[secdir] Secdir review of draft-c1222-transport-over-ip [WAS: Re: Secdir review of draft-altmann-tls-channel-bindings-10]

Magnus Nyström <magnusn@gmail.com> Mon, 28 June 2010 04:19 UTC

Return-Path: <magnusn@gmail.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost []) by core3.amsl.com (Postfix) with ESMTP id 13D963A689B; Sun, 27 Jun 2010 21:19:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.301
X-Spam-Status: No, score=0.301 tagged_above=-999 required=5 tests=[BAYES_50=0.001, MIME_8BIT_HEADER=0.3]
Received: from mail.ietf.org ([]) by localhost (core3.amsl.com []) (amavisd-new, port 10024) with ESMTP id hIzSWaCiz0Qy; Sun, 27 Jun 2010 21:19:25 -0700 (PDT)
Received: from mail-gx0-f172.google.com (mail-gx0-f172.google.com []) by core3.amsl.com (Postfix) with ESMTP id CBF943A6884; Sun, 27 Jun 2010 21:19:24 -0700 (PDT)
Received: by gxk5 with SMTP id 5so26374gxk.31 for <multiple recipients>; Sun, 27 Jun 2010 21:19:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:date:message-id :subject:from:to:cc:content-type:content-transfer-encoding; bh=6y7g623n/OiDrfddRi272uuSAhr8IZP7tccXcO6s6PI=; b=hRqQD+5EY6YICgzHDJRXDPU6oG75I3WadnN4HluQ/Uv942pN0AoEy3ldtyUs6ox3eD HbaFtxWTtqhZqgtPq4LRFABDGNknCkuXzCAIwhb7uCTXTqL+RPVS1LinLAQGNAJftLe8 MnIMYgGcRTaGqKsCDqjARLOqJAcocEVE4NYl0=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:cc:content-type :content-transfer-encoding; b=JC5IEAeRSj3R2XnAzC+4WxKLv6YLHPDCfm6AhPpnDArozPDeXBRx15VoHbFhy3Ms6i Px7Cf64XN6VySone0l50Usi0zZ1ITZu/5VnCmfWxeg5XvuzWXKGajNK0J28IJnkJ714+ 7dLwjabCB/5cVI4mMn7drh/lNYEy7rRwMjR9E=
MIME-Version: 1.0
Received: by with SMTP id f27mr5529023anq.239.1277698770198; Sun, 27 Jun 2010 21:19:30 -0700 (PDT)
Received: by with HTTP; Sun, 27 Jun 2010 21:19:30 -0700 (PDT)
Date: Sun, 27 Jun 2010 21:19:30 -0700
Message-ID: <AANLkTimKBWOjesqjG93MEq7SEzLbu-JTeXQd0sSc98rz@mail.gmail.com>
From: Magnus Nyström <magnusn@gmail.com>
To: Paul Hoffman <phoffman@imc.org>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
Cc: iesg@ietf.org, draft-c1222-transport-over-ip.all@tools.ietf.org, secdir@ietf.org
Subject: [secdir] Secdir review of draft-c1222-transport-over-ip [WAS: Re: Secdir review of draft-altmann-tls-channel-bindings-10]
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Jun 2010 04:19:26 -0000

Yes, sorry about that - it is for the draft-c1222 .../Magnus

On Sun, Jun 27, 2010 at 2:44 PM, Paul Hoffman <phoffman@imc.org> wrote:
> Given that I have made this same copy-and-paste error in the past: this review is for draft-c1222-transport-over-ip, not the one in the Subject: line.
> At 10:31 AM -0700 6/27/10, Magnus Nyström wrote:
>>I have reviewed this document as part of the security directorate's
>>ongoing effort to review all IETF documents being processed by the
>>IESG.  These comments were written primarily for the benefit of the
>>security area directors.  Document editors and WG chairs should treat
>>these comments just like any other last call comments.
>>This document defines a framework for transporting ANSI C12.22
>>advanced metering infrastructure (AMI) messages on IP networks.
>>AMI is intended for interaction with various types of utility meters;
>>as such, it is clear that security services such as data authenticity,
>>integrity and confidentiality will be quite important.  This draft
>>defers to ANSI C12.22 for application-layer security and states that
>>any transport (or IP) network layer security security functionality
>>shall act "only to enhance and preserve [and] ... not be a substitute
>>for ... ANSI C12.22 ... security provisions." This is all good but I
>>have not had access to C12.22 for this review and so cannot comment
>>further on it. It seems to me, however, that the layering of C12.22
>>on top of IP networks may warrant a discussion about potential methods
>>to enhance C12.22 security? For example, could privacy be enhanced
>>beyond what C12.22 offers through use of a transport network's
>>confidentiality services?
>>Other than this I have no particular comments on this draft; it reads
>>good to me.
>>-- Magnus
>>secdir mailing list

-- Magnus