Re: [secdir] Secdir last call review of draft-ietf-6lo-use-cases-12
Yong-Geun Hong <yonggeun.hong@gmail.com> Tue, 12 July 2022 01:16 UTC
Return-Path: <yonggeun.hong@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D1CACC157B49; Mon, 11 Jul 2022 18:16:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.103
X-Spam-Level:
X-Spam-Status: No, score=-2.103 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AgFVTeQygQXn; Mon, 11 Jul 2022 18:16:34 -0700 (PDT)
Received: from mail-pl1-x632.google.com (mail-pl1-x632.google.com [IPv6:2607:f8b0:4864:20::632]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8DBA9C159483; Mon, 11 Jul 2022 18:16:33 -0700 (PDT)
Received: by mail-pl1-x632.google.com with SMTP id r1so5910656plo.10; Mon, 11 Jul 2022 18:16:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=ZMg+ytWCsktkoQfLEXr/ECzm83y+ubiMTTgvvPCupPo=; b=S/7l/GmWIEPhpkpvrRGw3sknVWON4unEsTwItNG0m146cTtKf6zCoTuLtw+1OhPjo5 8Wa6inF3EZAO7kPY68AcnlzplvJ41L1m58+rc9w71D8c/Q6xWSqwMF1qvOppKs1q/qNq qVBPBdGZ92I7GqQhzvFnfivC2LoHuz5PFRXYl1niUvp49jEA0HdGUFC7mtBlHKQjAgqc TMZ34TvyKK6PXqPOGCHbu7Y7ebdrFyYIY/ceYPBQhwGWqf2ir94zMgpvrAMxitKjACOT ULlDzfMl3qYNzwuyLX9KwVHtQagQJK9HJKlo0JhziFedMdZEy6SOK4y9wV4UCU/VP5zh o9ww==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=ZMg+ytWCsktkoQfLEXr/ECzm83y+ubiMTTgvvPCupPo=; b=gPxA58J5+shk+DulcRwVimug+B5L3h2T6XIo7wbB8XawAY7sLP4dgQmuQnhl7L1sb1 em2BLlP31pAebAJQ4UqYczsY1R+fECVk5vQ1jUsMDZpRLdh6FhdYLrw7geWW6zM0yCKt C7pCgBjtdbTP/uUXHFcBBQVkytbXbKgy80GUbnDotjt1PfJjh8Rqt4TjXDLC7cjhzpNQ HkGz9sQWi6oOJcYXtJlwiEC7MQ8tJzGcTUriy24/J4c9lskGaqZlLh+WJzc6U2jeG1jd B2ELkT9aYmhkTUmEWLE3P9g3pCkPWdavht4xMoqELs+lxEkI5ENh085fh9ZfJbbMN0RX BbYQ==
X-Gm-Message-State: AJIora+b2tyiyd9t2vIbkntvmK+w6GDxWHcYpSpuHumUqR1m1NLum+m6 kZ7adju00Bc+YW4nxff/y5tEAEh32E+NAfQYFm0=
X-Google-Smtp-Source: AGRyM1vniAofWPtetyOWpe+xvP4jdIFJuzXB6TRaPFF1GZzvLi8xgFDfF8P3P2U/Xuxv2n4DxzsJWucbg5+oCiYdWo4=
X-Received: by 2002:a17:902:720b:b0:16b:decd:5a66 with SMTP id ba11-20020a170902720b00b0016bdecd5a66mr21163251plb.33.1657588592974; Mon, 11 Jul 2022 18:16:32 -0700 (PDT)
MIME-Version: 1.0
References: <164919269800.5647.13515861264060312018@ietfa.amsl.com> <f79d9aba-618c-5d08-8a4e-744616097e6c@nostrum.com>
In-Reply-To: <f79d9aba-618c-5d08-8a4e-744616097e6c@nostrum.com>
From: Yong-Geun Hong <yonggeun.hong@gmail.com>
Date: Tue, 12 Jul 2022 10:16:21 +0900
Message-ID: <CACt2foGiTNma93=_uxwPfBHJOjJ4P9RcYTThZBbX=NCkOAfHXQ@mail.gmail.com>
To: Robert Sparks <rjsparks@nostrum.com>
Cc: secdir@ietf.org, last-call@ietf.org, draft-ietf-6lo-use-cases.all@ietf.org, lo <6lo@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000044a1e805e3916bf8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/L4zQ2ZNU0LwrHMUh_WkI7AbKGuw>
Subject: Re: [secdir] Secdir last call review of draft-ietf-6lo-use-cases-12
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Jul 2022 01:16:37 -0000
Dear Robert Sparks. First, thanks for your valuable review and comments of the 6lo use cases draft. Second, sorry for the late reply. I have acknowledged your email but due to other business, I lost the chance to reply immediately. During the update of this draft, I tried to resolve your comments in the revision. The following are my responses for your comments. 1. Update the section of Security Considerations As you mentioned, it seems that the use cases draft does not have close relation with security issues but it has several parts which are related to security issues in the main body. As you recommend, I added the summary texts in the section of Security Considerations. 2. Handling of Appendix A In old versions of this draft, the content in Appendix A is located in the main body. During progressing this draft and resolving the comments, it was moved to Appendix A. At the IETF 114, I would ask for directions and decide how to proceed. 3. Misuse of technology description and marketing words As you pointed, the draft has some parts which are recognized as marketing words. Because we invited some experts who are involved in the specific area, some marketing words could be included. I tried to change the marketing words to technology words in the revision. You could find the revised version of this draft in here : https://datatracker.ietf.org/doc/draft-ietf-6lo-use-cases Once again, thanks for your review and comments Best regards. Yong-Geun. 2022년 4월 6일 (수) 오전 6:09, Robert Sparks <rjsparks@nostrum.com>님이 작성: > Apologies, there's an edit-buffer glitch below, corrected in what's > uploaded at > > https://datatracker.ietf.org/doc/review-ietf-6lo-use-cases-12-secdir-lc-sparks-2022-04-05/ > . > > On 4/5/22 4:04 PM, Robert Sparks via Datatracker wrote: > > Reviewer: Robert Sparks > > Review result: Has Issues > > > > I have reviewed this document as part of the security directorate's > ongoing > > effort to review all IETF documents being processed by the IESG. These > comments > > were written primarily for the benefit of the security area directors. > Document > > editors and WG chairs should treat these comments just like any other > last call > > comments. > > > > This document has issues to address before publication as an > Informational RFC > > > > Issues: > > > > >From the abstract: "The document targets an audience who would like to > > understand and evaluate running end-to-end IPv6 over the constrained node > > networks for local or Internet connectivity." > > > > Its security considerations section claims "Security considerations are > not > > directly applicable to this document". Yet the text of the draft has > several > > places that rightly call out thing like "there exist implications for > privacy", > > "privacy also becomes a serious issue", and "the assumption is that L2 > security > > must be present." A summary of these things in the security > considerations > > section seems prudent. At _least_ call out again the assumption about L2 > > security. > > > > The "Security Requirement"A summary of these things in the security > > considerations section seems prudent. At _least_ call out again the > assumption > > about L2 security. > > > > The "Security Requirement" row in Table 2 is not well explained. The > values in > > that row are explained at all. (For instance, the word "Partially" > appears > > exactly once in the document - it is unclear what it means). > > > > Nits/Comments: > > > > Appendix A is neither introduced nor referenced from the body of the > document. > > Why is it here? > > > > I'm a little concerned about some of the technology descriptions possibly > > moving beyond simple facts into interpretation or even marketing. The > last > > paragraph of section 2.5 is a particularly strong example. Look for > phrases > > section 4 that include "targets" or "targeted by" and make sure that's > what the > > organizations ins that define those technologies say (consider > references). > > > > At 'superior "range"', why is range in quotes? Think about restructuring > the > > sentences that use 'superior' to avoid the connotation of "better than". > All > > this document really needs to acknowledge is "goes further". > > > > > > > > _______________________________________________ > > secdir mailing list > > secdir@ietf.org > > https://www.ietf.org/mailman/listinfo/secdir > > wiki: https://trac.ietf.org/trac/sec/wiki/SecDirReview >
- [secdir] Secdir last call review of draft-ietf-6l… Robert Sparks via Datatracker
- Re: [secdir] Secdir last call review of draft-iet… Robert Sparks
- Re: [secdir] Secdir last call review of draft-iet… Yong-Geun Hong
- Re: [secdir] Secdir last call review of draft-iet… Robert Sparks
- Re: [secdir] Secdir last call review of draft-iet… Yong-Geun Hong