Re: [secdir] Secdir review of draft-altmann-tls-channel-bindings-10
Magnus Nyström <magnusn@gmail.com> Sun, 27 June 2010 17:31 UTC
Return-Path: <magnusn@gmail.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7AB563A693B; Sun, 27 Jun 2010 10:31:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.301
X-Spam-Level:
X-Spam-Status: No, score=0.301 tagged_above=-999 required=5 tests=[BAYES_50=0.001, MIME_8BIT_HEADER=0.3]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5OHa0MdRbzNV; Sun, 27 Jun 2010 10:31:04 -0700 (PDT)
Received: from mail-gy0-f172.google.com (mail-gy0-f172.google.com [209.85.160.172]) by core3.amsl.com (Postfix) with ESMTP id DE44B3A6929; Sun, 27 Jun 2010 10:31:01 -0700 (PDT)
Received: by gyh4 with SMTP id 4so6050941gyh.31 for <multiple recipients>; Sun, 27 Jun 2010 10:31:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:content-type :content-transfer-encoding; bh=j7edmXkX8io2RWmsIqruSY+Ti4HZC0ZAjNL/iC6YkSg=; b=FwVKmtR5GGkvKtSwZRFA1IFhjnooVyYfMaqXGDUPJQCw7k54ukMwKGFUjW5NWfEfXC 67/Rn+67N/jW31F5tOWIWZpQkrLvN3UlruSY1YiHSqmbbKrN4cVd2sQ5xBQWTu2xuqzN tQB5MEktyOFMIlqzveBLN0zAshh539CxV6/Ok=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; b=uWKDeY3vZG94iDU3NkPbIKnh5ZP1iQitLb+7piHqomC42+pYYF5uU0tsnRTo2AXnwQ PVLMuw2MMcofEfp/HEHI2UdCL7/jn+3LSwhhnOZOACuk/PqpjOZU33souz1qR/jNKo8P 0kumx6CGnVy9DKe6fWQKVn1o5OlgnaHmnlAPQ=
MIME-Version: 1.0
Received: by 10.100.110.10 with SMTP id i10mr754093anc.152.1277659868142; Sun, 27 Jun 2010 10:31:08 -0700 (PDT)
Received: by 10.100.124.16 with HTTP; Sun, 27 Jun 2010 10:31:08 -0700 (PDT)
In-Reply-To: <i2k2f57b9e61005042223k47193623m863c28b9136cce96@mail.gmail.com>
References: <i2k2f57b9e61005042223k47193623m863c28b9136cce96@mail.gmail.com>
Date: Sun, 27 Jun 2010 10:31:08 -0700
Message-ID: <AANLkTinnbdlAO5g5qwfEpOMT8Hi7AuDv0O3hRwaKEXXt@mail.gmail.com>
From: Magnus Nyström <magnusn@gmail.com>
To: secdir@ietf.org, iesg@ietf.org, draft-c1222-transport-over-ip.all@tools.ietf.org
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
Subject: Re: [secdir] Secdir review of draft-altmann-tls-channel-bindings-10
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 27 Jun 2010 17:31:05 -0000
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This document defines a framework for transporting ANSI C12.22 advanced metering infrastructure (AMI) messages on IP networks. AMI is intended for interaction with various types of utility meters; as such, it is clear that security services such as data authenticity, integrity and confidentiality will be quite important. This draft defers to ANSI C12.22 for application-layer security and states that any transport (or IP) network layer security security functionality shall act "only to enhance and preserve [and] ... not be a substitute for ... ANSI C12.22 ... security provisions." This is all good but I have not had access to C12.22 for this review and so cannot comment further on it. It seems to me, however, that the layering of C12.22 on top of IP networks may warrant a discussion about potential methods to enhance C12.22 security? For example, could privacy be enhanced beyond what C12.22 offers through use of a transport network's confidentiality services? Other than this I have no particular comments on this draft; it reads good to me. -- Magnus
- [secdir] Secdir review of draft-altmann-tls-chann… Magnus Nyström
- Re: [secdir] Secdir review of draft-altmann-tls-c… Magnus Nyström
- Re: [secdir] Secdir review of draft-altmann-tls-c… Paul Hoffman
- Re: [secdir] Secdir review of draft-altmann-tls-c… Avygdor Moise