Re: [secdir] secdir review of draft-ietf-dime-priority-avps-04
carlberg@g11.org.uk Tue, 26 July 2011 11:23 UTC
Return-Path: <carlberg@g11.org.uk>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 04D0F21F8C61; Tue, 26 Jul 2011 04:23:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HZVgQDhQb-PX; Tue, 26 Jul 2011 04:23:55 -0700 (PDT)
Received: from portland.eukhosting.net (portland.eukhosting.net [92.48.97.5]) by ietfa.amsl.com (Postfix) with ESMTP id 1A16A21F8B91; Tue, 26 Jul 2011 04:23:55 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=g11.org.uk; h=Message-ID:Date:From:To:Cc:Subject:References:In-Reply-To:MIME-Version:Content-Type:Content-Disposition:Content-Transfer-Encoding:User-Agent:X-Source:X-Source-Args:X-Source-Dir; b=DQhuqeEDff2sTZfYU5reNpvf+h8QGlQlnABqEBvRIpKxMB/NcthwVHpuE0y0BwlwstCyMaEIuJafVm3FC8uP1X19iWdhuKzo7nqSojPajH6rtuVkizh8mtFZtusRo0RO;
Received: from localhost ([127.0.0.1]:24388) by portland.eukhosting.net with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.69) (envelope-from <carlberg@g11.org.uk>) id 1Qlfjm-0001ct-KH; Tue, 26 Jul 2011 11:23:46 +0000
Received: from 130.129.67.210 ([130.129.67.210]) by portland.eukhosting.net (Horde Framework) with HTTP; Tue, 26 Jul 2011 11:23:46 +0000
Message-ID: <20110726112346.35893ibie0kwerqc@portland.eukhosting.net>
Date: Tue, 26 Jul 2011 11:23:46 +0000
From: carlberg@g11.org.uk
To: Stephen Hanna <shanna@juniper.net>
References: <20110726104135.13472eudbij0eaqs@portland.eukhosting.net> <AC6674AB7BC78549BB231821ABF7A9AEB674516F2B@EMBX01-WF.jnpr.net>
In-Reply-To: <AC6674AB7BC78549BB231821ABF7A9AEB674516F2B@EMBX01-WF.jnpr.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"; DelSp="Yes"; format="flowed"
Content-Disposition: inline
Content-Transfer-Encoding: 7bit
User-Agent: Internet Messaging Program (IMP) H3 (4.3.9)
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - portland.eukhosting.net
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - g11.org.uk
X-Source:
X-Source-Args:
X-Source-Dir:
X-Mailman-Approved-At: Tue, 26 Jul 2011 04:29:07 -0700
Cc: "lionel.morand@orange-ftgroup.com" <lionel.morand@orange-ftgroup.com>, "draft-ietf-dime-priority-avps.all@tools.ietf.org" <draft-ietf-dime-priority-avps.all@tools.ietf.org>, "ietf@ietf.org" <ietf@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
Subject: Re: [secdir] secdir review of draft-ietf-dime-priority-avps-04
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Jul 2011 11:23:56 -0000
Steve, Quoting Stephen Hanna <shanna@juniper.net>: > Thanks for your response, Ken. > > Removing the last sentence that you quoted would make things worse. > Readers of this draft should definitely familiarize themselves with > the security considerations related to priority. We should make that > easier, not harder. The fact that those considerations also apply to > other RFCs does not remove the fact that they apply to this one also. but those considerations do not directly apply to DIAMETER. > You cannot publish a document whose security considerations section > says (as this one effectively does today), "There are lots of security > considerations related to this document. To understand them, please > dig through all the referenced documents and figure it out yourself." > Doing that digging and analysis is the job of the document editors. agreed, speaking in the general sense. But again, the security considerations of these other protocols do not apply to the operation of Diameter. > In order to ease the burden on you, I think a reasonable compromise > would be for YOU to review the documents referenced and decide which > have the most relevant security considerations. Then you could list > those explicitly in the last paragraph of the Security Considerations. I'm concerned about the implications of your recommendation. If we extend this position to other work in the IETF, then efforts like defining MIBs would mean that each MIB draft would need to perform a security considerations analysis of each protocol that an objects refers to in the context of SNMP. And one can extend the argument that each protocol operating on top of TCP (and/or UDP) and IP would need to perform an analysis on how TCP/UDP and IP may affect the upper layer protocol. We don't do that today. cheers, -ken
- Re: [secdir] secdir review of draft-ietf-dime-pri… Stephen Hanna
- Re: [secdir] secdir review of draft-ietf-dime-pri… carlberg
- Re: [secdir] secdir review of draft-ietf-dime-pri… carlberg
- Re: [secdir] secdir review of draft-ietf-dime-pri… Stephen Hanna
- Re: [secdir] secdir review of draft-ietf-dime-pri… lionel.morand
- Re: [secdir] secdir review of draft-ietf-dime-pri… lionel.morand
- Re: [secdir] secdir review of draft-ietf-dime-pri… David Harrington