[secdir] Secdir review of draft-ietf-httpbis-http2-16

Chris Lonvick <lonvick.ietf@gmail.com> Thu, 15 January 2015 20:22 UTC

Return-Path: <lonvick.ietf@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com []) by ietfa.amsl.com (Postfix) with ESMTP id B086A1B32E1; Thu, 15 Jan 2015 12:22:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id tMjjY8hwsMwl; Thu, 15 Jan 2015 12:22:52 -0800 (PST)
Received: from mail-pa0-x230.google.com (mail-pa0-x230.google.com [IPv6:2607:f8b0:400e:c03::230]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CBF441B32E0; Thu, 15 Jan 2015 12:22:51 -0800 (PST)
Received: by mail-pa0-f48.google.com with SMTP id rd3so19573548pab.7; Thu, 15 Jan 2015 12:22:51 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject :content-type; bh=yYui7eh0Ze+ZLB+KRnfG3nCVKuYptoGz783eRl0vU1I=; b=V91cgbcYfpyOqkXue8oNq416VYroQ1QyEo+NBd6/6edjZgEmru0tP+R+9f3f9cxAxA Sh8c/Q+LUHvBY7ED1ETg0LJp0ytPpeaaa1OpgfGKOPvp+sc8zfY8r4UwlEo6sIBiM/Wp bkunUMDZvJlmJteWwrUi5x1RJPzdBr7OSydanZM1ar9QwqjCmTSemzoPmgfgB1DKr4K3 y87qqxiYGsDCKKc2OC46HQprCOO4aJ0bfG5aYMchrP5BWhmYOLW0DiunejoWzRThBrmx wU4nsQmphYD1VqWxgMbjRqOcDtcX0seAURvoWgwkVHcuqfheq1HrF3BqBkPeMWdUJnrJ mNzw==
X-Received: by with SMTP id h1mr16926892pdk.97.1421353371143; Thu, 15 Jan 2015 12:22:51 -0800 (PST)
Received: from [] (172-3-137-150.lightspeed.sntcca.sbcglobal.net. []) by mx.google.com with ESMTPSA id a6sm2180989pbu.64.2015. (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Thu, 15 Jan 2015 12:22:50 -0800 (PST)
Message-ID: <54B82198.8090204@gmail.com>
Date: Thu, 15 Jan 2015 12:22:48 -0800
From: Chris Lonvick <lonvick.ietf@gmail.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: "iesg@ietf.org" <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>, draft-ietf-httpbis-http2.all@tools.ietf.org
Content-Type: multipart/alternative; boundary="------------000907060304040501050105"
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/6Tpq9RvmlnJNt4Imeu2X5K7LuDw>
Subject: [secdir] Secdir review of draft-ietf-httpbis-http2-16
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Jan 2015 20:22:54 -0000


I have reviewed this document as part of the security directorate's 
ongoing effort to review all IETF documents being processed by the IESG. 
These comments were written primarily for the benefit of the security 
area directors. Document editors and WG chairs should treat these 
comments just like any other last call comments.

I only had time to skim through the document but overall, the document 
is well written and appears to appropriately address the security 
concerns.  I suggest that the document is READY for publication.

Just as a "ni" (it's less than a "nit" ;-), should the list of 
prohibited cipher suites become an IANA registry?  Doing so would make 
it easier to authoritatively add to it, and others may be interested in 
referencing the list.

Best regards,