[secdir] secdir review of draft-ietf-slim-negotiating-human-language-22
Taylor Yu <tlyu@mit.edu> Thu, 11 January 2018 03:27 UTC
Return-Path: <tlyu@mit.edu>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 456EF12D878; Wed, 10 Jan 2018 19:27:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.211
X-Spam-Level:
X-Spam-Status: No, score=-4.211 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id L4Orl_9FDgeT; Wed, 10 Jan 2018 19:27:00 -0800 (PST)
Received: from dmz-mailsec-scanner-1.mit.edu (dmz-mailsec-scanner-1.mit.edu [18.9.25.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C86C2128954; Wed, 10 Jan 2018 19:26:58 -0800 (PST)
X-AuditID: 1209190c-783ff700000049ec-21-5a56d98129c0
Received: from mailhub-auth-1.mit.edu ( [18.9.21.35]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-1.mit.edu (Symantec Messaging Gateway) with SMTP id B8.A0.18924.189D65A5; Wed, 10 Jan 2018 22:26:57 -0500 (EST)
Received: from outgoing.mit.edu (OUTGOING-AUTH-1.MIT.EDU [18.9.28.11]) by mailhub-auth-1.mit.edu (8.13.8/8.9.2) with ESMTP id w0B3QuND019487; Wed, 10 Jan 2018 22:26:56 -0500
Received: from localhost (nyc-02.triskelion.com [162.243.175.178]) (authenticated bits=0) (User authenticated as tlyu@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id w0B3QsWp005055; Wed, 10 Jan 2018 22:26:55 -0500
From: Taylor Yu <tlyu@mit.edu>
To: iesg@ietf.org, secdir@ietf.org, draft-ietf-slim-negotiating-human-language.all@ietf.org
Date: Thu, 11 Jan 2018 03:26:54 +0000
Message-ID: <ldv8td55b41.fsf@ubuntu-1gb-nyc1-01.localdomain>
Lines: 20
MIME-Version: 1.0
Content-Type: text/plain
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFjrGIsWRmVeSWpSXmKPExsUixCmqrNt4MyzK4PJNDYsV5zQtZvyZyGzx YeFDFgdmjyVLfjIFMEZx2aSk5mSWpRbp2yVwZTzuOslccJ+tYv/TzewNjIdZuxg5OSQETCRu vf3P3MXIxSEksJhJYtHdRYwQzkZGiTOXf7NCON8YJQ7vnMfWxcjBwSYgJ3H5VjCIKSKQIjFv jQrIIGEBd4nmiReYQWwWAVWJkxuOgS3gFbCROL1jB1icR4BTYtFvkCkgcUGJkzOfsIDYzAIS EgdfvGCewMgzC0lqFpLUAkamVYyyKblVurmJmTnFqcm6xcmJeXmpRbqGermZJXqpKaWbGMHB Ismzg/HMG69DjAIcjEo8vIzCYVFCrIllxZW5hxglOZiURHkDOUOjhPiS8lMqMxKLM+KLSnNS iw8xSnAwK4nwLg4EKudNSaysSi3Kh0lJc7AoifO6m2hHCQmkJ5akZqemFqQWwWRlODiUJHif 3gBqFCxKTU+tSMvMKUFIM3FwggznARq+EqSGt7ggMbc4Mx0if4rRkqNt5ZM2Zo4bL14DyWnL 3rQxC7Hk5eelSonzdoM0CIA0ZJTmwc0ERf+iz+s3vWIUB3pRmFcFmAqEeICJA27qK6CFTEAL z28MBVlYkoiQkmpgPLKsabeQUt10l5v+12qS2z51NOY2M3604wnSOumQnMa0T3p92LaQlUcT lH3Drj6eaLr9xqOVlVcvtdVLvA9Z6b5qcr3X9Av/Dv34KmF98k6xJEdJwW75Re6z1LOXGLDf Mew49aqzp2XLzLnfancc0pr8WOZyyongwqd5GV9LMmRE7125+e1JmBJLcUaioRZzUXEiAHcM ShrZAgAA
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/2nb0Q1pizvNIZupLxLpKREVvmPM>
Subject: [secdir] secdir review of draft-ietf-slim-negotiating-human-language-22
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Jan 2018 03:27:02 -0000
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. Summary: ready with minor issues The security considerations section seems mostly reasonable. The emergency services use case vaguely bothered me in ways I couldn't quite articulate at first, but I think Alissa Cooper's ballot comment about denying emergency services by manipulating these attributes captures most of the essence. I would add for that these new language tags, integrity seems to be a stronger requirement than confidentiality, at least in the emergency calling use case. Best regards, -Taylor
- [secdir] secdir review of draft-ietf-slim-negotia… Taylor Yu
- Re: [secdir] secdir review of draft-ietf-slim-neg… Randall Gellens
- Re: [secdir] secdir review of draft-ietf-slim-neg… Taylor Yu