Re: [secdir] Secdir early review of draft-ietf-anima-autonomic-control-plane-13

Toerless Eckert <tte@cs.fau.de> Mon, 23 July 2018 21:16 UTC

Return-Path: <eckert@i4.informatik.uni-erlangen.de>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1B6C4130F63; Mon, 23 Jul 2018 14:16:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.95
X-Spam-Level:
X-Spam-Status: No, score=-3.95 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.25, RCVD_IN_DNSWL_MED=-2.3] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id N42mQzEuFfA5; Mon, 23 Jul 2018 14:16:04 -0700 (PDT)
Received: from faui40.informatik.uni-erlangen.de (faui40.informatik.uni-erlangen.de [IPv6:2001:638:a000:4134::ffff:40]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4DD6C130E73; Mon, 23 Jul 2018 14:16:04 -0700 (PDT)
Received: from faui48f.informatik.uni-erlangen.de (faui48f.informatik.uni-erlangen.de [IPv6:2001:638:a000:4134::ffff:52]) by faui40.informatik.uni-erlangen.de (Postfix) with ESMTP id CC4FD58C4AF; Mon, 23 Jul 2018 23:15:59 +0200 (CEST)
Received: by faui48f.informatik.uni-erlangen.de (Postfix, from userid 10463) id 954674402CB; Mon, 23 Jul 2018 23:15:59 +0200 (CEST)
Date: Mon, 23 Jul 2018 23:15:59 +0200
From: Toerless Eckert <tte@cs.fau.de>
To: Liang Xia <frank.xialiang@huawei.com>
Cc: secdir@ietf.org, anima@ietf.org, ietf@ietf.org, draft-ietf-anima-autonomic-control-plane.all@ietf.org
Message-ID: <20180723211559.f2u4ydl55ns5yhgo@faui48f.informatik.uni-erlangen.de>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: NeoMutt/20170113 (1.7.2)
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/Hm2JR-LTEaDWLWJLwOk_1wCqCaI>
Subject: Re: [secdir] Secdir early review of draft-ietf-anima-autonomic-control-plane-13
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 23 Jul 2018 21:16:07 -0000

Hi Frank,

Mea maxima culpa. Your -13 review below was probably overlooked by me
when integrating all received feeedbac from -13 into 14/15/16, although
it looks more as if i did fix most of the stuff from your review but then
forgot to send a reply.


This is integretated into -17, i didn't push a new version up, but
you can check it at:

https://raw.githubusercontent.com/anima-wg/autonomic-control-plane/master/draft-ietf-anima-autonomic-control-plane/draft-ietf-anima-autonomic-control-plane-17.txt

Replies inline below

Cheers
    Toerless

On Fri, Feb 23, 2018 at 07:28:05PM -0800, Liang Xia wrote:
> Reviewer: Liang Xia
> Review result: Has Issues
> 
> In general, this document is well-written and considers security issues
> carefully throughout the whole architecture.

Thanks!
> 
> nits:
> Abstract: /or not misconfigured/or misconfigured/

Was fixed n -16.

> the fifth paragraph of section 6.1: the last ")" is redundant, therefore can be
> deleted

Fixed.

> some section titles don't comply the rule of starting from a capital letter

Hmm.. checked -13 and -16 but could not find anything besides:

(-16) A.3.3.2 mDNS and ...
  This starts with small letter because "mDNS" is a unique name with a lower letter,
  i think this is correct. If we're unsure, RFC editor would be best to resolve later on.
(-16) Titles are all draft names and this section will be removed anyhow for RFC.

> section 6.5
> /("IP security", see [RFC4301] and "Internet Key Exchange protocol version 2",
> see [RFC7296]
> /("IP security", see [RFC4301] and "Internet Key Exchange protocol version 2",
> see [RFC7296])/

What change do you suggest, looks identical ?

> suggestion:
> all the Figures (e.g., Figure 1,2...) should have a title for explanation

Done in -16.

> section 2, please update the last paragraph to reference RFC8174 to indicate
> that lowercase versions of the keywords are not normative

Done in -16.

> Section 11 (Security Considerations) Since section 9.2 has described the
> self-protection properties of ACP well, it may be useful in this section to
> mention them as a whole.

Hmm.. Didn't want to reiterate too much text that is already written out
in the document, but instead inserted a reference to section 9.2 into the
security section.