Re: [secdir] [Last-Call] Secdir telechat review of draft-ietf-dtn-tcpclv4-18
"Christopher Wood" <caw@heapingbits.net> Fri, 21 February 2020 01:50 UTC
Return-Path: <caw@heapingbits.net>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CC063120808 for <secdir@ietfa.amsl.com>; Thu, 20 Feb 2020 17:50:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=heapingbits.net header.b=kKzLY2Us; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=0vaK0dzX
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id geSisSqVBCqk for <secdir@ietfa.amsl.com>; Thu, 20 Feb 2020 17:50:18 -0800 (PST)
Received: from out5-smtp.messagingengine.com (out5-smtp.messagingengine.com [66.111.4.29]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 24B0C120806 for <secdir@ietf.org>; Thu, 20 Feb 2020 17:50:18 -0800 (PST)
Received: from compute6.internal (compute6.nyi.internal [10.202.2.46]) by mailout.nyi.internal (Postfix) with ESMTP id 0CC1421FFC; Thu, 20 Feb 2020 20:50:17 -0500 (EST)
Received: from imap4 ([10.202.2.54]) by compute6.internal (MEProxy); Thu, 20 Feb 2020 20:50:17 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=heapingbits.net; h=mime-version:message-id:in-reply-to:references:date:from:to :cc:subject:content-type:content-transfer-encoding; s=fm3; bh=yw x4i5fyhg7mLRMN69p4Tgwr/XyhsAFiPQfoU8xWv90=; b=kKzLY2Uss2MORxG/oD VusrWe2YKYJUpezxyQv5EN4rb2Fs0LqC6yBvlcDtJKxxXg4Q7Ryy8e0cXRLa2Mcq xj/QZ2D16pXS0OAGy/idHeN1AgYczzbY/I1/hyBMSA4kc5hzxrVa3035MFXY0IXE X/S7MfXZsTcnKjbXq9vvWkhQrYXF4FIJSZ1fFDZtWbrPEDy9YZgb+2CM0exKpLwV 7uZKBL+TbIczGqzm52MfTz35h+1KApO6+jv4xWOu/W6hc1JpStm79kG/m+8gFY89 9O64+9XRZ8L2kj5YxQktA3SlKKVgKQTux0WEyw8B+hjnLUcg92FLF2LLseG7nDh6 rolw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm2; bh=ywx4i5fyhg7mLRMN69p4Tgwr/XyhsAFiPQfoU8xWv 90=; b=0vaK0dzXGLbl7Wc5jIbzdv/HdhuAfdLcayRZRCj+rniaZWSgbupMN7bTm 1TgOZ+T+0MCl41gy5cjJ6zf8ipar5sQCE00vnxU72malnOT+TAL2l+CLvNCLaV1Y FGdetyuzj21RMOpGmK79/S8cTRvGGS52+4vwO201IfWtd6JMaHLRF7nT6DqoHFDz fXmqlRNcOSoSb0HGmBR1c/p1nbbWgFdu32ZKw2BcA3DhjcOHCmd5jG0y/D/t4HaH 7GEldPnfqTfWbGSewZpr81nh40Iv4/zpGoNrf6SFoQjqtfJrFoacNrE5zfaRh7wE zDX1oQInjbWoEkFfOOqihTygTlpaw==
X-ME-Sender: <xms:WDdPXmEx19hD_mKaF40kMR6pGNThmrFKd9RGjvTMjuX8Ryrch9kqZw>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedugedrkeefgdegtdcutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenuc fjughrpefofgggkfgjfhffhffvufgtgfesthhqredtreerjeenucfhrhhomhepfdevhhhr ihhsthhophhhvghrucghohhougdfuceotggrfieshhgvrghpihhnghgsihhtshdrnhgvth eqnecuffhomhgrihhnpehivghtfhdrohhrghenucevlhhushhtvghrufhiiigvpedtnecu rfgrrhgrmhepmhgrihhlfhhrohhmpegtrgifsehhvggrphhinhhgsghithhsrdhnvght
X-ME-Proxy: <xmx:WDdPXkfpfoLhFDXeFgHDBFFpWLelcQAIfOYCX1i1n1-2UfDGYXV0GQ> <xmx:WDdPXvJ2DzlZ_E31_dTRifKPDPKPcVxpzxU7dHGEv_9-ekuO92MPPA> <xmx:WDdPXhFZxAnzph_pY4P3GsPngzIFaYccY27wD2EWDftQvhePlVMaFQ> <xmx:WTdPXtttYR6-aRhgHLlUjNRzGUemxZ-ecLQTyBAnTG_K1QmM5Ik0hw>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 932893C00A1; Thu, 20 Feb 2020 20:50:16 -0500 (EST)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.1.7-802-g7a41c81-fmstable-20200203v1
Mime-Version: 1.0
Message-Id: <f450ea2c-a3eb-4956-a842-3dbf20d4b58b@www.fastmail.com>
In-Reply-To: <20200220173305.GE97652@kduck.mit.edu>
References: <158164888774.20556.7623938203569597994@ietfa.amsl.com> <20200220173305.GE97652@kduck.mit.edu>
Date: Thu, 20 Feb 2020 17:49:55 -0800
From: Christopher Wood <caw@heapingbits.net>
To: Benjamin Kaduk <kaduk@mit.edu>
Cc: "secdir@ietf.org" <secdir@ietf.org>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/9VX9Z8chyJWFQ0qA_l_OGSIkUiU>
Subject: Re: [secdir] [Last-Call] Secdir telechat review of draft-ietf-dtn-tcpclv4-18
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Feb 2020 01:50:20 -0000
My pleasure! I’m glad it helped. Best, Chris On Thu, Feb 20, 2020, at 9:33 AM, Benjamin Kaduk wrote: > Hi Chris, > > Thanks for doing this and the initial review; that helped the document out > quite a bit! (I did still have a couple discuss points, but they're > largely about high-level topics relating to how much policy should be > encoded in the protocol spec.) > > -Ben > > On Thu, Feb 13, 2020 at 06:54:47PM -0800, Christopher Wood via > Datatracker wrote: > > Reviewer: Christopher Wood > > Review result: Has Nits > > > > Thanks for updating this document! All of my comments from the previous review > > have been addressed. It reads much better now. I only have some minor nits to > > note below: > > > > - Section 8.5: This section title references ciphersuite downgrade, yet the > > text refers to configured use of less-good ciphersuites. Perhaps the title > > should be, "Threat: Weak TLS Configurations"? - Section 8.6: I don't quite > > follow this section. Certainly, describing how one validates certificates is > > out of scope. However, the title suggests this is part of how one "uses" > > certificates? I might just scratch this section altogether, and instead > > reference RFC5280 where certificate-based authentication is first presented. - > > Section 8.7: I might rename this title to, "Threat: Symmetric Key Limits." - > > Section 8.10.1: I would reference opportunistic security here, as an > > unauthenticated key exchange yields similar properties. > > > > -- > > last-call mailing list > > last-call@ietf.org > > https://www.ietf.org/mailman/listinfo/last-call >
- [secdir] Secdir telechat review of draft-ietf-dtn… Christopher Wood via Datatracker
- Re: [secdir] [Last-Call] Secdir telechat review o… Benjamin Kaduk
- Re: [secdir] [Last-Call] Secdir telechat review o… Christopher Wood