Re: [secdir] SecDir review of draft-ietf-dime-rfc4005bis-11

Glen Zorn <> Mon, 24 September 2012 08:10 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 480A521F8540; Mon, 24 Sep 2012 01:10:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -3.351
X-Spam-Status: No, score=-3.351 tagged_above=-999 required=5 tests=[AWL=0.248, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id jO4PgHNKTlOm; Mon, 24 Sep 2012 01:10:21 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 5413A21F8543; Mon, 24 Sep 2012 01:10:20 -0700 (PDT)
Received: by pbbro8 with SMTP id ro8so1198527pbb.31 for <multiple recipients>; Mon, 24 Sep 2012 01:10:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20120113; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=jNKhBF1L8UGWd20NLhk1koARGrm9fmR4Y0K4edBFNlw=; b=IkLYi7DGTYNc41DDF/QqTxI7N+MkQCw4zowhfIEhM++L4UM4SJN/iehUGz+Db/X1wQ u7uF72TdW/Ktv384i8I3Ry12JVSBt+TPKpEPk+l32fspkp6I4dO5J1bGmqvK0Tx0wuGJ YhLcEdQHfp17FtUzGFN2FE7xSVgrhidW4SQdz6YaGMEjiVCGPKZwimNZV2qB6+ImlgK6 IrbMA8ov/hYF+dbLFLyMqBcIB5cRKRDCkg155ULrfVdkiS0rtUKflp+mFWRBoyzONiqM MaRM1Z5QGje5unsmROzE3aXoL3AxNZTPXiB6cx215AHermjHPc0hgbrF6uVknfxh5Zza Milw==
Received: by with SMTP id s4mr30638227pav.27.1348474219820; Mon, 24 Sep 2012 01:10:19 -0700 (PDT)
Received: from [] ( []) by with ESMTPS id ho7sm9295503pbc.3.2012. (version=SSLv3 cipher=OTHER); Mon, 24 Sep 2012 01:10:19 -0700 (PDT)
Message-ID: <>
Date: Mon, 24 Sep 2012 15:10:15 +0700
From: Glen Zorn <>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:15.0) Gecko/20120830 Thunderbird/15.0
MIME-Version: 1.0
To: "Moriarty, Kathleen" <>
References: <>
In-Reply-To: <>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: dime mailing list <>, "" <>, "" <>, "" <>
Subject: Re: [secdir] SecDir review of draft-ietf-dime-rfc4005bis-11
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 24 Sep 2012 08:10:22 -0000

On 09/22/2012 05:25 AM, Moriarty, Kathleen wrote:

> I have reviewed this document  as part of the security directorate's
 > ongoing effort to review all IETF documents being processed by the
 > IESG. These comments were written primarily for the benefit of the
 > security area directors. Document editors and WG chairs should treat
 > these comments just like any other last call comments.
 > Summary: This document describes the extension of Diameter for the
 > NAS application.
 > As such, should the abstract be updated to ensure the reader is aware
 > of the scope limitation in the first sentence?

I don't understand: the first sentence of the introduction is virtually 
identical to the first sentence of Section 1.  What do you want me to do?

 > In reading through the draft, I agree with the summary in the
 > Security considerations section. This document is limited in scope,
 > it extends the definition and doesn't go into the details of the
 > protocol and the associated security considerations. The base
 > protocol is defined in RFC3588bis along with the security
 > requirements.
 > I think a reference to the authentication security
 > requirements/considerations defined in ietf-dime-rfc3588bis would be
 > very helpful so that the reader knows the extent of possible security
 > issues and solutions since they go beyond what is described in this
 > document. Having the reference either in Sections 4.3.1 and 4.5.6 or
 > the Security Considerations section would ensure the reader is aware
 > this is addressed elsewhere.

Since the reader must have read & understood RFC 3588bis to expect to be 
able to read & understand this doc (draft-ietf-dime-rfc3588bis is cited 
as a normative reference), presumably the reader is already aware of this.

Some issues are addressed in these
 > sections, but they do not go as far as the base protocol and there
 > could be issues as this document just relies on session encryption to
 > protect plaintext passwords, etc.


> The base protocol describes  other
 > mechanisms and risks.
 > Editorial nit: Section 1.1, first sentence of last paragraph Change
 > from: "There are many other many miscellaneous" To: "There are many
 > other miscellaneous"

Fixed, thanks!