IETF Logo Mail Archive

Re: [secdir] Review of draft-turner-deviceowner-attribute

Sean Turner <turners@ieca.com> Thu, 29 October 2009 12:55 UTC

Return-Path: <turners@ieca.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 27A5A3A68D3 for <secdir@core3.amsl.com>; Thu, 29 Oct 2009 05:55:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.669
X-Spam-Level:
X-Spam-Status: No, score=-1.669 tagged_above=-999 required=5 tests=[AWL=0.929, BAYES_00=-2.599, UNPARSEABLE_RELAY=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CxgUDIqj1Blz for <secdir@core3.amsl.com>; Thu, 29 Oct 2009 05:55:24 -0700 (PDT)
Received: from smtp101.biz.mail.re2.yahoo.com (smtp101.biz.mail.re2.yahoo.com [68.142.229.215]) by core3.amsl.com (Postfix) with SMTP id 154553A65A6 for <secdir@ietf.org>; Thu, 29 Oct 2009 05:55:23 -0700 (PDT)
Received: (qmail 96744 invoked from network); 29 Oct 2009 12:55:37 -0000
Received: from pool-71-191-6-46.washdc.east.verizon.net (turners@71.191.6.46 with plain) by smtp101.biz.mail.re2.yahoo.com with SMTP; 29 Oct 2009 05:55:36 -0700 PDT
X-Yahoo-SMTP: ZrP3VLSswBDL75pF8ymZHDSu9B.vcMfDPgLJ
X-Yahoo-Newman-Property: ymail-3
Message-ID: <4AE990C9.9040606@ieca.com>
Date: Thu, 29 Oct 2009 08:55:37 -0400
From: Sean Turner <turners@ieca.com>
User-Agent: Thunderbird 2.0.0.23 (Macintosh/20090812)
MIME-Version: 1.0
To: Jeffrey Hutzelman <jhutz@cmu.edu>
References: <2086_1256743076_n9SFHt4Y012009_4AE8609A.8060202@deployingradius.com> <B03BB7AAD83DD8E6F8C87D0D@atlantis.pc.cs.cmu.edu>
In-Reply-To: <B03BB7AAD83DD8E6F8C87D0D@atlantis.pc.cs.cmu.edu>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: draft-turner-deviceowner-attribute@tools.ietf.org, secdir@ietf.org
Subject: Re: [secdir] Review of draft-turner-deviceowner-attribute
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Oct 2009 12:55:25 -0000

Jeffrey Hutzelman wrote:
> --On Wednesday, October 28, 2009 11:17:46 AM -0400 Alan DeKok 
> <aland@deployingradius.com> wrote:
> 
>>   I have reviewed this document as part of the security directorate's
>> ongoing effort to review all IETF documents being processed by the IESG.
>>  These comments were written primarily for the benefit of the security
>> area directors.  Document editors and WG chairs should treat these
>> comments just like any other last call comments. Feel free to forward to
>> any appropriate forum.
>>
>>   This document defines a device owner attribute for use in ASN.1
>> protocols.  As it leverages existing ASN.1 specifications, it introduces
>> no new security considerations.
> 
> This makes no sense to me.  ASN.1 is a syntax notation, not a protocol. 
> The abstract is entirely unclear on what protocol this document extends, 
> though the introduction seems to suggest it extends PKIX and does not 
> extend LDAP.  It's not clear to me that it has any bearing on other 
> ASN.1-using protocols, such as SNMP or Kerberos.

Somebody else recently commented that there really aren't ASN.1
attributes.  They suggested changing it to X.500 attributes because 
that's where the definition came from (I guess technically the attribute 
definition is from X.501).  I agree with the suggested change and will 
make it in the next revision.

spt

v2.23.0 | Report a Bug | By Email