[secdir] Secdir review of draft-ietf-cdni-footprint-capabilities-semantics-12
"Brian Weis (bew)" <bew@cisco.com> Tue, 22 March 2016 20:14 UTC
Return-Path: <bew@cisco.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1F44712D8A7; Tue, 22 Mar 2016 13:14:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.522
X-Spam-Level:
X-Spam-Status: No, score=-14.522 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TUdnH8TRd2pi; Tue, 22 Mar 2016 13:14:06 -0700 (PDT)
Received: from alln-iport-8.cisco.com (alln-iport-8.cisco.com [173.37.142.95]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7B24012D509; Tue, 22 Mar 2016 13:14:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2568; q=dns/txt; s=iport; t=1458677646; x=1459887246; h=from:to:cc:subject:date:message-id:content-id: content-transfer-encoding:mime-version; bh=l+PvBa8ieZVjGE43kLZ3i31oyqBkTkgXrNWA2uP8Sw4=; b=XxDDpJ6eS+M26nmcwM4XTBtxeLPIEMPc6Wn9pepvHxZbrp+62qvu0c69 30qph9Y01z86wux+hzNMeSUM9a8ZGJfh3/KL3ShZu7DhCBt8Bkc0Ar4fp XJ9sQnz/wkZtHtj685meIX67fLPUEPKdGf9M0bwaWSSNFzNCUNNSJxwZN 8=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0AgAgDjpvFW/5JdJa1egzOBU7pDAQ2BcIYNgVE4FAEBAQEBAQFkJ4REBHIHEgGBACcEAQ2ILMEZAQEBAQEBAQEBAQEBAQEBAQEZiBGKOIIrBZdXAYEqjFmPCY8GAR4BAUKDZYlyfgEBAQ
X-IronPort-AV: E=Sophos;i="5.24,378,1454976000"; d="scan'208";a="252315963"
Received: from rcdn-core-10.cisco.com ([173.37.93.146]) by alln-iport-8.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 22 Mar 2016 20:14:05 +0000
Received: from XCH-RTP-003.cisco.com (xch-rtp-003.cisco.com [64.101.220.143]) by rcdn-core-10.cisco.com (8.14.5/8.14.5) with ESMTP id u2MKE5TT017711 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Tue, 22 Mar 2016 20:14:05 GMT
Received: from xch-rtp-001.cisco.com (64.101.220.141) by XCH-RTP-003.cisco.com (64.101.220.143) with Microsoft SMTP Server (TLS) id 15.0.1104.5; Tue, 22 Mar 2016 16:14:04 -0400
Received: from xch-rtp-001.cisco.com ([64.101.220.141]) by XCH-RTP-001.cisco.com ([64.101.220.141]) with mapi id 15.00.1104.009; Tue, 22 Mar 2016 16:14:04 -0400
From: "Brian Weis (bew)" <bew@cisco.com>
To: The IESG <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
Thread-Topic: Secdir review of draft-ietf-cdni-footprint-capabilities-semantics-12
Thread-Index: AQHRhHdhY2ZvuIxqdkmtH/tNM8qcVg==
Date: Tue, 22 Mar 2016 20:14:04 +0000
Message-ID: <6A77AE94-D1D3-42FF-BA8B-41FE180E1489@cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.154.50.82]
Content-Type: text/plain; charset="Windows-1252"
Content-ID: <D40028BAE8D5D14DB60B9E7A950D84FE@emea.cisco.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/JksFIOtqE7odLk1x1lkEUMI10K0>
Cc: "draft-ietf-cdni-footprint-capabilities-semantics.all@tools.ietf.org" <draft-ietf-cdni-footprint-capabilities-semantics.all@tools.ietf.org>
Subject: [secdir] Secdir review of draft-ietf-cdni-footprint-capabilities-semantics-12
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Mar 2016 20:14:08 -0000
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. The document describes high level semantics around the method that sites in a CDN Interconnection (CDNI) can perform a capability exchange, and defines the semantics that would be exchanged. The described semantics do not form a protocol, or even a data format, but provide an overview of considerations and guidance on the types of information that are to be exchanged. The Security Considerations section does make requirements on protocols that would implement a capabilities exchange conforming to this document, which is that they must provide “integrity and authentication services” between the sites. It also notes that since a CDNI is setup as the result of business relationships, it’s reasonable to expect and out of band method for exchanging authentication state for a protocol. This seems right to me. Confidentiality of protocols that implement these semantics is not considered a high priority because "It is not believed that there are any serious privacy risks in sharing footprint or capability information”. The section states an assumption that the shared information will be aggregated data and policy-related information about media, rather than personally identifying information (PII). However, since this document is not specifying any particular protocol, and thus does not strictly control the contents of the protocol, this seems like an uncertain assumption to me. It would be better to make a more positive assertion recommending confidentiality, so that protocol implementors conforming to this document are less likely to forget to add confidentiality when they do pass PII, or when they forget to think about privacy threats to PII. If a traditional cryptographic system (such as TLS) is deployed to obtain integrity, including confidentiality protection comes for a very small (perhaps negligible) additional cost but provides substantial added privacy value, so there isn’t much technical justification to explicitly omit confidentiality. Because of this privacy risks discussion, I consider document is "Ready with issues” (but it’s just the one issue, all else looks fine to me). Brian
- [secdir] Secdir review of draft-ietf-cdni-footpri… Brian Weis (bew)
- Re: [secdir] Secdir review of draft-ietf-cdni-foo… Kevin Ma J
- Re: [secdir] Secdir review of draft-ietf-cdni-foo… Brian Weis (bew)