[secdir] secdir review of draft-ietf-lmap-information-model-17
Leif Johansson <leifj@sunet.se> Thu, 09 March 2017 16:06 UTC
Return-Path: <leifj@sunet.se>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 00E1F12948B for <secdir@ietfa.amsl.com>; Thu, 9 Mar 2017 08:06:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=sunet-se.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ALHuGkvfs4L3 for <secdir@ietfa.amsl.com>; Thu, 9 Mar 2017 08:06:03 -0800 (PST)
Received: from mail-wr0-x233.google.com (mail-wr0-x233.google.com [IPv6:2a00:1450:400c:c0c::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7AF6412949E for <secdir@ietf.org>; Thu, 9 Mar 2017 08:06:03 -0800 (PST)
Received: by mail-wr0-x233.google.com with SMTP id u108so48072309wrb.3 for <secdir@ietf.org>; Thu, 09 Mar 2017 08:06:03 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sunet-se.20150623.gappssmtp.com; s=20150623; h=to:from:subject:message-id:date:user-agent:mime-version :content-transfer-encoding; bh=Z+p7+8Fxle2M5LLn+Ro1h8bLCsCmwtdKTr+9qqQfGf4=; b=H+ZhuxnyMooVdkaK7j5puk/jj1PXhFpRQQgSadlHaep60QIjaz6dwJqKpY6PWB03tq O6fuVrsG+GFbBEnkukPj835tFzV3CL6w/GOHp1mdxsOwlJUXzDha5SYutQxxdAUcf4bT /7mUdYSmPi4pe6jTWpHP5d5J0BCf9xMVnvSv5liGqMSIekFCs3zlo6/lDaYQeuXjmfvz LcW3qnbNhWIV0Ackl6ALFDA4k/aHPJ189qJF/2AVqavSxEhImJA07OQ+roWxVYPDHWsT eK1Rnpz584Uy4t1Zg+ZTUEXDjPhsHFRS3vbPhSAcZaDbRF8mFj966i7bs2pLfBHtjXwp f5Sg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:to:from:subject:message-id:date:user-agent :mime-version:content-transfer-encoding; bh=Z+p7+8Fxle2M5LLn+Ro1h8bLCsCmwtdKTr+9qqQfGf4=; b=AFEJkofvWmsa3WIbRNSme6fIgcZISailDWAbUCRHoQAspcQICKn8wgx32tw1KdueLQ zUey4H7YyKxE4oxmY573AQMGTE22XT8CXlfrlqoMnqQRk3+2LOGMGC2suxFJGIrYvMHT nSi0Rf1vDlUpDabBNDkE619BuLwBaQd6IumM7LK9wVTYCmgr4hnE/desy5rlYlX/1e2/ u30GfXORgW3DzPHLHUbhwVxkFffemQurTdULKY9AncNoPpqPx2UnfFs3iMdLyZpfwXt1 RbeTMeDxRddVRXA16+toP0X2fFJBXM3yI6pBB1Nq1ObIiFJnw0dqdfjS+Mrn6R2DnqoY Pq9g==
X-Gm-Message-State: AMke39n+3xwUp5/oAVpmfIFOdzrJM+l72v2LWj+o2/85MU3R7U518sO3yVuoBphxLD++ng==
X-Received: by 10.223.166.5 with SMTP id k5mr10902795wrc.134.1489075561607; Thu, 09 Mar 2017 08:06:01 -0800 (PST)
Received: from [10.22.149.199] ([89.248.140.15]) by smtp.gmail.com with ESMTPSA id x69sm27839916wma.15.2017.03.09.08.06.00 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 09 Mar 2017 08:06:01 -0800 (PST)
To: "secdir@ietf.org" <secdir@ietf.org>, "iesg@ietf.org" <iesg@ietf.org>, draft-ietf-lmap-information-model.all@ietf.org
From: Leif Johansson <leifj@sunet.se>
Message-ID: <f9524559-f516-eb58-f989-8c333daba9cf@sunet.se>
Date: Thu, 09 Mar 2017 17:06:00 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.7.0
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/MQyZnFK2UDTaEBQUU_G19pjkOBc>
Subject: [secdir] secdir review of draft-ietf-lmap-information-model-17
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Mar 2017 16:06:06 -0000
Reviewer: Leif Johansson Review result: Has issues I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. Review: Section 3.8 begins "A Channel defines a bi-directional communication channel". First of all it is probably a good idea avoid using the term you're defining in the definition. Also in the text a Channel is described as a URL with the cert or CA of the endpoint but in the channel object definition there is only a reference to the credentials which I understood to be the client authn credential and not the server identity. This leads me to a larger issue (which may be answered in another LMAP document for all I know): what is the authentication model for LMAP? Specifically, does LMAP assume the standard Web PKI for channel end- points? If not, then you probably need to specify how to validate the server cert which may lead you to want to represent a private CA (say) in the channel object. In any case the authentication model should be referenced from the Security Considerations section and clearly match the information model for channels. Cheers Leif
- [secdir] secdir review of draft-ietf-lmap-informa… Leif Johansson
- Re: [secdir] secdir review of draft-ietf-lmap-inf… Juergen Schoenwaelder
- Re: [secdir] secdir review of draft-ietf-lmap-inf… Leif Johansson