IETF Logo Mail Archive

Re: [secdir] [Last-Call] Secdir last call review of draft-ietf-add-ddr-08

Rob Sayre <sayrer@gmail.com> Fri, 08 July 2022 17:35 UTC

Return-Path: <sayrer@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CC437C1595E6; Fri, 8 Jul 2022 10:35:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3GtR9npnVfU8; Fri, 8 Jul 2022 10:35:25 -0700 (PDT)
Received: from mail-ed1-x533.google.com (mail-ed1-x533.google.com [IPv6:2a00:1450:4864:20::533]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 17288C15948F; Fri, 8 Jul 2022 10:35:25 -0700 (PDT)
Received: by mail-ed1-x533.google.com with SMTP id n8so27722125eda.0; Fri, 08 Jul 2022 10:35:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=GzJhRsvJhoHSh2Lwn+g6TLuJyQq0YO8ieMk5ydNrLMY=; b=pfjqxICRJDCHsv9hmDh+7sFTyfrZUG+Sv3ACnpEJ7HhELUXBxbfDfmZqzUbwvnBIId GXMpuX6h8r/PfCjTs7119jDWf+k3mGkTYetxEBN3/yQS6e0gRC/tw/64elGSXIlj9mvy JWpvsr5YGeSL5jUvnS7OwTarXSAqkMx4jMoBbdvIdWif7Jrt+B3iCWH8lPk7voA9tcty 8uSD4VM9VSID6oWbSZo4qahxPU9lt9egC6P8t83066cLBBWtHiwrJJDZfmLJiZX7Q4IM lTmFAOFgJCdJ6LaZFN+AL+WJv9jpXBoegUBo0zCPmunqURnmsDG64zcCqgfqD3fPcEeP Zzgw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=GzJhRsvJhoHSh2Lwn+g6TLuJyQq0YO8ieMk5ydNrLMY=; b=7VdIXUSae7KOzeHCcp96/SjfFaF7MbNsBHdLArvHXitzdfAQxA/DvEkb0S/Z6ppiqb ik+Tl8X7ZILs7QWNtrxsqLQWc+ewZG0kYEdvFAEX5wKxSpw8FWSvVtfD/xDayV0KdrFw FFwYIlwj7KzfkXaAEHe5CDtFDVD3TqdY1aGqjoJTQdyViRYlnteTpPEtRHqJeoGlY9jt XeNc2o0XoHhQ9UslKNgAROlFHyfanyma6Rn/yBNHwg7KbLIlBHpwAAEqoi1G0RpTzDpv QyOEaHw6e4fKLiNrHnw/SDY/cvD9832Is+d/ssTq9TMu1lwnRMawB4EdJwhWVbksgpQL rv4w==
X-Gm-Message-State: AJIora92I7+qgyAeu7Vd5W1MPwF0rZ/KsmISnvsHbbvj/PXTRKA8VByj RYAKwERpQjEzoEt5YtAxj1d3p/XUGOR2oPyJV79xR2tb
X-Google-Smtp-Source: AGRyM1tZzrG1WmV2Aa7P9GDRAIWuiO7NU2nLq727nKB/05Q6ynnuLDcXVAbB6/d3bp+43BN9paKIi2I87Uhv0kG5NBM=
X-Received: by 2002:a05:6402:190e:b0:435:c4cd:ec2 with SMTP id e14-20020a056402190e00b00435c4cd0ec2mr6204076edz.127.1657301723515; Fri, 08 Jul 2022 10:35:23 -0700 (PDT)
MIME-Version: 1.0
References: <165722257657.57795.6974151136847745669@ietfa.amsl.com> <CAChr6SwP27DLsnkuEbD3B6S2N1ASGGck=3BZzLq-W=8t418Mhg@mail.gmail.com> <CAHbrMsD3R6Tmp0hGFgPJ3t_5ZR8ZC1ohg7crc1pQUAjUyhCUKw@mail.gmail.com>
In-Reply-To: <CAHbrMsD3R6Tmp0hGFgPJ3t_5ZR8ZC1ohg7crc1pQUAjUyhCUKw@mail.gmail.com>
From: Rob Sayre <sayrer@gmail.com>
Date: Fri, 08 Jul 2022 10:35:11 -0700
Message-ID: <CAChr6SxojGfR766F6LLJT9sHV5U+AfAXTEW6ZX9t80EF0Z4Mgw@mail.gmail.com>
To: Ben Schwartz <bemasc@google.com>
Cc: secdir@ietf.org, ADD Mailing list <add@ietf.org>, draft-ietf-add-ddr.all@ietf.org, last-call@ietf.org
Content-Type: multipart/alternative; boundary="000000000000840cd805e34ea075"
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/2pts1uHrZ5kCunrPdPG458afELc>
Subject: Re: [secdir] [Last-Call] Secdir last call review of draft-ietf-add-ddr-08
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Jul 2022 17:35:26 -0000

OK, I agree that the document is not a step backward. It is not worse than
what goes on now.

But shouldn't the document address the main technical problem directly,
rather than obliquely? That would be the "bootstrapping" issue. For
example, HSTS preload lists and just hardcoding 1.1.1.1 or similar
address bootstrapping problems where it's not clear whether to use an
encrypted protocol.

thanks,
Rob

On Fri, Jul 8, 2022 at 6:22 AM Ben Schwartz <bemasc@google.com> wrote:

> None of the issues I've identified here would lead to
> compatibility-breaking changes.  Thus, in my view, the draft's technical
> content is essentially complete and acceptable, and the remaining changes
> are in the presentation, explanation, and perhaps some corner-case
> behaviors.
>
> On Thu, Jul 7, 2022 at 5:50 PM Rob Sayre <sayrer@gmail.com> wrote:
>
>> On Thu, Jul 7, 2022 at 12:36 PM Benjamin Schwartz via Datatracker <
>> noreply@ietf.org> wrote:
>>
>>> Reviewer: Benjamin Schwartz
>>> Review result: Has Issues
>>>
>>> I think there are some interesting open questions about the structure of
>>> this
>>> document, and some details about how recommendations are described, but
>>> the
>>> technical components are sound.
>>>
>>
>> Are the technical components sound? That's not clear to me, but I'd like
>> to know more about your rationale.
>>
>> thanks,
>> Rob
>>
>>
>

v2.23.0 | Report a Bug | By Email