[secdir] secdir review/last call comments for : draft-ogud-iana-protocol-maintenance-words
Sam Hartman <hartmans-ietf@mit.edu> Fri, 19 March 2010 18:48 UTC
Return-Path: <hartmans@mit.edu>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 6D1913A681B; Fri, 19 Mar 2010 11:48:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.594
X-Spam-Level:
X-Spam-Status: No, score=-1.594 tagged_above=-999 required=5 tests=[AWL=-0.459, BAYES_00=-2.599, DNS_FROM_OPENWHOIS=1.13, IP_NOT_FRIENDLY=0.334]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pyvb6slslSxp; Fri, 19 Mar 2010 11:48:29 -0700 (PDT)
Received: from mail.suchdamage.org (permutation-city.suchdamage.org [69.25.196.28]) by core3.amsl.com (Postfix) with ESMTP id 7A7603A67F2; Fri, 19 Mar 2010 11:48:29 -0700 (PDT)
Received: from carter-zimmerman.suchdamage.org (carter-zimmerman.suchdamage.org [69.25.196.178]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "laptop", Issuer "laptop" (not verified)) by mail.suchdamage.org (Postfix) with ESMTPS id 99FC1200FA; Fri, 19 Mar 2010 14:48:41 -0400 (EDT)
Received: by carter-zimmerman.suchdamage.org (Postfix, from userid 8042) id 8236D413C; Fri, 19 Mar 2010 14:48:21 -0400 (EDT)
From: Sam Hartman <hartmans-ietf@mit.edu>
To: ietf@ietf.org, secdir@ietf.org
References: <20100317174540.39CAD3A6891@core3.amsl.com> <4BA13EF6.5@gmail.com> <p0624080dc7c7101a171c@[10.20.30.158]> <20100318132523.GB25752@shinkuro.com> <p06240854c7c7ffcde811@[10.20.30.158]> <4BA38B39.9000206@ogud.com> <p06240876c7c951672e85@[10.20.30.158]>
Date: Fri, 19 Mar 2010 14:48:21 -0400
In-Reply-To: <p06240876c7c951672e85@[10.20.30.158]> (Paul Hoffman's message of "Fri\, 19 Mar 2010 09\:14\:46 -0700")
Message-ID: <tslvdcsuozu.fsf_-_@mit.edu>
User-Agent: Gnus/5.110009 (No Gnus v0.9) Emacs/22.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Cc: draft-ogud-iana-protocol-maintenance-words@tools.ietf.org
Subject: [secdir] secdir review/last call comments for : draft-ogud-iana-protocol-maintenance-words
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Mar 2010 18:48:30 -0000
I have been assigned this draft as part of the secdir review process. I see no security issues with the draft that are really within the scope of a secdir review. I do have significant concerns I'd like to raise as last call comments. In general, I agree with most of the concerns raised about this draft. I believe that an applicability statement is the appropriate way to address what this draft is trying to do. If you're looking to make a process change how about writing a simple proposal for allowing IANA registries to reference applicability statements that describe protocols they cover. You might have a note like "For current status of the implementation requirements for these algorithms in dnssec, se RFC xyzzy." The applicability statement could say which registries it links to, and could remove the links of statements it obsoletes. I realize that's somewhat going down the path of including unnecessary information in a registry, but I think it is a reasonable compromise until/unless something broader like ISDs come along. Also, by all means try to put together an ISD-like proposal if you have the energy. I'm one of the people who thought that the last ISD proposal was not sufficiently specified and might run into fundamental problems, but thought there were some really good ideas there, so if you do go down that route I'd be happy to share some concerns while remaining constructive. Stunningly, given the concerns raised so far, I think I have some new ones. First, this draft attempts to establish operational requirements. The term operational requirements is not well defined. In the context of DNSsec, we can imagine what that might mean: zone operators need to use one of the mandatory algorithms to sign their zones in order to guarantee that others can validate it. Especially for Internet-wide protocols it is often appropriate to have best-current-practice recommendations for the operational deployment of those protocols. We have groups like gro and dnsop that develop such recommendations. For other protocols this makes no sense at all. In the past I've worked on VPN deployments for clients. Those clients chose algorithms that were right for their environments. IF within that environment they happened to choose a protocol that was not labeled as MANDATORY by an IANA registry, that's totally fine. Neither the IETF nor the IANA has a good reason to tell people what IPsec algorithms they need to use in their operational environment, nor even what algorithms must be enabled in a given configuration. If we try, we will be ignored. This draft conflates implementation requirements with operations requirements. In many cases we SHOULD NOT specify operations requirements. In other cases, there is no reason to be sure that the implementation and operations requirements will be the same. Others have pointed out the broken definition of mandatory. The definition at the top of 3.1 provides an escape and makes MANDATORY much like SHOULD. However the explanation for what it means for implementations and operations provides no such escape. There is a lack of alignment between the implementation requirement and operations requirement for obsolete: if I'm starting to phase something out, it is too early to say SHOULD NOT implement. This draft fails to adequately describe its relationship to RFC 2119. When should I use MUST? When should I use MANDATORY? Why do I need both? If you're going to introduce new terms, you need to clearly specify their applicability.