[secdir] secdir review of draft-ietf-tram-stun-pmtud
Carl Wallace <carl@redhoundsoftware.com> Tue, 11 September 2018 12:43 UTC
Return-Path: <carl@redhoundsoftware.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 987BE130E7E for <secdir@ietfa.amsl.com>; Tue, 11 Sep 2018 05:43:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=redhoundsoftware.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YBfcuCq9koOe for <secdir@ietfa.amsl.com>; Tue, 11 Sep 2018 05:43:33 -0700 (PDT)
Received: from mail-qt0-x244.google.com (mail-qt0-x244.google.com [IPv6:2607:f8b0:400d:c0d::244]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A483C130E80 for <secdir@ietf.org>; Tue, 11 Sep 2018 05:43:33 -0700 (PDT)
Received: by mail-qt0-x244.google.com with SMTP id t39-v6so27953700qtc.8 for <secdir@ietf.org>; Tue, 11 Sep 2018 05:43:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhoundsoftware.com; s=google; h=user-agent:date:subject:from:to:message-id:thread-topic :mime-version:content-transfer-encoding; bh=g3w3pfMS+kStqWG8yp2FmV9inHD9LQoOE3hWP6lE7X8=; b=0aAhAallZLMHZHHmXZOJgTT3zR9/gLlcZ+i8o8fXkJbXVorkecK4WHt5kXmW/d/k+k 1h236ht0pgVr5yMjIid8VC5BGHUvz+vRn9UgsRBLfR+B2SxnXoyT4DKQXwWQcf71fBo3 RD+a0tVddkli7g74JJNZKu1r26jJ1SToPvaso=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:user-agent:date:subject:from:to:message-id :thread-topic:mime-version:content-transfer-encoding; bh=g3w3pfMS+kStqWG8yp2FmV9inHD9LQoOE3hWP6lE7X8=; b=pwXBLehmbHbYAE7wDWR8hsELPw95/nO8GHzrnkGerm6SWJj35l0W0gABnLSc1li5Dw X4gk0knIAb3MM8C44SvYL6YbCkEBwy3ba+C7loopkf61d7y/7wDsDk3wQth9Rl8HAhb/ CscFGgLFMHr2CFBZnRKnOL1edQsvd8i52JmV4wO9JgROucdM5Q23VuIKLhlW2fmTvEJC p8PrIcAB9ReoeI4Md/1pMA0fa2Y6RIvf2yA32jUjn9XeHSwWpL7DIa57vVYh88seljCb JkqdbmzEqo/Wnh9/NJBM1tWYhefCKi0LwTPPCnxI8eBvMQqPB4rJlrRO9GFSUb8TFcAm kiYg==
X-Gm-Message-State: APzg51DFyqW0GVrk60nPahwEHG5JHaqYARQDVbYf36Jl7SJHi/GKFRp9 dwbfmRY5p6VJbh478O3If++Rc5ugRH27XA==
X-Google-Smtp-Source: ANB0Vda7loCNu4QMRpNPSQWa7jkRbRjHDMSUNg/bLxB34c9pe450+u/9A7gH2W6rwI4z6+eE5h1D3w==
X-Received: by 2002:ac8:7a98:: with SMTP id x24-v6mr19688902qtr.298.1536669810219; Tue, 11 Sep 2018 05:43:30 -0700 (PDT)
Received: from [192.168.2.27] (pool-108-28-91-61.washdc.fios.verizon.net. [108.28.91.61]) by smtp.googlemail.com with ESMTPSA id i85-v6sm14394330qkh.3.2018.09.11.05.43.15 (version=TLS1 cipher=AES128-SHA bits=128/128); Tue, 11 Sep 2018 05:43:20 -0700 (PDT)
User-Agent: Microsoft-MacOutlook/14.7.6.170621
Date: Tue, 11 Sep 2018 08:43:11 -0400
From: Carl Wallace <carl@redhoundsoftware.com>
To: secdir@ietf.org, The IESG <iesg@ietf.org>, draft-ietf-tram-stun-pmtud.all@ietf.org
Message-ID: <D7BD309F.C0AD4%carl@redhoundsoftware.com>
Thread-Topic: secdir review of draft-ietf-tram-stun-pmtud
Mime-version: 1.0
Content-type: text/plain; charset="UTF-8"
Content-transfer-encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/DaQWHXSpU-jIlqIV1nwEpUl64sw>
Subject: [secdir] secdir review of draft-ietf-tram-stun-pmtud
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Sep 2018 12:43:36 -0000
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This document describes a Session Traversal Utilities for NAT (STUN) usage for Path MTU Discovery (PMTUD) between a client and a server. A few comments (bearing in mind I am not versed in STUN specs): - It may be worth highlighting the requirement for authentication when providing an overview of the Complete Probing mechanism in section 2. - In section 4, replace "Simple Probing mechanism does not require authentication" with "Simple Probing mechanism does not require authentication except where used as an implicit signaling mechanism". - Complete Probing and some uses of Simple Probing require authentication. Are there any authentication mechanisms that must be supported? - The second paragraph of the introduction and first paragraph of section 5 open the use of the spec to non-STUN-based protocols may not square with all of the MUSTs in the document, some of which require STUN (like section 4.1.x). - Why is 5780 marked as informative? Attributes from it are required.
- [secdir] secdir review of draft-ietf-tram-stun-pm… Carl Wallace
- Re: [secdir] secdir review of draft-ietf-tram-stu… Gonzalo Camarillo
- Re: [secdir] secdir review of draft-ietf-tram-stu… Marc Petit-Huguenin