Re: [secdir] secdir review of draft-ietf-decade-problem-statement-05
Songhaibin <haibin.song@huawei.com> Thu, 22 March 2012 07:46 UTC
Return-Path: <haibin.song@huawei.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4BED421F854F; Thu, 22 Mar 2012 00:46:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ed3Hjc10IrMU; Thu, 22 Mar 2012 00:46:18 -0700 (PDT)
Received: from dfwrgout.huawei.com (dfwrgout.huawei.com [206.16.17.72]) by ietfa.amsl.com (Postfix) with ESMTP id 6086221F865E; Thu, 22 Mar 2012 00:46:18 -0700 (PDT)
Received: from 172.18.9.243 (EHLO dfweml202-edg.china.huawei.com) ([172.18.9.243]) by dfwrg01-dlp.huawei.com (MOS 4.2.3-GA FastPath) with ESMTP id AEP27150; Thu, 22 Mar 2012 03:46:16 -0400 (EDT)
Received: from DFWEML403-HUB.china.huawei.com (10.193.5.151) by dfweml202-edg.china.huawei.com (172.18.9.108) with Microsoft SMTP Server (TLS) id 14.1.323.3; Thu, 22 Mar 2012 00:43:26 -0700
Received: from SZXEML420-HUB.china.huawei.com (10.82.67.159) by dfweml403-hub.china.huawei.com (10.193.5.151) with Microsoft SMTP Server (TLS) id 14.1.323.3; Thu, 22 Mar 2012 00:43:07 -0700
Received: from SZXEML534-MBX.china.huawei.com ([169.254.2.30]) by szxeml420-hub.china.huawei.com ([10.82.67.159]) with mapi id 14.01.0323.003; Thu, 22 Mar 2012 15:43:19 +0800
From: Songhaibin <haibin.song@huawei.com>
To: Leif Johansson <leifj@sunet.se>, "draft-ietf-decade-problem-statement.all@tools.ietf.org" <draft-ietf-decade-problem-statement.all@tools.ietf.org>, "iesg@ietf.org" <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
Thread-Topic: secdir review of draft-ietf-decade-problem-statement-05
Thread-Index: AQHM/8ckkXYM1WOcX0uR8SdmSpAMmJZ1/Tbw
Date: Thu, 22 Mar 2012 07:44:01 +0000
Message-ID: <E33E01DFD5BEA24B9F3F18671078951F1586BC89@szxeml534-mbx.china.huawei.com>
References: <4F5D0D74.5030209@sunet.se>
In-Reply-To: <4F5D0D74.5030209@sunet.se>
Accept-Language: en-US, zh-CN
Content-Language: zh-CN
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.138.41.129]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-CFilter-Loop: Reflected
X-Mailman-Approved-At: Thu, 22 Mar 2012 02:01:33 -0700
Subject: Re: [secdir] secdir review of draft-ietf-decade-problem-statement-05
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Mar 2012 07:46:19 -0000
Thank you Leif, > My main problem with the draft is that the Security Considerations > Section is weak. I would have liked a more in-depth analysis of the > enumerated threats in the context of decade. For instance the privacy > aspects of using in-network storage for P2P networks is only covered > briefly as part of a discussion on traffic analysis. Because many of the security threats are not very special compared to other client-server interactions, so we did not give much analysis there, but only quote the potential threats here. But we will try to think a little more deeper. > Also in section 3.2 it is noted that E2E encryption may render P2P > caches ineffective. This speaks to a fundamental flaw (imo) in the > architecture: the standard way to protect against many of the stated > attacks also leads to inefficiency of decade. At the very least the > document needs to call this issue out clearly. You are right. But this issue seems to be better covered in the architecture document than this one. BR, -Haibin > -----Original Message----- > From: Leif Johansson [mailto:leifj@sunet.se] > Sent: Monday, March 12, 2012 4:39 AM > To: draft-ietf-decade-problem-statement.all@tools.ietf.org; iesg@ietf.org; > secdir@ietf.org > Subject: secdir review of draft-ietf-decade-problem-statement-05 > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > I have reviewed this document as part of the security directorate's > ongoing effort to review all IETF documents being processed by the > IESG. These comments were written primarily for the benefit of the > security area directors. Document editors and WG chairs should treat > these comments just like any other last call comments. > > > Also in section 3.2 it is noted that E2E encryption may render P2P > caches ineffective. This speaks to a fundamental flaw (imo) in the > architecture: the standard way to protect against many of the stated > attacks also leads to inefficiency of decade. At the very least the > document needs to call this issue out clearly. > > Cheers Leif > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.11 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iEYEARECAAYFAk9dDXQACgkQ8Jx8FtbMZndzfQCdGlV5Vun5Khv9doeYdcjebALX > ++EAn0VVTjtEMsDlFFM86NlWC+pRlr7X > =Ob4+ > -----END PGP SIGNATURE-----
- [secdir] secdir review of draft-ietf-decade-probl… Leif Johansson
- Re: [secdir] secdir review of draft-ietf-decade-p… Songhaibin
- Re: [secdir] secdir review of draft-ietf-decade-p… Leif Johansson
- Re: [secdir] secdir review of draft-ietf-decade-p… Songhaibin
- Re: [secdir] secdir review of draft-ietf-decade-p… Leif Johansson
- Re: [secdir] secdir review of draft-ietf-decade-p… David Harrington