[secdir] secdir review of draft-ietf-mext-binary-ts-04

"Joseph Salowey (jsalowey)" <jsalowey@cisco.com> Mon, 08 March 2010 00:46 UTC

Return-Path: <jsalowey@cisco.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost []) by core3.amsl.com (Postfix) with ESMTP id 0878F3A67E7; Sun, 7 Mar 2010 16:46:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.599
X-Spam-Status: No, score=-10.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([]) by localhost (core3.amsl.com []) (amavisd-new, port 10024) with ESMTP id Ry0FIcmBu5hK; Sun, 7 Mar 2010 16:46:16 -0800 (PST)
Received: from rtp-iport-2.cisco.com (rtp-iport-2.cisco.com []) by core3.amsl.com (Postfix) with ESMTP id 04FBC3A676A; Sun, 7 Mar 2010 16:46:15 -0800 (PST)
Authentication-Results: rtp-iport-2.cisco.com; dkim=neutral (message not signed) header.i=none
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AvsEAFrXk0urR7H+/2dsb2JhbACbI3OfYJdHhHgEgxc
X-IronPort-AV: E=Sophos;i="4.49,599,1262563200"; d="scan'208";a="91153238"
Received: from sj-core-2.cisco.com ([]) by rtp-iport-2.cisco.com with ESMTP; 08 Mar 2010 00:46:19 +0000
Received: from xbh-sjc-231.amer.cisco.com (xbh-sjc-231.cisco.com []) by sj-core-2.cisco.com (8.13.8/8.14.3) with ESMTP id o280kJim009166; Mon, 8 Mar 2010 00:46:19 GMT
Received: from xmb-sjc-225.amer.cisco.com ([]) by xbh-sjc-231.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.3959); Sun, 7 Mar 2010 16:46:19 -0800
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Date: Sun, 7 Mar 2010 16:46:16 -0800
Message-ID: <AC1CFD94F59A264488DC2BEC3E890DE509C5B97F@xmb-sjc-225.amer.cisco.com>
Thread-Topic: secdir review of draft-ietf-mext-binary-ts-04
Thread-Index: Acq+WMKoAdFLpEHYSLas24Gy8TOzvQ==
From: "Joseph Salowey (jsalowey)" <jsalowey@cisco.com>
To: <iesg@ietf.org>, <secdir@ietf.org>, <draft-ietf-mext-binary-ts.all@tools.ietf.org>
X-OriginalArrivalTime: 08 Mar 2010 00:46:19.0056 (UTC) FILETIME=[C423CB00:01CABE58]
Subject: [secdir] secdir review of draft-ietf-mext-binary-ts-04
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Mar 2010 00:46:17 -0000

I have reviewed this document as part of the security directorate's 
ongoing effort to review all IETF documents being processed by the 
IESG.  These comments were written primarily for the benefit of the 
security area directors.  Document editors and WG chairs should treat 
these comments just like any other last call comments.

I didn't find any security issues in the draft.  The security
considerations section points to draft-ietf-mext-flow-binding-05.  The
referenced section is a bit thin and doesn't really say what bad things
could happen if the binding is falsified.  If unprotected bindings are
not an option, this may be OK.  If they are an option it would be good
to have a better understanding of what the risks are with the various
levels of protection. If this is done it might be possible that there
are specific considerations around some of the data types defined in the
draft-ietf-mext-binary-ts-04, but I don't think that would be the case.