Re: [secdir] SecDir review of draft-ietf-dime-rfc4005bis-11
Glen Zorn <glenzorn@gmail.com> Mon, 24 September 2012 08:10 UTC
Return-Path: <glenzorn@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 480A521F8540; Mon, 24 Sep 2012 01:10:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.351
X-Spam-Level:
X-Spam-Status: No, score=-3.351 tagged_above=-999 required=5 tests=[AWL=0.248, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jO4PgHNKTlOm; Mon, 24 Sep 2012 01:10:21 -0700 (PDT)
Received: from mail-pb0-f44.google.com (mail-pb0-f44.google.com [209.85.160.44]) by ietfa.amsl.com (Postfix) with ESMTP id 5413A21F8543; Mon, 24 Sep 2012 01:10:20 -0700 (PDT)
Received: by pbbro8 with SMTP id ro8so1198527pbb.31 for <multiple recipients>; Mon, 24 Sep 2012 01:10:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=jNKhBF1L8UGWd20NLhk1koARGrm9fmR4Y0K4edBFNlw=; b=IkLYi7DGTYNc41DDF/QqTxI7N+MkQCw4zowhfIEhM++L4UM4SJN/iehUGz+Db/X1wQ u7uF72TdW/Ktv384i8I3Ry12JVSBt+TPKpEPk+l32fspkp6I4dO5J1bGmqvK0Tx0wuGJ YhLcEdQHfp17FtUzGFN2FE7xSVgrhidW4SQdz6YaGMEjiVCGPKZwimNZV2qB6+ImlgK6 IrbMA8ov/hYF+dbLFLyMqBcIB5cRKRDCkg155ULrfVdkiS0rtUKflp+mFWRBoyzONiqM MaRM1Z5QGje5unsmROzE3aXoL3AxNZTPXiB6cx215AHermjHPc0hgbrF6uVknfxh5Zza Milw==
Received: by 10.66.74.100 with SMTP id s4mr30638227pav.27.1348474219820; Mon, 24 Sep 2012 01:10:19 -0700 (PDT)
Received: from [192.168.0.102] (ppp-58-11-133-109.revip2.asianet.co.th. [58.11.133.109]) by mx.google.com with ESMTPS id ho7sm9295503pbc.3.2012.09.24.01.10.16 (version=SSLv3 cipher=OTHER); Mon, 24 Sep 2012 01:10:19 -0700 (PDT)
Message-ID: <50601567.3010008@gmail.com>
Date: Mon, 24 Sep 2012 15:10:15 +0700
From: Glen Zorn <glenzorn@gmail.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:15.0) Gecko/20120830 Thunderbird/15.0
MIME-Version: 1.0
To: "Moriarty, Kathleen" <kathleen.moriarty@emc.com>
References: <F5063677821E3B4F81ACFB7905573F24092B0179@MX15A.corp.emc.com>
In-Reply-To: <F5063677821E3B4F81ACFB7905573F24092B0179@MX15A.corp.emc.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: dime mailing list <dime@ietf.org>, "iesg@ietf.org" <iesg@ietf.org>, "draft-ietf-dime-rfc4005bis.all@tools.ietf.org" <draft-ietf-dime-rfc4005bis.all@tools.ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
Subject: Re: [secdir] SecDir review of draft-ietf-dime-rfc4005bis-11
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Sep 2012 08:10:22 -0000
On 09/22/2012 05:25 AM, Moriarty, Kathleen wrote: > I have reviewed this document as part of the security directorate's > ongoing effort to review all IETF documents being processed by the > IESG. These comments were written primarily for the benefit of the > security area directors. Document editors and WG chairs should treat > these comments just like any other last call comments. > > Summary: This document describes the extension of Diameter for the > NAS application. > > As such, should the abstract be updated to ensure the reader is aware > of the scope limitation in the first sentence? I don't understand: the first sentence of the introduction is virtually identical to the first sentence of Section 1. What do you want me to do? > > In reading through the draft, I agree with the summary in the > Security considerations section. This document is limited in scope, > it extends the definition and doesn't go into the details of the > protocol and the associated security considerations. The base > protocol is defined in RFC3588bis along with the security > requirements. > > I think a reference to the authentication security > requirements/considerations defined in ietf-dime-rfc3588bis would be > very helpful so that the reader knows the extent of possible security > issues and solutions since they go beyond what is described in this > document. Having the reference either in Sections 4.3.1 and 4.5.6 or > the Security Considerations section would ensure the reader is aware > this is addressed elsewhere. Since the reader must have read & understood RFC 3588bis to expect to be able to read & understand this doc (draft-ietf-dime-rfc3588bis is cited as a normative reference), presumably the reader is already aware of this. Some issues are addressed in these > sections, but they do not go as far as the base protocol and there > could be issues as this document just relies on session encryption to > protect plaintext passwords, etc. ?? > The base protocol describes other > mechanisms and risks. > > Editorial nit: Section 1.1, first sentence of last paragraph Change > from: "There are many other many miscellaneous" To: "There are many > other miscellaneous" Fixed, thanks!
- [secdir] SecDir review of draft-ietf-dime-rfc4005… Moriarty, Kathleen
- Re: [secdir] SecDir review of draft-ietf-dime-rfc… Glen Zorn