Re: [secdir] Review of draft-ietf-dime-diameter-api-08
Sean Turner <turners@ieca.com> Tue, 16 June 2009 18:07 UTC
Return-Path: <turners@ieca.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 835293A6A7D for <secdir@core3.amsl.com>; Tue, 16 Jun 2009 11:07:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Rk0U5XLtlXNp for <secdir@core3.amsl.com>; Tue, 16 Jun 2009 11:07:47 -0700 (PDT)
Received: from smtp103.biz.mail.mud.yahoo.com (smtp103.biz.mail.mud.yahoo.com [68.142.200.238]) by core3.amsl.com (Postfix) with SMTP id 431153A6ACA for <secdir@ietf.org>; Tue, 16 Jun 2009 11:07:47 -0700 (PDT)
Received: (qmail 67330 invoked from network); 16 Jun 2009 18:01:17 -0000
Received: from unknown (HELO thunderfish.local) (turners@98.240.94.168 with plain) by smtp103.biz.mail.mud.yahoo.com with SMTP; 16 Jun 2009 18:01:16 -0000
X-Yahoo-SMTP: qPTWNAeswBAtDTSn9GKlmmL3C90ke7grn_5n9To-
X-YMail-OSG: pISTYoAVM1mSvc2lbBF.Vnhiz7ucautZFiW1WxUivwOdl8aBIHLuMShcBCD1OrmmKhnjvx7ugL_NzHxzqZxPcp04lFeW7t6VtH2wD7ey6cDrNwQ0gT9F5mWFOL.549SESblIc8W724xdRWk1aEoX83Os9iJ2yN.YNNaM15_X0_U.wP3qeK0bv5bY0PxTw9ipDxJam0lsMhoV.wdeqhKFivlIIGFUxoHDPE_yCR6PuU_pPLtyEy.TIAxerTWrkf.LjvwPEPVwKp42mEp8n1WyLkr8nuxXhNZxQdqFLGgOQmYZqwvHQFqorCVZLymYT0xGFXFzRIJuyitMjWboCy8D9gVQR_tkFpzza18E
X-Yahoo-Newman-Property: ymail-3
Message-ID: <4A37DDEB.7070402@ieca.com>
Date: Tue, 16 Jun 2009 13:01:15 -0500
From: Sean Turner <turners@ieca.com>
User-Agent: Thunderbird 2.0.0.21 (Macintosh/20090302)
MIME-Version: 1.0
To: "Romascanu, Dan (Dan)" <dromasca@avaya.com>
References: <4A37BDAA.50306@ieca.com> <EDC652A26FB23C4EB6384A4584434A04017D2C53@307622ANEX5.global.avaya.com>
In-Reply-To: <EDC652A26FB23C4EB6384A4584434A04017D2C53@307622ANEX5.global.avaya.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: pacalhou@cisco.com, secdir <secdir@ietf.org>, dave@frascone.com, dime-chairs@ietf.org, draft-ietf-dime-diameter-api@tools.ietf.org, iesg@ietf.org, Hannes Tschofenig <Hannes.Tschofenig@gmx.net>, Victor Fajardo <vfajardo@tari.toshiba.com>
Subject: Re: [secdir] Review of draft-ietf-dime-diameter-api-08
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Jun 2009 18:07:47 -0000
Dan, I sent the review to Pat and to Dave (and the iesg and secdir). I see that Victor was also added during the last go around so if he made the changes I'm not sure he would have seen them. My concern is that the document is for the Diameter API but the security considerations points to the Diameter Protocol. So, we don't have any security considerations at all if we just point to the protocol definition, which is what the document does now. spt Romascanu, Dan (Dan) wrote: > Sean, > > Was your review sent to the editors of the document? > > Can you please clarify why you believe that the API introduces > supplementary security concerns, which would make the reference to the > security considerations of RFC 5366 insufficient? > > Thanks and Regards, > > Dan > > >> -----Original Message----- >> From: iesg-bounces@ietf.org [mailto:iesg-bounces@ietf.org] On >> Behalf Of Sean Turner >> Sent: Tuesday, June 16, 2009 6:44 PM >> To: secdir; draft-ietf-dime-diameter-api@tools.ietf.org; >> iesg@ietf.org; dime-chairs@ietf.org >> Cc: Hannes Tschofenig >> Subject: Review of draft-ietf-dime-diameter-api-08 >> >> I have reviewed this document (twice now) as part of the >> security directorate's ongoing effort to review all IETF >> documents being processed by the IESG. These comments were >> written primarily for the benefit of the security area >> directors. Document editors and WG chairs should treat these >> comments just like any other last call comments. >> >> This version does not address the comments I made against the >> -07 version, notably: >> >> The document needs to discuss the security considerations >> surrounding the API in your document, as opposed to just >> pointing to RFC5388. >> >> Nits: >> - Sec 3.1.1: add "." to end of last sentence >> - Sec 3.4.3.1 and 3.4.3.2: r/- The NAI of the user./The NAI >> of the user. >> - Sec 3.4.5.7: Move description before C code. >> >> spt >> >
- [secdir] Review of draft-ietf-dime-diameter-api-08 Sean Turner
- Re: [secdir] Review of draft-ietf-dime-diameter-a… Romascanu, Dan (Dan)
- Re: [secdir] Review of draft-ietf-dime-diameter-a… Sean Turner
- Re: [secdir] Review of draft-ietf-dime-diameter-a… Romascanu, Dan (Dan)
- Re: [secdir] Review of draft-ietf-dime-diameter-a… Victor Fajardo
- Re: [secdir] Review of draft-ietf-dime-diameter-a… Sean Turner
- Re: [secdir] Review of draft-ietf-dime-diameter-a… David Frascone