[secdir] secdir review of draft-ietf-mext-binary-ts-04
"Joseph Salowey (jsalowey)" <jsalowey@cisco.com> Mon, 08 March 2010 00:46 UTC
Return-Path: <jsalowey@cisco.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 0878F3A67E7; Sun, 7 Mar 2010 16:46:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.599
X-Spam-Level:
X-Spam-Status: No, score=-10.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ry0FIcmBu5hK; Sun, 7 Mar 2010 16:46:16 -0800 (PST)
Received: from rtp-iport-2.cisco.com (rtp-iport-2.cisco.com [64.102.122.149]) by core3.amsl.com (Postfix) with ESMTP id 04FBC3A676A; Sun, 7 Mar 2010 16:46:15 -0800 (PST)
Authentication-Results: rtp-iport-2.cisco.com; dkim=neutral (message not signed) header.i=none
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AvsEAFrXk0urR7H+/2dsb2JhbACbI3OfYJdHhHgEgxc
X-IronPort-AV: E=Sophos;i="4.49,599,1262563200"; d="scan'208";a="91153238"
Received: from sj-core-2.cisco.com ([171.71.177.254]) by rtp-iport-2.cisco.com with ESMTP; 08 Mar 2010 00:46:19 +0000
Received: from xbh-sjc-231.amer.cisco.com (xbh-sjc-231.cisco.com [128.107.191.100]) by sj-core-2.cisco.com (8.13.8/8.14.3) with ESMTP id o280kJim009166; Mon, 8 Mar 2010 00:46:19 GMT
Received: from xmb-sjc-225.amer.cisco.com ([128.107.191.38]) by xbh-sjc-231.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.3959); Sun, 7 Mar 2010 16:46:19 -0800
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Date: Sun, 07 Mar 2010 16:46:16 -0800
Message-ID: <AC1CFD94F59A264488DC2BEC3E890DE509C5B97F@xmb-sjc-225.amer.cisco.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: secdir review of draft-ietf-mext-binary-ts-04
Thread-Index: Acq+WMKoAdFLpEHYSLas24Gy8TOzvQ==
From: "Joseph Salowey (jsalowey)" <jsalowey@cisco.com>
To: iesg@ietf.org, secdir@ietf.org, draft-ietf-mext-binary-ts.all@tools.ietf.org
X-OriginalArrivalTime: 08 Mar 2010 00:46:19.0056 (UTC) FILETIME=[C423CB00:01CABE58]
Subject: [secdir] secdir review of draft-ietf-mext-binary-ts-04
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Mar 2010 00:46:17 -0000
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. I didn't find any security issues in the draft. The security considerations section points to draft-ietf-mext-flow-binding-05. The referenced section is a bit thin and doesn't really say what bad things could happen if the binding is falsified. If unprotected bindings are not an option, this may be OK. If they are an option it would be good to have a better understanding of what the risks are with the various levels of protection. If this is done it might be possible that there are specific considerations around some of the data types defined in the draft-ietf-mext-binary-ts-04, but I don't think that would be the case. Joe
- [secdir] secdir review of draft-ietf-mext-binary-… Joseph Salowey (jsalowey)
- Re: [secdir] secdir review of draft-ietf-mext-bin… Tsirtsis, George