Re: [secdir] SecDir review of draft-ietf-p2psip-service-discovery-14
Jouni Mäenpää <jouni.maenpaa@ericsson.com> Thu, 07 August 2014 12:33 UTC
Return-Path: <jouni.maenpaa@ericsson.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D2A2D1B278D; Thu, 7 Aug 2014 05:33:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.701
X-Spam-Level:
X-Spam-Status: No, score=-1.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, J_CHICKENPOX_19=0.6, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id L6xKZLw8Sduf; Thu, 7 Aug 2014 05:33:44 -0700 (PDT)
Received: from sessmg22.ericsson.net (sessmg22.ericsson.net [193.180.251.58]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C066E1B278A; Thu, 7 Aug 2014 05:33:43 -0700 (PDT)
X-AuditID: c1b4fb3a-f79da6d0000008c7-db-53e372252e8e
Received: from ESESSHC023.ericsson.se (Unknown_Domain [153.88.253.124]) by sessmg22.ericsson.net (Symantec Mail Security) with SMTP id 84.AB.02247.52273E35; Thu, 7 Aug 2014 14:33:41 +0200 (CEST)
Received: from ESESSMB305.ericsson.se ([169.254.5.45]) by ESESSHC023.ericsson.se ([153.88.183.87]) with mapi id 14.03.0174.001; Thu, 7 Aug 2014 14:33:41 +0200
From: Jouni Mäenpää <jouni.maenpaa@ericsson.com>
To: Alexey Melnikov <alexey.melnikov@isode.com>, "draft-ietf-p2psip-service-discovery.all@tools.ietf.org" <draft-ietf-p2psip-service-discovery.all@tools.ietf.org>, "iesg@ietf.org" <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
Thread-Topic: SecDir review of draft-ietf-p2psip-service-discovery-14
Thread-Index: AQHPsiuMYv+juuCA2UmiRnXpK3H7mZvFEa+A
Date: Thu, 07 Aug 2014 12:33:40 +0000
Message-ID: <27112A697EB8204D9943EAB8A0E16B7110865DB6@ESESSMB305.ericsson.se>
References: <53E355FB.5000101@isode.com>
In-Reply-To: <53E355FB.5000101@isode.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [153.88.183.18]
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFnrHLMWRmVeSWpSXmKPExsUyM+Jvja5q0eNgg+Xz1CxmrC6yuHZvNaPF jD8TmS0+LHzI4sDisWTJTyaPU82GHl8uf2YLYI7isklJzcksSy3St0vgyniz/RljwRaJimnH +lkbGHcLdzFyckgImEhcWbKHDcIWk7hwbz2QzcUhJHCUUeLU5gcsEM4iRom9a3YxglSxCbhL HL75kxUkISLwjlHi6eUeJpCEsICLxLt/01hBbBEBV4n/fZ3MXYwcQLaRxKNtnCBhFgEViZ5r G9lBbF4BX4lVkzpYQGwhAQ2JvpWLGUHKOQU0JbomaIGEGYEO+n5qDdh0ZgFxiVtP5jNBHCog sWTPeWYIW1Ti5eN/rBC2osTHV/sYIer1JG5MncIGYWtLLFv4mhliraDEyZlPWCYwis5CMnYW kpZZSFpmIWlZwMiyilG0OLW4ODfdyEgvtSgzubg4P08vL7VkEyMwgg5u+W21g/Hgc8dDjAIc jEo8vAlLHwULsSaWFVfmHmKU5mBREuddeG5esJBAemJJanZqakFqUXxRaU5q8SFGJg5OqQZG tYWzJbeHLiifWeraY/TwtMzuV3fmhpgGTivf6C6YsDLp/426nObtf648mXLgCPO2uomMbz58 eSB736Cv6JsFy+K95zia24463J9woUQgpHTH6qMex9b5q2peObHi42OhWxvWXzm84iDjkhKF qc/+XDuuqdWaut5sVX1Q1Bklloecl7Ssrl+qMFFiKc5INNRiLipOBADt8nFogQIAAA==
Archived-At: http://mailarchive.ietf.org/arch/msg/secdir/ObLwSDar_U9u_2-YRKTRMabR9vw
Subject: Re: [secdir] SecDir review of draft-ietf-p2psip-service-discovery-14
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Aug 2014 12:33:46 -0000
Hi, Thanks for the comments! Please find my answers inline below. Regards, Jouni > -----Original Message----- > From: Alexey Melnikov [mailto:alexey.melnikov@isode.com] > Sent: 7. elokuuta 2014 13:34 > To: draft-ietf-p2psip-service-discovery.all@tools.ietf.org; iesg@ietf.org; > secdir@ietf.org > Subject: SecDir review of draft-ietf-p2psip-service-discovery-14 > > Hi, > > I have reviewed this document as part of the security directorate's ongoing > effort to review all IETF documents being processed by the IESG. > These comments were written primarily for the benefit of the security area > directors. Document editors and WG chairs should treat these comments just > like any other last call comments. > > I believe this document is "ready with issues." > > REsource LOcation and Discovery (RELOAD) does not define a generic service > discovery mechanism as a part of the base protocol. This document defines > how the Recursive Distributed Rendezvous (ReDiR) service discovery > mechanism used in OpenDHT can be applied to RELOAD overlays to provide a > generic service discovery mechanism. > > The Security Considerations section points to the Security Considerations > section of RFC 6940, which is quite extensive and relevant. > > The document also defines a new access control policy called NODE-ID-MATCH. > As only nodes that own service discovery information can update it, it looks like > there are no additional security issue raised beyond what is already covered in > RFC 6940. As the information is public, I can't think of any privacy concerns. > > While I was able to follow the document, I think it lacks attention to details > which are not obvious for somebody not following the technology. > Minor issues that should be easy to fix: > > On page 4: H(x) - missing reference to SHA-1. Any specific properties required > from H(x)? I will add a reference to SHA-1. The requirements are the same as in the RELOAD base specification (RFC 6940). > Namespace - missing reference to UTF-8. Ok, I'll add that reference as well. > On page 6: H() with multiple arguments is not defined, especially if they can > be both strings and integers (what byte order)? b' is not defined. Typo in the > description? I will clarify this in the next revision of the draft. H(namespace,level,j) refers to taking a hash over a concatenated string consisting of the namespace (string), level in the ReDiR tree (integer), and the node location j (integer). Related to byte order, would it be sufficient/correct to say that it is big-endian? And you are right, b' was not defined in the draft. It refers to the number of the interval within a given tree node at a given level in the ReDiR tree. > In 4.2 I read "the mode of those depths". Can you explain what this means? Or > is this a typo? Mode (statistics) refers to the value that appears most often in a set of data. I will add also this definition to the next revision of the draft.
- [secdir] SecDir review of draft-ietf-p2psip-servi… Alexey Melnikov
- Re: [secdir] SecDir review of draft-ietf-p2psip-s… Jouni Mäenpää
- Re: [secdir] SecDir review of draft-ietf-p2psip-s… Alexey Melnikov