[secdir] Secdir review of draft-ietf-core-etch-02
Phillip Hallam-Baker <phill@hallambaker.com> Thu, 01 September 2016 12:16 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5D37712D986; Thu, 1 Sep 2016 05:16:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.597
X-Spam-Level:
X-Spam-Status: No, score=-2.597 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.001, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aeDVKr0BqwRR; Thu, 1 Sep 2016 05:16:08 -0700 (PDT)
Received: from mail-qk0-x22d.google.com (mail-qk0-x22d.google.com [IPv6:2607:f8b0:400d:c09::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8D76A12D942; Thu, 1 Sep 2016 05:15:19 -0700 (PDT)
Received: by mail-qk0-x22d.google.com with SMTP id l2so82219007qkf.3; Thu, 01 Sep 2016 05:15:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:from:date:message-id:subject:to; bh=w8/xsxhi2rLVr9rGRAJH1W+AAGaWC0ijHE5X2yCEwI0=; b=jVbjNYjILvKwgVF9LWpNfr0lJZeulJxBOiAM7F1MJD+ZH/hGkYl7nYInNiBstl8qip bACbXOCBI1Cfos9iYtuiuI7qWHLjl5Gigz7FaODAbeHPfWYOz3UiJcU4bi4XhBw+qfuQ jj6ig3m5RbW+i1hFGHLWAb58nBVogqXHEKg2Vm+Opvzw7WD0KLI722SYLFJb7v/Jg8I4 BUGxSbzd7I14Mf3sqoguYkyDef/GDfEiLXa4Pj2PHLwWRL+9OekBW+Yo2I4pSpR+tBE9 R2rE9/5yjcutnnXh0GU9KyrIEZoaULBC3hRUzXX3zvBJ5uDbhNmysQABNI+q7liuYiqn vQhQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:from:date:message-id:subject :to; bh=w8/xsxhi2rLVr9rGRAJH1W+AAGaWC0ijHE5X2yCEwI0=; b=KeagxgXMUL1riQKpQXjxHxcjixkqQ3SiLcamDHsHqmM5MuWzMtwlDii5VabdrukKIs ZW5SHDFSBNnOQF0sDUixteEOADr/I7iZ2jufcSObMUIQRtMKlX3W2s+oAyBz/daSfHDX Iuz3bfJ9Ge23LnANuUaoH9qEIcarXEeZv6diIfG76Q6rnhyv9A3aC7bWvgsdvIw1PsbE P6JLqjSKHKEBQwciYrW1TSyAAdxoGHRNn9wIt9b354/pat7BoYXMS1qcqdfWazaVyLZn d4f3KpTm8ED6T0bk5QU87m1XSOWvUY1uy6wK9ajy6xKqCzAbPp51CtuYLqsHGRXbSO1/ 4sxQ==
X-Gm-Message-State: AE9vXwOy0BsEvIqxcnhW4EXrr1zKCSJfRXnWM0vifQJS+2Zn55DAws44X9uJ1IofNMO4tlGgdLlmtDYREg2QcQ==
X-Received: by 10.55.186.65 with SMTP id k62mr17222472qkf.204.1472732118456; Thu, 01 Sep 2016 05:15:18 -0700 (PDT)
MIME-Version: 1.0
Sender: hallam@gmail.com
Received: by 10.55.158.211 with HTTP; Thu, 1 Sep 2016 05:15:17 -0700 (PDT)
From: Phillip Hallam-Baker <phill@hallambaker.com>
Date: Thu, 01 Sep 2016 08:15:17 -0400
X-Google-Sender-Auth: JP4c7Wvd5wb2l0Khd00XPKnOooU
Message-ID: <CAMm+Lwh5kq1FL48CqVqzMfa+gG1dyHG60Mr2kLvDdNxfM1012Q@mail.gmail.com>
To: "iesg@ietf.org" <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>, draft-ietf-core-etch-02.all@ietf.org
Content-Type: multipart/alternative; boundary="94eb2c0441cec52709053b712a23"
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/KUHZDGHxDO-8qlLowyIuov4nAaE>
Subject: [secdir] Secdir review of draft-ietf-core-etch-02
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Sep 2016 12:16:13 -0000
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. Summary: Ready with one minor issue The only problem I had was working out what the authors meant by idempotent because the term is unfortunately used to mean different things. So the fact it is being used correctly here doesn't necessarily help the reader. The term is explained in rfc7252 but doesn't have an entry in the terms and definitions section. Where it is explained (sec 5.4) the explanation is consistent with HTTP practice. But I think it would help a lot if besides saying that the effect of doing the operation repeatedly, it was stated that the effect is that message replay doesn't have effect. Since it isn't defined in rfc7252 terms and definitions, it needs an entry in this draft and there should probably be an errata on rfc7252 so that it can be fixed on the next rev. It would be useful to point that out in the security considerations section as well.
- [secdir] Secdir review of draft-ietf-core-etch-02 Phillip Hallam-Baker