Re: [secdir] secdir review of draft-ietf-opsec-igp-crypto-requirements
"Bhatia, Manav (Manav)" <manav.bhatia@alcatel-lucent.com> Wed, 15 September 2010 23:36 UTC
Return-Path: <manav.bhatia@alcatel-lucent.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 8A4923A6AAB; Wed, 15 Sep 2010 16:36:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.166
X-Spam-Level:
X-Spam-Status: No, score=-2.166 tagged_above=-999 required=5 tests=[AWL=0.433, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id o2LpmjiKc77G; Wed, 15 Sep 2010 16:36:07 -0700 (PDT)
Received: from ihemail2.lucent.com (ihemail2.lucent.com [135.245.0.35]) by core3.amsl.com (Postfix) with ESMTP id A4A3C3A6AAD; Wed, 15 Sep 2010 16:36:02 -0700 (PDT)
Received: from inbansmailrelay2.in.alcatel-lucent.com (h135-250-11-33.lucent.com [135.250.11.33]) by ihemail2.lucent.com (8.13.8/IER-o) with ESMTP id o8FNaCWL010552 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Wed, 15 Sep 2010 18:36:15 -0500 (CDT)
Received: from INBANSXCHHUB02.in.alcatel-lucent.com (inbansxchhub02.in.alcatel-lucent.com [135.250.12.35]) by inbansmailrelay2.in.alcatel-lucent.com (8.14.3/8.14.3/GMO) with ESMTP id o8FNaAPq024880 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NOT); Thu, 16 Sep 2010 05:06:11 +0530
Received: from INBANSXCHMBSA1.in.alcatel-lucent.com ([135.250.12.56]) by INBANSXCHHUB02.in.alcatel-lucent.com ([135.250.12.35]) with mapi; Thu, 16 Sep 2010 05:06:10 +0530
From: "Bhatia, Manav (Manav)" <manav.bhatia@alcatel-lucent.com>
To: Samuel Weiler <weiler@watson.org>, "ietf@ietf.org" <ietf@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>, "draft-ietf-opsec-igp-crypto-requirements.all@tools.ietf.org" <draft-ietf-opsec-igp-crypto-requirements.all@tools.ietf.org>
Date: Thu, 16 Sep 2010 05:06:00 +0530
Thread-Topic: secdir review of draft-ietf-opsec-igp-crypto-requirements
Thread-Index: ActVAcwvbKYGmY2tSU+0WYRYVYCeRgALFctw
Message-ID: <7C362EEF9C7896468B36C9B79200D8350CF3916707@INBANSXCHMBSA1.in.alcatel-lucent.com>
References: <alpine.BSF.2.00.1009151357390.4814@fledge.watson.org>
In-Reply-To: <alpine.BSF.2.00.1009151357390.4814@fledge.watson.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.57 on 135.245.2.35
X-Scanned-By: MIMEDefang 2.64 on 135.250.11.33
X-Mailman-Approved-At: Fri, 17 Sep 2010 05:38:35 -0700
Subject: Re: [secdir] secdir review of draft-ietf-opsec-igp-crypto-requirements
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Sep 2010 23:36:23 -0000
Hi Samuel, Thanks for the review. > Is there a way to present this information more compactly? I suggest > a table with routing protocol on one axis, crypto suite on another, > and requirement status in the elements (perhaps with a cite > to the doc > that sets the requirement). You might separely say "MANDATORY to > implement, OPTIONAL to use, NOT SUGGESTED for use". This is precisely what we were doing till the OPSEC WG members asked us to change the format to the current one. > > You could also put suggestions and speculation about the > future in the > same table, though you may need to define some terms. And it We were using extended 2119 terms like SHOULD+, MUST- and MAY+ originally and these were again removed because of the strong consensus in the WG in favor of the current text. > needs to > be clear when this doc diverges from past ones or makes a new > statement. I have not gone back through the previous docs to confirm > that this doc isn't changing anything. > > I see a whole bunch of lower case "may" and "should", and I'm > wondering what to make of them. > > In describing each routing protocol's authentication options, > it would > be helpful to say whether there's any in-band negotiation available. I am not sure I understand whats being meant by in-band negotiation here? > If so, more needs to be said about that in the security > considerations. If not, it should be documented here. > > I don't need to hear three or four separate times that cleartext > passwords are bad. Just making sure that folks don't miss this! :) > > Minor: remove citations from the abstract (per rfc editor policy). Sure, will do. Cheers, Manav > > -- Sam > >
- [secdir] secdir review of draft-ietf-opsec-igp-cr… Samuel Weiler
- Re: [secdir] secdir review of draft-ietf-opsec-ig… Joel Jaeggli
- Re: [secdir] secdir review of draft-ietf-opsec-ig… Bhatia, Manav (Manav)
- Re: [secdir] secdir review of draft-ietf-opsec-ig… Samuel Weiler
- Re: [secdir] secdir review of draft-ietf-opsec-ig… Bhatia, Manav (Manav)