[secdir] SecDir Review of draft-ietf-eppext-reg-08

Yoav Nir <ynir.ietf@gmail.com> Mon, 22 September 2014 10:36 UTC

Return-Path: <ynir.ietf@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com []) by ietfa.amsl.com (Postfix) with ESMTP id D129D1A1A96; Mon, 22 Sep 2014 03:36:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.701
X-Spam-Status: No, score=0.701 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id nzrm1ABMtaWJ; Mon, 22 Sep 2014 03:36:30 -0700 (PDT)
Received: from mail-we0-x22c.google.com (mail-we0-x22c.google.com [IPv6:2a00:1450:400c:c03::22c]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 710071A19F5; Mon, 22 Sep 2014 03:36:29 -0700 (PDT)
Received: by mail-we0-f172.google.com with SMTP id p10so2232500wes.31 for <multiple recipients>; Mon, 22 Sep 2014 03:36:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:content-type:subject:message-id:date:to:mime-version; bh=LUq10DQVLAOYU14S6k/0IscwuhY2F37nctQ3P/PWCtE=; b=AECBuANgUgblPoa7c+YVQC9SovyJfY+Nq0FQpoYw3q5CN+y8KT8ckGFfrDIcPg452B 3wdNaCNNo+u57RjyvowxFTBl71qyN8C66ysqUCniA0JISM0OfwobdvaCNvG497/x7+ye rMn7lzidtbpYQubR9npBCcpC2H4yPD+pGWd9yGgwPqsRHT/rzLRV5iSajFf+k7yVUnjo bEcwYbZ1LP+z7zvP1r7rs6nRR/O98Gt2Bv2TxRdsdBWF45v/VVsi+EEetyyHHtRizV7t u1iaoHnZLRI2PxXu33dPWQnBxdmSW845VxzXdMm8bqc1zHoncHCvbixLBcgyRitXyXmw Gj2g==
X-Received: by with SMTP id n10mr14669161wic.50.1411382186993; Mon, 22 Sep 2014 03:36:26 -0700 (PDT)
Received: from [] (dyn32-131.checkpoint.com. []) by mx.google.com with ESMTPSA id cj7sm11819036wjc.37.2014. for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 22 Sep 2014 03:36:26 -0700 (PDT)
From: Yoav Nir <ynir.ietf@gmail.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_CFDE267B-7E90-40ED-A8F4-968B1E13B22C"
Message-Id: <9C5040B7-CCA9-49AA-AEC7-9AC26CE263D7@gmail.com>
Date: Mon, 22 Sep 2014 13:36:23 +0300
To: "<secdir@ietf.org>" <secdir@ietf.org>, IESG <iesg@ietf.org>, draft-ietf-eppext-reg.all@tools.ietf.org
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
X-Mailer: Apple Mail (2.1878.6)
Archived-At: http://mailarchive.ietf.org/arch/msg/secdir/MWz8186x5YqIOzpa5saS34nvm6I
Subject: [secdir] SecDir Review of draft-ietf-eppext-reg-08
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Sep 2014 10:36:32 -0000


I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG.  These comments were written primarily for the benefit of the security area directors.  Document editors and WG chairs should treat these comments just like any other last call comments.

TL;DR: The document is ready. 

The document specifies no new protocol. EPP is already specified in RFC 5730, and extending EPP is already specified in RFC 3735. This document only specifies the IANA registry for such extensions. Most of the document is about criteria for considerations by the designated expert, and there's a 3-page IANA considerations section (includes lots of examples).

Some elements that seemed strange to me. I’m not trying to second-guess the working group that produced this, as I’ve never participated in it, but I am pointing these things out:
The registry policy is "specification required", which seems OK, and the document points out correctly that this policy implies expert review. I’m used to multiple registries with a single expert (such as in IPsec), so I was surprised to see the requirements in section 2.1.1:
   The IESG should appoint a small pool of individuals (perhaps 3 - 5)
   to serve as designated experts as described in Section 3.2 of RFC
   5226.  The pool should have a single administrative chair who is
   appointed by the IESG.  The designated experts should use the
   existing eppext mailing list (eppext@ietf.org) for public discussion
   of registration requests.  This implies that the mailing list should
   remain open after the work of the EPPEXT working group has concluded.
I guess the number of experts relates to the amount of work to be done, so it depends on the per-document requirements in RFC 3735 and on the amount of documents that arrive in a unit of time. 

NIT: Section 2.1 says, "An English language version of the extension specification will appear in the registry”. The intent, I guess, is that the English-language version is referenced from the registry.

Section 2.2.1 specifies the format for the registration form, which includes an email address, I’m guessing that it’s used as a contact address. For standards-track documents the email address should be iesg@ietf.org. I don’t know if that’s a good idea. Probably best to leave either the editor’s address or the eppext working group.

Section 2.2.3 has some requirements for IANA, so it should be reviewed by IANA. I think it needs a pointer from the IANA considerations section, which is what they review.

The document just sets up an IANA registry. As such, security considerations should probably be no different than any other interaction with IANA. The security considerations describes a possible spoofing attack on the submission process, which is done via email. This seems very unspecific to this document. What's more, I'm not sure I understand why this document requires that submissions be done through email. If IANA decides that they're opening a facebook page, and registration requests should from here on be posted to their "wall", do we need to rev this document?

This document makes no reference to the security of the extensions themselves. Extensions that break the security assumptions of base protocols are a real issue. This is covered to some extent in RFC 3735, but I would have liked the document to specifically mention that this is part of the job of the expert reviewer. Specifically, where section 2.1.1 says:

    Extensions should be evaluated for architectural soundness using the
   guidelines described in RFC 3735 [RFC3735].
I think it would be better to add at the end there ", including the Security Considerations section of that document.”

   Extensions should be evaluated for architectural soundness using the
   guidelines described in RFC 3735 [RFC3735], including the Security 
   Considerations section of that document.