IETF Logo Mail Archive

Re: [secdir] secdir review of draft-ietf-netconf-zerotouch-22

David Mandelberg <david+work@mandelberg.org> Sat, 25 August 2018 22:22 UTC

Return-Path: <david+work@mandelberg.org>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B768B130E44 for <secdir@ietfa.amsl.com>; Sat, 25 Aug 2018 15:22:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RFc8eg5czvWs for <secdir@ietfa.amsl.com>; Sat, 25 Aug 2018 15:22:21 -0700 (PDT)
Received: from smtp.rcn.com (smtp.rcn.com [69.168.97.78]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DEFAE130EE8 for <secdir@ietf.org>; Sat, 25 Aug 2018 15:22:20 -0700 (PDT)
X_CMAE_Category: , ,
X-CNFS-Analysis: v=2.2 cv=d6a38lrE c=1 sm=1 tr=0 a=OXtaa+9CFT7WVSERtyqzJw==:117 a=OXtaa+9CFT7WVSERtyqzJw==:17 a=KGjhK52YXX0A:10 a=IkcTkHD0fZMA:10 a=NTnny0joGdQA:10 a=dapMudl6Dx4A:10 a=bmmO2AaSJ7QA:10 a=BTUBnpS-AAAA:8 a=JB6XG_uElUq02r_l0aEA:9 a=QEXdDO2ut3YA:10 a=pblkFgjdBCuYZ9-HdJ6i:22
X-CM-Score: 0
X-Scanned-by: Cloudmark Authority Engine
X-Authed-Username: ZHNlb21uQHJjbi5jb20=
Authentication-Results: smtp01.rcn.cmh.synacor.com smtp.mail=david+work@mandelberg.org; spf=neutral; sender-id=neutral
Authentication-Results: smtp01.rcn.cmh.synacor.com header.from=david+work@mandelberg.org; sender-id=neutral
Authentication-Results: smtp01.rcn.cmh.synacor.com smtp.user=dseomn@rcn.com; auth=pass (LOGIN)
Received-SPF: neutral (smtp01.rcn.cmh.synacor.com: 209.6.43.168 is neither permitted nor denied by domain of mandelberg.org)
Received: from [209.6.43.168] ([209.6.43.168:33684] helo=uriel.mandelberg.org) by smtp.rcn.com (envelope-from <david+work@mandelberg.org>) (ecelerity 3.6.25.56547 r(Core:3.6.25.0)) with ESMTPSA (cipher=DHE-RSA-AES256-GCM-SHA384) id 88/04-26904-B96D18B5; Sat, 25 Aug 2018 18:22:19 -0400
Received: from [192.168.1.152] (DD-WRT [192.168.1.1]) by uriel.mandelberg.org (Postfix) with ESMTPSA id 3E79A1C6093; Sat, 25 Aug 2018 18:22:18 -0400 (EDT)
To: Kent Watsen <kwatsen@juniper.net>, "draft-ietf-netconf-zerotouch.all@ietf.org" <draft-ietf-netconf-zerotouch.all@ietf.org>, "iesg@ietf.org" <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
References: <361393b0-6666-08ff-bdf4-3ba3bf4323c7@mandelberg.org> <47EEE9B6-5BC2-4A1F-ABB2-2ACB1C494545@juniper.net> <4579f9bf-0ead-a6af-dc80-a841527414eb@mandelberg.org> <51E98D22-1DBF-4069-A750-90987EB96B0D@juniper.net> <bfeb8564-9390-c241-4585-2340de1345d2@mandelberg.org> <F0355112-AD44-49F3-9862-CC939AC768B7@juniper.net> <b661ba01-cf1f-adef-54bf-e1fe4366ab0c@mandelberg.org> <A2A6287D-8FF3-4AAF-9B9D-EC15F740FBA5@juniper.net>
From: David Mandelberg <david+work@mandelberg.org>
Message-ID: <f7cd58cb-501e-2398-07d9-8c4e50b97dae@mandelberg.org>
Date: Sat, 25 Aug 2018 18:22:15 -0400
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1
MIME-Version: 1.0
In-Reply-To: <A2A6287D-8FF3-4AAF-9B9D-EC15F740FBA5@juniper.net>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/N8e3rEQx5PRXHWg40oMRyKUk1Tk>
Subject: Re: [secdir] secdir review of draft-ietf-netconf-zerotouch-22
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 25 Aug 2018 22:22:23 -0000

Hi,

Sorry for the late reply, I've been busy with the new job I just started at.

On 08/20/2018 10:41 AM, Kent Watsen wrote:
>>>      For unsigned data provided by a trusted source of bootstrapping data,
>>>      the availability of the data is the only measure of it being current.
>>>      Since the untrusted data comes from a trusted source, its current
>>>      availability is meaningful.
>>
>> (nit) The only trusted sources of bootstrapping data are TLS servers,
>> right? I think this paragraph would be a bit stronger if you explicitly
>> mentioned that TLS's integrity guarantee and replay protection are what
>> you're relying on here.
> 
> Now the paragraph says:
> 
>     For unsigned data provided by a trusted source of bootstrapping data
>     (i.e., a bootstrap server), the availability of the data is the only
>     measure of it being current.  Since the untrusted data comes from a
>     trusted source, its current availability is meaningful and, since
>     bootstrap servers use TLS, the contents of the exchange cannot be
>     modified or replayed.
> 
> Okay?

Looks good.

-- 
https://david.mandelberg.org/

v2.23.0 | Report a Bug | By Email