[secdir] correction: Re: secdir review of draft-hollenbeck-rfc4932bis-01
Chris Lonvick <clonvick@cisco.com> Mon, 01 June 2009 19:42 UTC
Return-Path: <clonvick@cisco.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 35CD93A6A19; Mon, 1 Jun 2009 12:42:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lbsZ29-+Y4Kb; Mon, 1 Jun 2009 12:42:12 -0700 (PDT)
Received: from sj-iport-6.cisco.com (sj-iport-6.cisco.com [171.71.176.117]) by core3.amsl.com (Postfix) with ESMTP id 4217A3A686D; Mon, 1 Jun 2009 12:42:12 -0700 (PDT)
X-IronPort-AV: E=Sophos;i="4.41,285,1241395200"; d="scan'208";a="314497029"
Received: from sj-dkim-2.cisco.com ([171.71.179.186]) by sj-iport-6.cisco.com with ESMTP; 01 Jun 2009 19:42:12 +0000
Received: from sj-core-5.cisco.com (sj-core-5.cisco.com [171.71.177.238]) by sj-dkim-2.cisco.com (8.12.11/8.12.11) with ESMTP id n51JgCYM012491; Mon, 1 Jun 2009 12:42:12 -0700
Received: from sjc-cde-011.cisco.com (sjc-cde-011.cisco.com [171.69.16.68]) by sj-core-5.cisco.com (8.13.8/8.13.8) with ESMTP id n51JgCqF022698; Mon, 1 Jun 2009 19:42:12 GMT
Date: Mon, 01 Jun 2009 12:42:12 -0700
From: Chris Lonvick <clonvick@cisco.com>
To: iesg@ietf.org, secdir@ietf.org, shollenbeck@verisign.com
In-Reply-To: <Pine.GSO.4.63.0906011152370.13437@sjc-cde-011.cisco.com>
Message-ID: <Pine.GSO.4.63.0906011240130.13437@sjc-cde-011.cisco.com>
References: <Pine.GSO.4.63.0906011152370.13437@sjc-cde-011.cisco.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"; format="flowed"
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; l=1201; t=1243885332; x=1244749332; c=relaxed/simple; s=sjdkim2002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=clonvick@cisco.com; z=From:=20Chris=20Lonvick=20<clonvick@cisco.com> |Subject:=20correction=3A=20Re=3A=20secdir=20review=20of=20 draft-hollenbeck-rfc4932bis-01 |Sender:=20; bh=ktQXnZTyIC5d+bDzVn1ZDiYZ7UjBkMVY8BNO/nFxU+k=; b=fnuYUob7pjKnJD7z3hPYa16lYdhtRiLMwnE6KEbdtVQq+gJXLVjPSFo2vt njitulVvQ16AYhsYNCPUxC4jVMZjfXFGcA3orlcfH6+sOTkSNgiRiPJ8jMPn 02CYk7adXl;
Authentication-Results: sj-dkim-2; header.From=clonvick@cisco.com; dkim=pass ( sig from cisco.com/sjdkim2002 verified; );
Subject: [secdir] correction: Re: secdir review of draft-hollenbeck-rfc4932bis-01
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Jun 2009 19:42:14 -0000
On Mon, 1 Jun 2009, Chris Lonvick wrote: > Hi, > > I have reviewed this document as part of the security directorate's > ongoing effort to review all IETF documents being processed by the > IESG. These comments were written primarily for the benefit of the > security area directors. Document editors and WG chairs should treat > these comments just like any other last call comments. > > I found security-related problems in my review of the document. That's supposed to be: I found _no_ security-related problems in my review of the document. Apologies for the confusion, and thanks Richard for pointing that out. Regards, Chris > > I did see, however, that the Security Considerations, which point back to ID > 4930.bis, are very similar to the security considerations in RFC 4930. They > hint that a secure transport is needed to thwart common mitm attacks but the > section does not give any specific guidance. > > It has been two years since RFC 4930 was published. Have any secure > transports been used? If so, I think it would be a good idea to state which > one(s) and how its attributes do thwart the threats. > > Best regards, > Chris >
- [secdir] secdir review of draft-hollenbeck-rfc493… Chris Lonvick
- [secdir] correction: Re: secdir review of draft-h… Chris Lonvick
- Re: [secdir] secdir review of draft-hollenbeck-rf… Alexey Melnikov