[secdir] draft-ietf-geopriv-policy-uri-02
"Scott G. Kelly" <scott@hyperthought.com> Sun, 30 October 2011 13:41 UTC
Return-Path: <scott@hyperthought.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1F44D21F8B1C for <secdir@ietfa.amsl.com>; Sun, 30 Oct 2011 06:41:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.265
X-Spam-Level:
X-Spam-Status: No, score=-3.265 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5gXrvw09Ytl0 for <secdir@ietfa.amsl.com>; Sun, 30 Oct 2011 06:41:04 -0700 (PDT)
Received: from smtp202.dfw.emailsrvr.com (smtp202.dfw.emailsrvr.com [67.192.241.202]) by ietfa.amsl.com (Postfix) with ESMTP id 9E8DD21F8B18 for <secdir@ietf.org>; Sun, 30 Oct 2011 06:41:04 -0700 (PDT)
Received: from localhost (localhost.localdomain [127.0.0.1]) by smtp10.relay.dfw1a.emailsrvr.com (SMTP Server) with ESMTP id 684E11B823A; Sun, 30 Oct 2011 09:41:03 -0400 (EDT)
X-Virus-Scanned: OK
Received: by smtp10.relay.dfw1a.emailsrvr.com (Authenticated sender: scott-AT-hyperthought.com) with ESMTPSA id E0E031B8211; Sun, 30 Oct 2011 09:41:02 -0400 (EDT)
Message-ID: <4EAD53ED.60802@hyperthought.com>
Date: Sun, 30 Oct 2011 06:41:01 -0700
From: "Scott G. Kelly" <scott@hyperthought.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20110929 Thunderbird/7.0.1
MIME-Version: 1.0
To: "secdir@ietf.org" <secdir@ietf.org>, "iesg@ietf.org" <iesg@ietf.org>, draft-ietf-geopriv-policy-uri.all@tools.ietf.org
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Subject: [secdir] draft-ietf-geopriv-policy-uri-02
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 30 Oct 2011 13:41:05 -0000
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This review is a little late -- sorry for the delay. From the abstract, "This document extends the current location configuration protocols to provide hosts with a reference to the rules that are applied to a URI, so that the host can view or set these rules." Specifically, it allows the host to view, set, or change privacy rules associated with its location URIs. The document is well-written, and contains a security considerations section that addresses associated protocol threats. That section references two "classes of risks": risk of unauthorized disclosure of the protected resource, and risk of disclosure of the policy information itself. Why isn't unauthorized manipulation of the policy information also listed as a risk? Actually, the second paragraph of the security considerations addresses this, ("The mechanism also needs to ensure that only authorized entities are able to acquire or alter policy."), but subsequent text seems to indicate that if the policy URI is not kept secret, there are no further protections. Am I missing something here, or is secrecy of the URI really the only protection against unauthorized policy manipulation? I have to admit that I have no experience with these protocols, and it may be that this is addressed elsewhere (or truly doesn't matter), but it does feel a bit off. --Scott
- [secdir] draft-ietf-geopriv-policy-uri-02 Scott G. Kelly
- Re: [secdir] draft-ietf-geopriv-policy-uri-02 Richard Barnes
- Re: [secdir] draft-ietf-geopriv-policy-uri-02 Scott G. Kelly
- Re: [secdir] draft-ietf-geopriv-policy-uri-02 Richard Barnes
- Re: [secdir] draft-ietf-geopriv-policy-uri-02 Scott G. Kelly