[secdir] sec-dir review of draft-ietf-dime-realm-based-redirect-11
Derek Atkins <derek@ihtfp.com> Mon, 26 August 2013 19:39 UTC
Return-Path: <derek@ihtfp.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E9C4021F9D28; Mon, 26 Aug 2013 12:39:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jT76NW+rpy73; Mon, 26 Aug 2013 12:39:22 -0700 (PDT)
Received: from mail2.ihtfp.org (mail2.ihtfp.org [IPv6:2001:4830:143:1::3a11]) by ietfa.amsl.com (Postfix) with ESMTP id 8B68321F9048; Mon, 26 Aug 2013 12:39:19 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail2.ihtfp.org (Postfix) with ESMTP id BB2FE260268; Mon, 26 Aug 2013 15:39:16 -0400 (EDT)
Received: from mail2.ihtfp.org ([127.0.0.1]) by localhost (mail2.ihtfp.org [127.0.0.1]) (amavisd-maia, port 10024) with ESMTP id 30995-08; Mon, 26 Aug 2013 15:39:15 -0400 (EDT)
Received: from mocana.ihtfp.org (unknown [IPv6:fe80::224:d7ff:fee7:8924]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "cliodev.ihtfp.com", Issuer "IHTFP Consulting Certification Authority" (not verified)) by mail2.ihtfp.org (Postfix) with ESMTPS id 7D3EC2600BB; Mon, 26 Aug 2013 15:39:15 -0400 (EDT)
Received: (from warlord@localhost) by mocana.ihtfp.org (8.14.7/8.14.5/Submit) id r7QJd8lN017365; Mon, 26 Aug 2013 15:39:08 -0400
From: Derek Atkins <derek@ihtfp.com>
To: iesg@ietf.org, secdir@ietf.org
Date: Mon, 26 Aug 2013 15:39:08 -0400
Message-ID: <sjmli3onswz.fsf@mocana.ihtfp.org>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.2 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
X-Virus-Scanned: Maia Mailguard 1.0.2a
Cc: Ruibing_Hao@cable.comcast.com, tom.taylor.stds@gmail.com, dime-chairs@tools.ietf.org
Subject: [secdir] sec-dir review of draft-ietf-dime-realm-based-redirect-11
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Aug 2013 19:39:23 -0000
Hi,
I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG. These comments were written primarily for the benefit of the
security area directors. Document editors and WG chairs should treat
these comments just like any other last call comments.
Message redirection is a basic capability provided by the Diameter
base protocol. In its conventional form, message redirection is
performed by an application-independent "redirect agent", which
returns one or more individual hosts to the message sender as
possible destinations of the redirected message.
However, in some circumstances an operator may wish to redirect
messages to an alternate domain without specifying individual hosts.
This document specifies an application-specific mechanism by which
that can be achieved. New applications may incorporate this
capability by reference to the present document.
The Security Considerations section offloads to RFC6733. Other than a
bunch of English editorial issues (which I'm sure the RFC Editor will
handle) I see no significant issues with this document.
-derek
--
Derek Atkins 617-623-3745
derek@ihtfp.com www.ihtfp.com
Computer and Internet Security Consultant
- [secdir] sec-dir review of draft-ietf-dime-realm-… Derek Atkins