[secdir] secdir review of draft-elie-nntp-tls-recommendations-01
David Mandelberg <david@mandelberg.org> Sun, 04 December 2016 18:22 UTC
Return-Path: <david@mandelberg.org>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D541212958D for <secdir@ietfa.amsl.com>; Sun, 4 Dec 2016 10:22:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=yahoo.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id z2D_oBkFPXKn for <secdir@ietfa.amsl.com>; Sun, 4 Dec 2016 10:22:06 -0800 (PST)
Received: from nm25-vm10.access.bullet.mail.bf1.yahoo.com (nm25-vm10.access.bullet.mail.bf1.yahoo.com [216.109.115.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A6C9812958C for <secdir@ietf.org>; Sun, 4 Dec 2016 10:22:05 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1480875724; bh=Rfsfq3QEd1inEoDmHZE5orf7ii5VBQ5LKKFRMxeeXOE=; h=To:From:Subject:Date:From:Subject; b=QMgQ5VaJqA7OQxOXj/QtB1uRrEF8e23v2EXa9XVKcNI4VHBDPQr/E5yl1nKhvLtvn8ESUmvgVbzqjH4NAV2PFa5wbYy2GzlB/6PMS035cHK2354m1sbGQg7IGCovaxHLYly9PTzkSwR9Zh0pZ5iHESXYaIhzKZfyiR5rPHjJYzMHIbrLspobLplBhiPDd/v1NwtVPQgIes7BTVaT3cojt9iiPVHriSCHg5+ncp76EMjT2AyXLdkR5WO0/mh28vdvBCk4wCLKhB7lPEPF6RXXhAV37dPMy3LIY8zf+XakugsOAsRpqtwc6QYEoKAnk3kcs9Bij+6QzmGL0StQPdsC+g==
Received: from [66.196.81.164] by nm25.access.bullet.mail.bf1.yahoo.com with NNFMP; 04 Dec 2016 18:22:04 -0000
Received: from [98.138.226.240] by tm10.access.bullet.mail.bf1.yahoo.com with NNFMP; 04 Dec 2016 18:22:04 -0000
Received: from [127.0.0.1] by smtp111.sbc.mail.ne1.yahoo.com with NNFMP; 04 Dec 2016 18:22:04 -0000
X-Yahoo-Newman-Id: 30420.60146.bm@smtp111.sbc.mail.ne1.yahoo.com
X-Yahoo-Newman-Property: ymail-3
X-YMail-OSG: QNjwQLoVM1lm7sfUNn3mo29PmxnTGqjR8MC3optLPMu69OA 8uc8yWDu5Uu3PGRauiIwmgB5b4saal7OCweHjSoBPgejbp7HJ3GKM_i8cmwD xFn2maEoQaDAofaHk09FIzfIATYzutT7K3nX0uGAMwnopYGJ897wbRPDds9k LUtDLpS89HclFjtpF5YFfDlH5_A7I.IzhhJfMGwXjrIUmFggaXH_xC1C01JR uib3pwV0sN.nubIxX9XDCoSdO.k48ocnSpjWamDM5h9FzUu7vey1_OxB95PD a9MbeM2cuAcr5tCubPtWkxctucdlnoejXfjXO5TjlTzulMAS46nxy7ihMB_9 eb36ciu3sLDhnl4oE.._mI8gag4VnyDlOqsjweo34rQd8ltrjmoCY7hH3.IE d_Qks5BmUlF9v.uwjwUsiIW8YdLdYtib7VGwzXoXvloKGsE9LURGNKyZoxsx sNUE306l1Tnlr8QA.xDUuRkXzZhlaEbG7sfTOfEmqDweh43PreZY3OmmWI00 mOm4NMwplN1zVFnni_Cq3.vuJ2e2GOQeRfBGlg57nDg--
X-Yahoo-SMTP: 4kJJK.qswBDPuwyc5wW.BPAQqNXdy5j09UNyeAS0pyOQ708-
Received: from [192.168.1.152] (DD-WRT [192.168.1.1]) by uriel.mandelberg.org (Postfix) with ESMTPSA id E3B051C6033; Sun, 4 Dec 2016 13:22:02 -0500 (EST)
To: iesg@ietf.org, secdir@ietf.org, draft-elie-nntp-tls-recommendations.all@ietf.org
From: David Mandelberg <david@mandelberg.org>
Message-ID: <022c6479-4bac-f18e-928a-796a0d7ebde3@mandelberg.org>
Date: Sun, 04 Dec 2016 13:21:59 -0500
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.3.0
MIME-Version: 1.0
Content-Type: multipart/signed; micalg="pgp-sha1"; protocol="application/pgp-signature"; boundary="VMXma9nvU3n1mfnlHnRlGw6FBe9FMgcSP"
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/7ESp8bk9zHYmJSJGlc4UZkFZe9s>
Subject: [secdir] secdir review of draft-elie-nntp-tls-recommendations-01
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 04 Dec 2016 18:22:08 -0000
Hi, I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. I think this document is ready with nits. Section 2.4: I think the second to last bullet (about lack of STARTTLS) should be expanded in scope to say "during any previous connection within a (possibly configurable) time frame" instead of "during the previous connection." Otherwise, a human might not see the warning the first time, and the warning would disappear immediately after that. -- David Eric Mandelberg / dseomn http://david.mandelberg.org/
- [secdir] secdir review of draft-elie-nntp-tls-rec… David Mandelberg
- Re: [secdir] secdir review of draft-elie-nntp-tls… Julien ÉLIE
- Re: [secdir] secdir review of draft-elie-nntp-tls… David Mandelberg
- Re: [secdir] secdir review of draft-elie-nntp-tls… Julien ÉLIE