Re: [secdir] secdir review of draft-ietf-tzdist-service-09

Eliot Lear <lear@cisco.com> Thu, 02 July 2015 05:57 UTC

Return-Path: <lear@cisco.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A15161B2F08; Wed, 1 Jul 2015 22:57:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.51
X-Spam-Level:
X-Spam-Status: No, score=-14.51 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hDt2f1tZVaz1; Wed, 1 Jul 2015 22:57:22 -0700 (PDT)
Received: from aer-iport-2.cisco.com (aer-iport-2.cisco.com [173.38.203.52]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B0EE91B2F06; Wed, 1 Jul 2015 22:57:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=5635; q=dns/txt; s=iport; t=1435816642; x=1437026242; h=message-id:date:from:mime-version:to:subject:references: in-reply-to; bh=LpQPCLQYWkmMaCCR2/VyVB1NM9GAB3ko+bGDWn24CtU=; b=LMKeNaIzJSfts9SdUt80qEjNLoqRe+xeVHZTTqAbrDkW5ItQ4EEP0AEI zBdbKx3Tpp6CIb4slHjXiHRit7lh3KD6Heeo4Qw6RKIoKOhcz3/1Ui9PB Q3qQAyKldUQNPhPPIpQwcbVmdj69Zf8TCHKgEldN84CKO3iUHQaXXiCe9 M=;
X-Files: signature.asc : 481
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0ByAwDN0ZRV/xbLJq1bh2S6GwmHZgKBfhQBAQEBAQEBgQqEIgEBAQMBI1UGCwsECgoJFgsCAgkDAgECAUUGAQwIAQGIIwi2EJZkAQEBAQEBAQMBAQEBAQEBARqLSoUNgmiBQwEElBCCJ4FRh2mBOoZ/jC+DXSaCDByBVDyCeQEBAQ
X-IronPort-AV: E=Sophos;i="5.15,390,1432598400"; d="asc'?scan'208,217";a="552060966"
Received: from aer-iport-nat.cisco.com (HELO aer-core-4.cisco.com) ([173.38.203.22]) by aer-iport-2.cisco.com with ESMTP; 02 Jul 2015 05:57:20 +0000
Received: from [10.61.100.74] (dhcp-10-61-100-74.cisco.com [10.61.100.74]) by aer-core-4.cisco.com (8.14.5/8.14.5) with ESMTP id t625vJGM031269; Thu, 2 Jul 2015 05:57:19 GMT
Message-ID: <5594D2BE.8000105@cisco.com>
Date: Thu, 02 Jul 2015 07:57:18 +0200
From: Eliot Lear <lear@cisco.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:31.0) Gecko/20100101 Thunderbird/31.7.0
MIME-Version: 1.0
To: Joseph Salowey <joe@salowey.net>, The IESG <iesg@ietf.org>, secdir <secdir@ietf.org>, draft-ietf-tzdist-service.all@tools.ietf.org
References: <CAOgPGoAOvUTOPBSWjzt7Boh7Lgos2FgO9BmmwMZyBVQd=aB04w@mail.gmail.com>
In-Reply-To: <CAOgPGoAOvUTOPBSWjzt7Boh7Lgos2FgO9BmmwMZyBVQd=aB04w@mail.gmail.com>
Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="6nCtxXEVnhRbKNo5mRRWsTno2v63B8xkL"
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/JSkA-lQis47RpieK98nqUMS85lo>
Subject: Re: [secdir] secdir review of draft-ietf-tzdist-service-09
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Jul 2015 05:57:23 -0000

Hi Joe,

On 7/2/15 7:19 AM, Joseph Salowey wrote:
> First, I apologize for the late review. It appears that you may have
> already had a secdir review from the revision notes, but I could not
> find the review in my archive.

The document did already receive a review several months ago, but thank
you anyway for your comments.
>
> In general it seems the document is in good shape and understandable.
> I think the document is ready with nits.  Here are a few minor issues:
>
> 1) it might be useful to add something about what is in scope and out
> of scope for this document.  What I have in mind is to state the
> assumption that the TZ data has been securely transmitted from the
> contributors to the publishers to the root provider with its integrity
> intact and that the servers are expected to maintain the integrity of
> the data.

I think what you are asking for is clearly stated in the converse
already in the Introduction as follows:

>    This specification defines a time zone data distribution service
>    protocol that allows for fast, reliable and accurate delivery of time
>    zone data and leap second information to client systems. 

>
> 2) It might be useful to qualify the 3rd paragraph as applicable when
> discovery is done through DNS SRV records.

Perhaps you can provide some small amount of text as to what you are
suggesting, keeping in mind that it's rather late in the day for this
document.

Regards,

Eliot