[secdir] review of draft-ietf-taps-transport-usage-udp-08

Derrell Piper <ddp@electric-loft.org> Mon, 11 September 2017 07:46 UTC

Return-Path: <ddp@electric-loft.org>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id BD918133010; Mon, 11 Sep 2017 00:46:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id 0cicJer1cBLm; Mon, 11 Sep 2017 00:46:54 -0700 (PDT)
Received: from Mail.Yoyodyne.COM (mail.yoyodyne.com []) by ietfa.amsl.com (Postfix) with SMTP id 5CA211321A7; Mon, 11 Sep 2017 00:46:54 -0700 (PDT)
Received: from [IPv6:2602:30a:c08e:83d0:1d63:312d:e841:bfa] ([2602:30a:c08e:83d0:1d63:312d:e841:bfa]) by Mail.Yoyodyne.COM via Internet for <secdir@ietf.org> (and others); Mon, 11 Sep 2017 00:46:54 PDT
From: Derrell Piper <ddp@electric-loft.org>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
Message-Id: <6A5D2673-EA27-46A7-8506-AB9253AC5F24@electric-loft.org>
Date: Mon, 11 Sep 2017 00:46:52 -0700
Cc: The IESG <iesg@ietf.org>
To: secdir@ietf.org
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/7sIHjIGiWZ_AsGPP4Q1AYMsEGGs>
Subject: [secdir] review of draft-ietf-taps-transport-usage-udp-08
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Sep 2017 07:46:56 -0000

I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG.  These
comments were written primarily for the benefit of the security area
directors.  Document editors and WG chairs should treat these comments just
like any other last call comments.

The summary of the review is Ready with Nits.

Since I'm not following TAPS, or most of this, I reviewed the ediff's between
-05, -06, -07, and this version -08.  There were no changes from -07, so -06
was the last relevant version.

Radia's comments from her review of -05 were succinct, so I'll quote them:

   This informational document contains tutorial information on the use of
   the sockets API to send and receive data over the UDP and UDP-lite
   protocols. It is apparently part of an effort to write tutorial
   descriptions of APIs to all IETF-standardized transport protocols.

   This document refers the reader to the standards for all security
   considerations. That is probably appropriate. It’s always difficult to
   decide what information to include and what to exclude in a tutorial.  I
   would have liked an explanation of how the sender knows whether to request
   UDP or UDP-lite, since it doesn't look like UDP-lite would be compatible
   with something that only speaks UDP.

Section 3.4 has been expanded upon, presumably to address her second point.
I'm still not sure it gives the reader enough information to choose between
all these things, but it was basically informative, even if it seems to raise
more questions than it answers.

Considering that this document doesn't even reference D/TLS or QUIC, I guess
it's fine for what it is, but I would have preferred more text in the Security
Considerations section and I guess more text overall about when these things
are useful.