Re: [secdir] review of draft-ietf-cdni-use-cases-08

Leif Johansson <leifj@sunet.se> Mon, 09 July 2012 08:07 UTC

Return-Path: <leifj@sunet.se>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9A5DE21F8683; Mon, 9 Jul 2012 01:07:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.17
X-Spam-Level:
X-Spam-Status: No, score=-3.17 tagged_above=-999 required=5 tests=[AWL=-0.571, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ge0ZSpLHvnmL; Mon, 9 Jul 2012 01:07:06 -0700 (PDT)
Received: from backup-server.nordu.net (backup-server.nordu.net [IPv6:2001:948:4:1::66]) by ietfa.amsl.com (Postfix) with ESMTP id CFBA821F8668; Mon, 9 Jul 2012 01:07:05 -0700 (PDT)
Received: from [10.0.0.11] (ua-83-227-179-169.cust.bredbandsbolaget.se [83.227.179.169]) (authenticated bits=0) by backup-server.nordu.net (8.14.3/8.14.3) with ESMTP id q6987LD9005545 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 9 Jul 2012 10:07:25 +0200 (CEST)
Message-ID: <4FFA9138.8050204@sunet.se>
Date: Mon, 09 Jul 2012 10:07:20 +0200
From: Leif Johansson <leifj@sunet.se>
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:13.0) Gecko/20120615 Thunderbird/13.0.1
MIME-Version: 1.0
To: "Francois Le Faucheur (flefauch)" <flefauch@cisco.com>
References: <4FF9E9B9.1040705@sunet.se> <3E4E0633-EDDD-42C0-8A22-1A8247671211@cisco.com>
In-Reply-To: <3E4E0633-EDDD-42C0-8A22-1A8247671211@cisco.com>
X-Enigmail-Version: 1.4.2
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Cc: The IESG <iesg@ietf.org>, "draft-ietf-cdni-use-cases.all@tools.ietf.org" <draft-ietf-cdni-use-cases.all@tools.ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
Subject: Re: [secdir] review of draft-ietf-cdni-use-cases-08
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Jul 2012 08:07:06 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 07/09/2012 10:05 AM, Francois Le Faucheur (flefauch) wrote:
> (speaking as WG co-chair)
> 
> Hi Leif & use-cases co-authors,
> 
> Thanks for your review.
> 
> Regarding : "The security considerations section refers the reader
> to the CDNI problem statement which is fine if all the security
> considerations from RFC3570 (which is obsoleted by this document)
> are carried over to the CDNI problem statement."
> 
> I would say that the fundamental security considerations brought up
> in RFC3570 are indeed covered by the Problem Statement. But
> arguably, there are one or two interesting specific declinations of
> these fundamental security considerations that are more explicitely
> spelt out in RFC3570 (eg "Delivery of Bad CONTENT"). My proposal
> would be that we catch all these "specific declinations" in our
> CDNI Framework document, since this is the target document for
> discussing specific declinations of system-level security issues
> (and each individual CDNI interface document will discuss its
> interface-specific considerations). Does that work? If yes, I'll
> drop a note to the CDNI Framework authors to make sure they
> exhaustively catch any specific declinations of security issues
> that was brought up in RFC3570 and is not yet discussed in the CDNI
> Framework.

Great
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk/6kTgACgkQ8Jx8FtbMZnfPTgCcC+kI6kCmX0cvXaRHYX0wrpWf
WaAAn2l+rKNlcDsfls82ON1/P945Hv1j
=YxCr
-----END PGP SIGNATURE-----