[secdir] Security review of draft-murdock-nato-nid-02

Ben Laurie <benl@google.com> Fri, 24 October 2014 11:49 UTC

Return-Path: <benl@google.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E32ED1A8A85 for <secdir@ietfa.amsl.com>; Fri, 24 Oct 2014 04:49:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.388
X-Spam-Level:
X-Spam-Status: No, score=-1.388 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Im4uustFXuH3 for <secdir@ietfa.amsl.com>; Fri, 24 Oct 2014 04:49:16 -0700 (PDT)
Received: from mail-yh0-x229.google.com (mail-yh0-x229.google.com [IPv6:2607:f8b0:4002:c01::229]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4FA591A8A6E for <secdir@ietf.org>; Fri, 24 Oct 2014 04:49:12 -0700 (PDT)
Received: by mail-yh0-f41.google.com with SMTP id i57so529073yha.0 for <secdir@ietf.org>; Fri, 24 Oct 2014 04:49:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:from:date:message-id:subject:to:content-type; bh=zGjlfk6zQwzLD0Y/dfyCh+3ott7BEZzPlVqfD9rpZX0=; b=ZKU9FqsX62Z1lGS8GTigyljpxh90x2Ofvr8zOxwGBED047Vl1jk7iee0iFMFADz1z1 6eQ3JcOYZrteyp0S6jIlV4lzRLNGn6fYBQmG/iF7wqWN4k9ZI+MvClyF1fpFqXdvvQ+b +lQpG+kGSCcDctPEgRfxsKz2qp2jwY5CdqG0nqQj7rR8Sw4OC1KU2zOboLkoZCoXdnZa 1UWd/OkZPuFAfOKLJH2rrsfWdGYa9Ai1RZdz/2oQPbgpXKh9Dhz6O+S/dVTafqDUMMuQ 2B8SvYfKqyH85GEuYn3W8l9NbxWmo1dUHFJuqQ/835ilZdMAZujFKKtu4Ak7EEX/s+2A ou9A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:from:date:message-id:subject:to :content-type; bh=zGjlfk6zQwzLD0Y/dfyCh+3ott7BEZzPlVqfD9rpZX0=; b=RcqT06weeTLnzPwyjkwSvrqPAJX94BzeMAtq71564XZYPyeA95/Iwl0TXI9bD34tsF ULAvXuiq5u0mB6LvjOIHMrtMKyVsE5iTfklZ4YnuOGJwWxxwCgGTUTvSGBzoadm1xYYe B97KjZlUvJflWKOAZNMxy+8xWoaIV4Rc/tqn3eg+5hFZ90HTH1fcAIDcJioFza/JNkjI Zdvgr26SXf48G8GyGiV7mOwM35aFpg36IoTeAc2DwXYQvbrXoPMppO0WCZLNibqU3R0i 2tsP5W2xigeANyLzpkQEwlx745+t/tJAl+g60c/R7YbvFcEJTreyiN2pkqKD6tyDv0US ucEA==
X-Gm-Message-State: ALoCoQn8sS5unL/76f0EucKPhyOLsOzAJl5Vqr6XgRa1SYRP5s3W2C+1xmx5EhHay3m6kqoc8uFw
X-Received: by 10.170.194.78 with SMTP id l75mr5918423yke.27.1414151351318; Fri, 24 Oct 2014 04:49:11 -0700 (PDT)
MIME-Version: 1.0
From: Ben Laurie <benl@google.com>
Date: Fri, 24 Oct 2014 11:49:10 +0000
Message-ID: <CABrd9STJ5HjeXdnwjptPatjTOzztdeq9Su7Cq5uE4=RjVDJ00Q@mail.gmail.com>
To: The IESG <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>, draft-murdock-nato-nid.all@tools.ietf.org
Content-Type: multipart/alternative; boundary=001a113919d0f468cb050629c42c
Archived-At: http://mailarchive.ietf.org/arch/msg/secdir/6X5CcN3xOywPzWCQB0SZFEYWoDw
Subject: [secdir] Security review of draft-murdock-nato-nid-02
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Oct 2014 11:49:17 -0000

I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG. These
comments were written primarily for the benefit of the security area
directors. Document editors and WG chairs should treat these comments just
like any other last call comments.

Summary: ready.

The I-D says:

"This document introduces no additional security considerations beyond
those associated with the use and resolution of URNs in general."

For a change, I agree.

It goes on to say:

"Distribution of NATO information in any form is subject to its security
policies. Nonetheless, this specification is for public use and not subject
to any NATO security policies."

Which seems to involve some magical thinking (how do those security
policies magically follow the information?), but this is not a matter I
think we should concern ourselves with.