Re: [secdir] review of draft-ietf-cdni-use-cases-08

"Francois Le Faucheur (flefauch)" <> Mon, 09 July 2012 08:04 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 2D98121F8668; Mon, 9 Jul 2012 01:04:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -10.599
X-Spam-Status: No, score=-10.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 9HYyWdKtro6q; Mon, 9 Jul 2012 01:04:54 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 7A26A21F869D; Mon, 9 Jul 2012 01:04:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;;; l=2314; q=dns/txt; s=iport; t=1341821119; x=1343030719; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=3yz7Bnzo11ks4TqHaDH+N9pgRurJKG+d2kCXjgcbAcs=; b=Fk+dtN8w1cpqMCwlCoDbKqqGrk8KHCX88HNSnqtBk4POJzaXPMpZYoBe xxbYgWEpndZ4lg4rUe1GuQSQpY8rzOPS5RVqz4j2Hp924bI4TX/lPtDjA 4chauVvz/CNymFLXGa4KExs6PvuzEqp+3nF+OY+r5l0jgXPaYE+l1WfyF 8=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: Av0EAEiQ+k+tJXG8/2dsb2JhbABFt2SBB4IhAQEEEgFUEhACAQhGMiUCBAENJ4drmwCfFYtAhSxgA4gWjSCBEo0NgWaCXw
X-IronPort-AV: E=Sophos;i="4.77,551,1336348800"; d="scan'208";a="99897122"
Received: from ([]) by with ESMTP; 09 Jul 2012 08:05:18 +0000
Received: from ( []) by (8.14.5/8.14.5) with ESMTP id q6985IY0020515 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Mon, 9 Jul 2012 08:05:18 GMT
Received: from ([]) by ([]) with mapi id 14.02.0298.004; Mon, 9 Jul 2012 03:05:18 -0500
From: "Francois Le Faucheur (flefauch)" <>
To: Leif Johansson <>, "" <>
Thread-Topic: review of draft-ietf-cdni-use-cases-08
Thread-Index: AQHNXUYQp+sxNL1S30qFQw+jO95aeZcg7HAA
Date: Mon, 9 Jul 2012 08:05:17 +0000
Message-ID: <>
References: <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
x-originating-ip: []
x-tm-as-product-ver: SMEX-
x-tm-as-result: No--38.983300-8.000000-31
x-tm-as-user-approved-sender: No
x-tm-as-user-blocked-sender: No
Content-Type: text/plain; charset="iso-8859-1"
Content-ID: <>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "Francois Le Faucheur \(flefauch\)" <>, The IESG <>, "" <>
Subject: Re: [secdir] review of draft-ietf-cdni-use-cases-08
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 09 Jul 2012 08:04:55 -0000

(speaking as WG co-chair)

Hi Leif & use-cases co-authors,

Thanks for your review.

Regarding :
"The security considerations section
refers the reader to the CDNI problem statement which is fine if
all the security considerations from RFC3570 (which is obsoleted
by this document) are carried over to the CDNI problem statement."

I would say that the fundamental security considerations brought up in RFC3570 are indeed covered by the Problem Statement. But arguably, there are one or two interesting specific declinations of these fundamental security considerations that are more explicitely spelt out in RFC3570 (eg "Delivery of Bad CONTENT"). My proposal would be that we catch all these "specific declinations" in our CDNI Framework document, since this is the target document for discussing specific declinations of system-level security issues (and each individual CDNI interface document will discuss its interface-specific considerations). 
Does that work?
If yes, I'll drop a note to the CDNI Framework authors to make sure they exhaustively catch any specific declinations of security issues that was brought up in RFC3570 and is not yet discussed in the CDNI Framework.



On 8 Jul 2012, at 22:12, Leif Johansson wrote:

> Hash: SHA1
> I have reviewed this document as part of the security directorate's
> ongoing effort to review all IETF documents being processed by the
> IESG.  These comments were written primarily for the benefit of the
> security area directors.  Document editors and WG chairs should treat
> these comments just like any other last call comments.
> The document is well written. The security considerations section
> refers the reader to the CDNI problem statement which is fine if
> all the security considerations from RFC3570 (which is obsoleted
> by this document) are carried over to the CDNI problem statement.
> 	Best R
> 	Leif
> Version: GnuPG v1.4.11 (GNU/Linux)
> Comment: Using GnuPG with Mozilla -
> iEYEARECAAYFAk/56bkACgkQ8Jx8FtbMZneEEACfSx3EDC8LjfxAVtjlG26U0yke
> A/4AniNhNV6H7bR5HCqfisT2mZ2lFgp0
> =UlPC