[secdir] Review of draft-ietf-alto-problem-statement-04
Shawn M Emery <Shawn.Emery@Sun.COM> Sun, 18 October 2009 06:54 UTC
Return-Path: <Shawn.Emery@Sun.COM>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 93A533A67A3; Sat, 17 Oct 2009 23:54:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.046
X-Spam-Level:
X-Spam-Status: No, score=-6.046 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_MISMATCH_COM=0.553, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1qsdTgpw0rLn; Sat, 17 Oct 2009 23:54:09 -0700 (PDT)
Received: from brmea-mail-2.sun.com (brmea-mail-2.Sun.COM [192.18.98.43]) by core3.amsl.com (Postfix) with ESMTP id 0E6123A63EB; Sat, 17 Oct 2009 23:54:08 -0700 (PDT)
Received: from fe-amer-09.sun.com ([192.18.109.79]) by brmea-mail-2.sun.com (8.13.6+Sun/8.12.9) with ESMTP id n9I6sEKt023062; Sun, 18 Oct 2009 06:54:14 GMT
MIME-version: 1.0
Content-transfer-encoding: 7bit
Content-type: text/plain; CHARSET="US-ASCII"; format="flowed"
Received: from conversion-daemon.mail-amer.sun.com by mail-amer.sun.com (Sun Java(tm) System Messaging Server 7u2-7.04 64bit (built Jul 2 2009)) id <0KRP00B0074XS300@mail-amer.sun.com>; Sun, 18 Oct 2009 00:54:14 -0600 (MDT)
Received: from [10.0.0.5] ([unknown] [174.51.225.48]) by mail-amer.sun.com (Sun Java(tm) System Messaging Server 7u2-7.04 64bit (built Jul 2 2009)) with ESMTPSA id <0KRP00LIY76DSQ50@mail-amer.sun.com>; Sun, 18 Oct 2009 00:54:14 -0600 (MDT)
Date: Sun, 18 Oct 2009 00:53:09 -0600
From: Shawn M Emery <Shawn.Emery@Sun.COM>
Sender: Shawn.Emery@Sun.COM
To: secdir@ietf.org
Message-id: <4ADABB55.9090906@sun.com>
User-Agent: Thunderbird 2.0.0.23 (X11/20090929)
Cc: alto-chairs@tools.ietf.org, draft-ietf-alto-problem-statement@tools.ietf.org, iesg@ietf.org
Subject: [secdir] Review of draft-ietf-alto-problem-statement-04
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 18 Oct 2009 06:54:10 -0000
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This draft describes various network congestion/latency issues faced by P2P and client/server applications, and offers guidance for resolving these issues by providing these applications network topology and bandwidth information, etc. The security considerations section does exist and describes that the solutions to these network issues involves a 3rd party that both sends and receives sensitive information for the applications. The draft then suggests that this information should be protected/authenticated and references the requirements document, draft-ietf-alto-reqs, for this guidance. draft-ietf-alto-reqs outlines security requirements, such as mutual authentication, privacy, etc. So really I didn't find any security issues within the scope of the reviewed document. General comments(s): Thanks for including the various examples. Editorial comment(s): s/with a public/with public/ -- Shawn.
- [secdir] Review of draft-ietf-alto-problem-statem… Shawn M Emery