IETF Logo Mail Archive

Re: [secdir] secdir review of draft-ietf-decade-problem-statement-05

Leif Johansson <leifj@sunet.se> Thu, 22 March 2012 10:39 UTC

Return-Path: <leifj@sunet.se>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3593D21F8565; Thu, 22 Mar 2012 03:39:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aBcOFW4VsaCG; Thu, 22 Mar 2012 03:39:09 -0700 (PDT)
Received: from backup-server.nordu.net (backup-server.nordu.net [IPv6:2001:948:4:1::66]) by ietfa.amsl.com (Postfix) with ESMTP id 49CE321F855D; Thu, 22 Mar 2012 03:39:09 -0700 (PDT)
Received: from [130.229.141.185] (n141-p185.kthopen.kth.se [130.229.141.185]) (authenticated bits=0) by backup-server.nordu.net (8.14.3/8.14.3) with ESMTP id q2MAaxvi013270 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 22 Mar 2012 11:37:05 +0100 (CET)
Message-ID: <4F6B00CB.40707@sunet.se>
Date: Thu, 22 Mar 2012 11:36:59 +0100
From: Leif Johansson <leifj@sunet.se>
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:10.0.2) Gecko/20120216 Thunderbird/10.0.2
MIME-Version: 1.0
To: Songhaibin <haibin.song@huawei.com>
References: <4F5D0D74.5030209@sunet.se> <E33E01DFD5BEA24B9F3F18671078951F1586BC89@szxeml534-mbx.china.huawei.com>
In-Reply-To: <E33E01DFD5BEA24B9F3F18671078951F1586BC89@szxeml534-mbx.china.huawei.com>
X-Enigmail-Version: 1.3.5
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Cc: "secdir@ietf.org" <secdir@ietf.org>, "draft-ietf-decade-problem-statement.all@tools.ietf.org" <draft-ietf-decade-problem-statement.all@tools.ietf.org>, "iesg@ietf.org" <iesg@ietf.org>
Subject: Re: [secdir] secdir review of draft-ietf-decade-problem-statement-05
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Mar 2012 10:39:10 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 03/22/2012 08:44 AM, Songhaibin wrote:
> Thank you Leif,
> 
>> My main problem with the draft is that the Security
>> Considerations Section is weak. I would have liked a more
>> in-depth analysis of the enumerated threats in the context of
>> decade. For instance the privacy aspects of using in-network
>> storage for P2P networks is only covered briefly as part of a
>> discussion on traffic analysis.
> 
> Because many of the security threats are not very special compared
> to other client-server interactions, so we did not give much
> analysis there, but only quote the potential threats here. But we
> will try to think a little more deeper.
> 

I think thats where we disagree. My argument is that since some of
the architecture is invalidated by common solutions to the usual
threat vectors (eg e2e encryption).

	Cheers Leif
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk9rAMYACgkQ8Jx8FtbMZndKTQCfRPosiDyR8qVxzVv5mxOCZybE
7ggAnjrKN/BC5ZL5F5I/5griYLcwnTa/
=dAdC
-----END PGP SIGNATURE-----

v2.23.0 | Report a Bug | By Email