Re: [secdir] Review of draft-ietf-core-groupcomm-21

"Rahman, Akbar" <Akbar.Rahman@InterDigital.com> Sat, 09 August 2014 03:33 UTC

Return-Path: <Akbar.Rahman@interdigital.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4E3031A061D for <secdir@ietfa.amsl.com>; Fri, 8 Aug 2014 20:33:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Z1vSwgvI2I2B for <secdir@ietfa.amsl.com>; Fri, 8 Aug 2014 20:33:48 -0700 (PDT)
Received: from smtp-in1.interdigital.com (smtp-in1.interdigital.com [64.208.228.133]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7738E1A0538 for <secdir@ietf.org>; Fri, 8 Aug 2014 20:33:48 -0700 (PDT)
X-ASG-Debug-ID: 1407555227-06daaa1c7d52010001-mFDwdl
Received: from smtp-out1.interdigital.com (sahara.interdigital.com [10.0.128.27]) by smtp-in1.interdigital.com with ESMTP id AXRQ4NWMYlg6CHnR for <secdir@ietf.org>; Fri, 08 Aug 2014 23:33:47 -0400 (EDT)
X-Barracuda-Envelope-From: Akbar.Rahman@InterDigital.com
Received: from SAM.InterDigital.com ([10.30.2.11]) by smtp-out1.interdigital.com with Microsoft SMTPSVC(6.0.3790.4675); Fri, 8 Aug 2014 23:33:41 -0400
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Date: Fri, 8 Aug 2014 23:33:33 -0400
X-ASG-Orig-Subj: RE: Review of draft-ietf-core-groupcomm-21
Message-ID: <D60519DB022FFA48974A25955FFEC08C05DC046F@SAM.InterDigital.com>
In-Reply-To: <53E5864D.7040809@oracle.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: Review of draft-ietf-core-groupcomm-21
Thread-Index: Ac+zeR85SqR9VTewTD2fa6Sj6lGAtAACPS+Q
References: <53E1937A.9000502@oracle.com> <53E5864D.7040809@oracle.com>
From: "Rahman, Akbar" <Akbar.Rahman@InterDigital.com>
To: "Shawn M Emery" <shawn.emery@oracle.com>, <secdir@ietf.org>
X-OriginalArrivalTime: 09 Aug 2014 03:33:41.0006 (UTC) FILETIME=[B6BE02E0:01CFB382]
X-Barracuda-Connect: sahara.interdigital.com[10.0.128.27]
X-Barracuda-Start-Time: 1407555227
X-Barracuda-URL: http://10.1.245.3:8000/cgi-mod/mark.cgi
X-Virus-Scanned: by bsmtpd at interdigital.com
X-Barracuda-BRTS-Status: 1
X-Barracuda-Spam-Score: 0.00
X-Barracuda-Spam-Status: No, SCORE=0.00 using global scores of TAG_LEVEL=1000.0 QUARANTINE_LEVEL=1000.0 KILL_LEVEL=9.0 tests=
X-Barracuda-Spam-Report: Code version 3.2, rules version 3.2.3.8259 Rule breakdown below pts rule name description ---- ---------------------- --------------------------------------------------
Archived-At: http://mailarchive.ietf.org/arch/msg/secdir/FhOUoC06SuR55qlBhqHel8djQY8
X-Mailman-Approved-At: Sat, 09 Aug 2014 08:02:46 -0700
Cc: draft-ietf-core-groupcomm.all@tools.ietf.org
Subject: Re: [secdir] Review of draft-ietf-core-groupcomm-21
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 09 Aug 2014 03:33:50 -0000

Thank you for the prompt review, Shawn.

>Editorial comments:
>Please expand the first occurrence of CoAP, unless it's in the common
abbreviations list.

Good catch.  We expand (define) CoAP in the first sentence of the main
body (i.e., section 1.1).  However, we did not expand CoAP in the
Abstract.  We will correct that in our next update.


Best Regards,


Akbar


-----Original Message-----
From: Shawn M Emery [mailto:shawn.emery@oracle.com] 
Sent: Friday, August 08, 2014 10:24 PM
To: secdir@ietf.org
Cc: draft-ietf-core-groupcomm.all@tools.ietf.org
Subject: Review of draft-ietf-core-groupcomm-21

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the IESG.
These comments were written primarily for the benefit of the security
area directors. Document editors and WG chairs should treat these
comments just like any other last call comments.

This informational draft provides guidance on CoAP (Constrained
Application Protocol) communication when using multiple recipients (i.e.
multicast).

The security considerations section does exist and does disclose that
CoAP group communication (i.e. multicast transmissions) does lack a
security mode and references RFC
7252 for the various attacks.  CoAP relies upon DTLS, which does not
currently have a standardized solution for multicast communication.  The
draft goes on to state the various threats and how to mitigate against
said attacks.  It discusses possible future methods to protect multicast
transmissions, such as draft-keoh-dice-multicast-security.
The security considerations does also have a separate section on
pervasive monitoring, which I thought was a good idea, but not just for
this draft...

General comments:

None.

Editorial comments:

Please expand the first occurrence of CoAP, unless it's in the common
abbreviations list.

Shawn.
--