[secdir] SECDIR review of draft-freytag-lager-variant-rules-05
Chris Lonvick <lonvick.ietf@gmail.com> Wed, 26 April 2017 01:22 UTC
Return-Path: <lonvick.ietf@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8B836126C0F; Tue, 25 Apr 2017 18:22:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DbwDz6lxmtxu; Tue, 25 Apr 2017 18:22:00 -0700 (PDT)
Received: from mail-oi0-x242.google.com (mail-oi0-x242.google.com [IPv6:2607:f8b0:4003:c06::242]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3D06F126B72; Tue, 25 Apr 2017 18:21:57 -0700 (PDT)
Received: by mail-oi0-x242.google.com with SMTP id w12so10900121oiw.0; Tue, 25 Apr 2017 18:21:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:subject:message-id:date:user-agent:mime-version; bh=XeRJHqDSzih9VL06soNGqyWRWKP5+AFy6I4QKWGhSsc=; b=AAD7JJlgq63p8Ib3fPoITLji2jmrk0fPvZB8p0oC1OOmAAq947ckH3sa3hlOL9SE8X VjMQAqJyvCY06+gwyd7cINubH0gEglirv4AURXp74nqRhos+txczNYsGrvA1k7Qt3xx7 2atnPzxuD8u2xbNROgaaWs9SplnEOp5PmizlH50FMK28k6a+uZNJz/O3jXmIOnf2+Wcy O9ailzGjrXZGUoP7nLpB21qIdW9GwUrV4VSTBIC4pZoZhtiHC3oy4UN9iPNm8MjXw8G+ ZbHRtHIxr9tl/Vex87ew2G6NiHuNle1fNyZv77zlv5QUXiQ9Vdpcglhefzi7upUHyW60 mLjg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:message-id:date:user-agent :mime-version; bh=XeRJHqDSzih9VL06soNGqyWRWKP5+AFy6I4QKWGhSsc=; b=hpNKgfyqkiyMO4B8DCsIvJD5rZN99rxgjB6Yf647EeNLx9yTB2q5nfQVUOMh9gaimc l9GSxOGxSc6u78dHJJKfbeZ2q8rg0FCIhdGyc9FdDEO4RFbXKVKr/s1pAM5WtuA3/UH+ FmwywTugU4lozhSHIYVeLGAjy9K04CLGFw3iVtw5h+ihLUeqFmnGOhV6CCeXxG/Rkn9c QA8+orhxx4Q3+97CFg/JT9JB6ag1SJqH9WZfRO3d0DRqvxdR0SCpn9ZG8kABp+UTNzN1 RVtXGLhHl4CKBhRtMxR105VpjZBTM4LB4Ja2oe7kK4RG7EKpKw6DLmLHFax+Tt5Sc74p Xp7Q==
X-Gm-Message-State: AN3rC/6AymIm0YS7Van1TkcSny28jwfayM5ueAlgmSlPptDbvkPnPZaX RVVSHg8Sc4fFeeTm
X-Received: by 10.157.14.112 with SMTP id n45mr6967546otd.171.1493169716486; Tue, 25 Apr 2017 18:21:56 -0700 (PDT)
Received: from Chriss-Air.attlocal.net ([2602:306:838b:1c40:e96b:6efb:bf85:dcf]) by smtp.googlemail.com with ESMTPSA id i32sm4171413otd.43.2017.04.25.18.21.56 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 25 Apr 2017 18:21:56 -0700 (PDT)
From: Chris Lonvick <lonvick.ietf@gmail.com>
To: "iesg@ietf.org" <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>, "draft-freytag-lager-variant-rules.all@ietf.org" <draft-freytag-lager-variant-rules.all@ietf.org>
Message-ID: <58FFF632.6050607@gmail.com>
Date: Tue, 25 Apr 2017 20:21:54 -0500
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:38.0) Gecko/20100101 Thunderbird/38.7.2
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="------------010100060200080807000702"
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/HGTM9kueXSItcgOXoetYYUpotb8>
Subject: [secdir] SECDIR review of draft-freytag-lager-variant-rules-05
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Apr 2017 01:22:01 -0000
Hi,
I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the IESG.
These comments were written primarily for the benefit of the security
area directors. Document editors and WG chairs should treat these
comments just like any other last call comments.
I consider this draft to be ready with nits.
I reviewed versions -02 and -03. In my review of -03, I noted, "RFC 7940
has a short section in its Security Considerations section, noted below,
about how LGRs are only a partial remedy to the problem. The new
Security Considerations section in -03 seems to indicate that the
problem space may be constrained by properly utilizing certain optional
features of 7940. If that is correct, then perhaps the author would
consider revising the last part of the second paragraph to more clearly
state that?"
The Security Considerations section in -05 has been updated to amply
address that.
The few nits there were have been addressed between -03 and -05.
However, I'm not understanding this sentence in the last paragraph of
the Security Considerations section:
Also, the question of whether to define variants are all, or what
labels are to be considered variants...
Perhaps should be:
Also, the question of whether to define variants _at_ all...
Thanks,
Chris
- [secdir] SECDIR review of draft-freytag-lager-var… Chris Lonvick