[secdir] secdir review of draft-baeuerle-netnews-cancel-lock-06

David Mandelberg <david@mandelberg.org> Thu, 21 September 2017 21:02 UTC

Return-Path: <david@mandelberg.org>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DBAED120720 for <secdir@ietfa.amsl.com>; Thu, 21 Sep 2017 14:02:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=yahoo.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fQIaiodVjrvg for <secdir@ietfa.amsl.com>; Thu, 21 Sep 2017 14:02:48 -0700 (PDT)
Received: from nm3-vm2.access.bullet.mail.bf1.yahoo.com (nm3-vm2.access.bullet.mail.bf1.yahoo.com [216.109.114.97]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F22A6132FB1 for <secdir@ietf.org>; Thu, 21 Sep 2017 14:02:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1506027765; bh=qUHJgx3vnkqItT/8iZP6yQ7bnHwVzCEuCXd5CDBm13A=; h=To:From:Subject:Date:From:Subject; b=tdWDidEA9FiHVMni2XSr7gdRbDPC18QsMIwAA8h/ZR3ReH/j/E2TMO5n17561Se+mj8EgROsMaVP1KqLRxyJqaGT5/CM4BBzJyWYVf6ZwPSrNGaCit2XmCVKS9obzKsmNffE6KYseaO8tG1QaKa+7RCzfTgSlSZ6Wef4avyrejLnSEEpJfXW5JtoeDGXlRFuhCc8hFRUvrTlqfCI2Dk4OfP9s5CPo6OdB6y1erqjNAnXUu3eYykkdhcYTg/sL+n2FzfqJFhWLhTsAlftBbeqq6y+qfmCs77+Sz5GoC17SzMrCtcCOSd8TtES9zwLXsLHkNWtALL/HeJNrcbVYi4aOg==
Received: from [66.196.81.158] by nm3.access.bullet.mail.bf1.yahoo.com with NNFMP; 21 Sep 2017 21:02:45 -0000
Received: from [98.138.39.78] by tm4.access.bullet.mail.bf1.yahoo.com with NNFMP; 21 Sep 2017 21:02:45 -0000
Received: from [127.0.0.1] by smtp114.sbc.mail.ne1.yahoo.com with NNFMP; 21 Sep 2017 21:02:45 -0000
X-Yahoo-Newman-Id: 228997.68431.bm@smtp114.sbc.mail.ne1.yahoo.com
X-Yahoo-Newman-Property: ymail-3
X-YMail-OSG: bapCGyEVM1ka3wrUjGYMVhjobxYxdvrlE35JJ3tHvaVHWEv arrVgIoXXVJkVd9HAuWLPXROT9.zTJwYmzRLv3RBrI9wOGRaaS7PnZT70.Uu VbTvhEFiDiB5PDlqSE0hX1xzNg_fRlTh2AnbriK6ZD1lajSiHtueC0bzdGD7 GGwn4Z3OpeJvHf9AdLg7Ul5RY0wc3OWT73C5619bXhpMBiuv3WeqdXGNBgr4 I4486s5vkhu1q3ERmo1yAEtsFfbIkKOWaWB1KCBpkzvgzcgzNHsjD_KrJG1k quFEzfqdDYNpzGcRnYP_23HgLrbw12Un0b9h_WhzPw3pt8YRmPZEqkVYtZ74 bs3abtsVrLavKfxpzflRbrYK660UxvqpJgMIZuV6Ci5dNjQmkeUr4G0w5rZj WmpUUrSFiow3JYkHmTgv9bX6BA0XPhz55BhF2ICnTX1VIrtnOcRnVmhpjOgD aL5nbDejjGSmh2RxRclzQn8flL0tppdoKA5ZLw.N11CNIrnIIMeV7dKQDxga lF1FVnR10sKiM2Er4zj30aA--
X-Yahoo-SMTP: 4kJJK.qswBDPuwyc5wW.BPAQqNXdy5j09UNyeAS0pyOQ708-
Received: from [192.168.1.152] (DD-WRT [192.168.1.1]) by uriel.mandelberg.org (Postfix) with ESMTPSA id 279C41C6066; Thu, 21 Sep 2017 17:02:44 -0400 (EDT)
To: iesg@ietf.org, secdir@ietf.org, draft-baeuerle-netnews-cancel-lock.all@ietf.org
From: David Mandelberg <david@mandelberg.org>
Message-ID: <3f32f3fe-5f38-d4a8-c7c6-a40be5c2ebb6@mandelberg.org>
Date: Thu, 21 Sep 2017 17:02:41 -0400
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.3.0
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/CwAg3gcDxqgeQvpulrVaQdzy6uI>
Subject: [secdir] secdir review of draft-baeuerle-netnews-cancel-lock-06
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Sep 2017 21:02:49 -0000

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the IESG.
These comments were written primarily for the benefit of the  security
area directors.  Document editors and WG chairs should treat  these
comments just like any other last call comments.

The summary of the review is Ready with nits.

Thanks for addressing almost all of the comments from my previous 
review, the changes in the document look good. I had one comment before 
(also, below) that I didn't see addressed (sorry if I missed it). Since 
I really don't know what the numbers should be, it's just a nit.

Section 7 says "the key size used should be at least 128 bit with 
"sha256" for <scheme> and at least 80 bit with "sha1" for <scheme>." 
Those key sizes seem rather low to me, but I don't know exactly what 
they should be.

-- 
Freelance cyber security consultant, software developer, and more
https://david.mandelberg.org/