Re: [secdir] Secdir review of draft-altmann-tls-channel-bindings-10

Magnus Nyström <magnusn@gmail.com> Sun, 27 June 2010 17:31 UTC

Return-Path: <magnusn@gmail.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7AB563A693B; Sun, 27 Jun 2010 10:31:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.301
X-Spam-Level:
X-Spam-Status: No, score=0.301 tagged_above=-999 required=5 tests=[BAYES_50=0.001, MIME_8BIT_HEADER=0.3]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5OHa0MdRbzNV; Sun, 27 Jun 2010 10:31:04 -0700 (PDT)
Received: from mail-gy0-f172.google.com (mail-gy0-f172.google.com [209.85.160.172]) by core3.amsl.com (Postfix) with ESMTP id DE44B3A6929; Sun, 27 Jun 2010 10:31:01 -0700 (PDT)
Received: by gyh4 with SMTP id 4so6050941gyh.31 for <multiple recipients>; Sun, 27 Jun 2010 10:31:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:content-type :content-transfer-encoding; bh=j7edmXkX8io2RWmsIqruSY+Ti4HZC0ZAjNL/iC6YkSg=; b=FwVKmtR5GGkvKtSwZRFA1IFhjnooVyYfMaqXGDUPJQCw7k54ukMwKGFUjW5NWfEfXC 67/Rn+67N/jW31F5tOWIWZpQkrLvN3UlruSY1YiHSqmbbKrN4cVd2sQ5xBQWTu2xuqzN tQB5MEktyOFMIlqzveBLN0zAshh539CxV6/Ok=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; b=uWKDeY3vZG94iDU3NkPbIKnh5ZP1iQitLb+7piHqomC42+pYYF5uU0tsnRTo2AXnwQ PVLMuw2MMcofEfp/HEHI2UdCL7/jn+3LSwhhnOZOACuk/PqpjOZU33souz1qR/jNKo8P 0kumx6CGnVy9DKe6fWQKVn1o5OlgnaHmnlAPQ=
MIME-Version: 1.0
Received: by 10.100.110.10 with SMTP id i10mr754093anc.152.1277659868142; Sun, 27 Jun 2010 10:31:08 -0700 (PDT)
Received: by 10.100.124.16 with HTTP; Sun, 27 Jun 2010 10:31:08 -0700 (PDT)
In-Reply-To: <i2k2f57b9e61005042223k47193623m863c28b9136cce96@mail.gmail.com>
References: <i2k2f57b9e61005042223k47193623m863c28b9136cce96@mail.gmail.com>
Date: Sun, 27 Jun 2010 10:31:08 -0700
Message-ID: <AANLkTinnbdlAO5g5qwfEpOMT8Hi7AuDv0O3hRwaKEXXt@mail.gmail.com>
From: =?ISO-8859-1?Q?Magnus_Nystr=F6m?= <magnusn@gmail.com>
To: secdir@ietf.org, iesg@ietf.org, draft-c1222-transport-over-ip.all@tools.ietf.org
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Subject: Re: [secdir] Secdir review of draft-altmann-tls-channel-bindings-10
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 27 Jun 2010 17:31:05 -0000

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

This document defines a framework for transporting ANSI C12.22
advanced metering infrastructure (AMI) messages on IP networks.

AMI is intended for interaction with various types of utility meters;
as such, it is clear that security services such as data authenticity,
integrity and confidentiality will be quite important.  This draft
defers to ANSI C12.22 for application-layer security and states that
any transport (or IP) network layer security security functionality
shall act "only to enhance and preserve [and] ... not be a substitute
for ... ANSI C12.22 ... security provisions." This is all good but I
have not had access to C12.22 for this review and so cannot comment
further on it. It seems to me, however, that the layering of C12.22
on top of IP networks may warrant a discussion about potential methods
to enhance C12.22 security? For example, could privacy be enhanced
beyond what C12.22 offers through use of a transport network's
confidentiality services?

Other than this I have no particular comments on this draft; it reads
good to me.
-- Magnus