wNzHxAF4lsfS5/MKOg=
X-Google-Smtp-Source: AGHT+IEYK2+QQBGPgrQ7zjZqp4GRgOcEC6GAld8QukiRX69505gA+XzchJuHf9LEqFje7S023bhefw==
X-Received: by 2002:a17:907:9724:b0:a7a:9171:88f4 with SMTP id a640c23a62f3a-a80aa67b9b0mr555494166b.68.1723452765032; Mon, 12 Aug 2024 01:52:45 -0700 (PDT)
Received: from snel (mieli.sobornost.net. [45.138.228.4]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-a80bb1cce2csm213057866b.98.2024.08.12.01.52.44 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 12 Aug 2024 01:52:44 -0700 (PDT)
Date: Mon, 12 Aug 2024 10:52:43 +0200
From: Job Snijders <job@fastly.com>
To: Dan Harkins <dharkins@lounge.org>
Message-ID: <ZrnNW3WcVwuDy33q@snel>
References: <9b5483d3-128e-426d-83db-0c5eceaaf897@lounge.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <9b5483d3-128e-426d-83db-0c5eceaaf897@lounge.org>
X-Clacks-Overhead: GNU Terry Pratchett
Message-ID-Hash: CHLRJSHDKLJTAMDRGSDUD2UI7H5H3BR7
X-Message-ID-Hash: CHLRJSHDKLJTAMDRGSDUD2UI7H5H3BR7
X-MailFrom: job@fastly.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-secdir.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "secdir@ietf.org" <secdir@ietf.org>, "iesg@ietf.org" <iesg@ietf.org>, draft-ietf-sidrops-rrdp-same-origin@ietf.org
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [secdir] Re: secdir early review of draft-ietf-sidrops-rrdp-same-origin
List-Id: Security Area Directorate <secdir.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/0OQeM6KYVOIe5XIenMCCArKTmQg>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Owner: <mailto:secdir-owner@ietf.org>
List-Post: <mailto:secdir@ietf.org>
List-Subscribe: <mailto:secdir-join@ietf.org>
List-Unsubscribe: <mailto:secdir-leave@ietf.org>
Dear Dan, On Fri, Aug 09, 2024 at 12:45:05PM -0700, Dan Harkins wrote: > I have reviewed this document as part of the security directorate's > ongoing effort to review all IETF documents being processed by the > IESG. These comments were written primarily for the benefit of the > security area directors. Document editors and WG chairs should treat > these comments just like any other last call comments. > > This draft addresses an apparent mistake in RFC 8182 by specifying > a "same origin policy" for RPKI Repository Delta protocol. This > prevents cross-origin references in RRDP that could result in attacks. > It is concise and well-written. The Security Considerations are fine. > It was good to see the inclusion of Deployability considerations > (section 4). > > The summary of the review is Ready. Thank you for your review! Kind regards, Job
- [secdir] secdir early review of draft-ietf-sidrop… Dan Harkins
- [secdir] Re: secdir early review of draft-ietf-si… Job Snijders