[secdir] Secdir review of draft-ietf-savi-threat-scope-05

Vincent Roca <vincent.roca@inrialpes.fr> Mon, 23 May 2011 10:08 UTC

Return-Path: <vincent.roca@inrialpes.fr>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 13E25E06E6; Mon, 23 May 2011 03:08:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.249
X-Spam-Level:
X-Spam-Status: No, score=-10.249 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_FR=0.35, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id olsH5fOKyrSK; Mon, 23 May 2011 03:08:39 -0700 (PDT)
Received: from mail3-relais-sop.national.inria.fr (mail3-relais-sop.national.inria.fr [192.134.164.104]) by ietfa.amsl.com (Postfix) with ESMTP id A0E38E06A7; Mon, 23 May 2011 03:08:36 -0700 (PDT)
X-IronPort-AV: E=Sophos;i="4.65,255,1304287200"; d="scan'208";a="83716137"
Received: from unknown (HELO [131.254.253.76]) ([131.254.253.76]) by mail3-relais-sop.national.inria.fr with ESMTP/TLS/AES128-SHA; 23 May 2011 12:08:35 +0200
From: Vincent Roca <vincent.roca@inrialpes.fr>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Date: Mon, 23 May 2011 09:58:17 +0200
Message-Id: <AA34FD52-393F-472D-8417-AF0C17D7FC53@inrialpes.fr>
To: IESG <iesg@ietf.org>, secdir@ietf.org, draft-ietf-savi-threat-scope.all@tools.ietf.org
Mime-Version: 1.0 (Apple Message framework v1084)
X-Mailer: Apple Mail (2.1084)
Subject: [secdir] Secdir review of draft-ietf-savi-threat-scope-05
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 23 May 2011 10:08:41 -0000

Hello,

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors. Document editors and WG chairs should treat
these comments just like any other last call comments.

The security section, though small, provides a good discussion of what
can or cannot be expected from the SAVI approach. I appreciate this
effort. 

A few comments:

** The second paragraph explains that identifying the host that
originated a packet is not the same as identifying the end user.
I agree. It seems to me that the goal of the third paragraph is to
further elaborate on the idea that identifying the end user is complex
(and sometimes meaningless). However this is not clearly stated. 


** It is said (last paragraph):
"...source addresses must not be used as an authentication mechanism."
I suggest using an uppercase "MUST NOT".


** It is said (last sentence):
  "The only technique to unquestionably verify source addresses of a
   received datagram are cryptographic authentication mechanisms such as
   IPsec."
Well, IPsec per se does not check the source address of a packet but
provides an authentication service of the remote IPsec entity (e.g. the
other IPsec tunnel endpoint). The packet integrity guarranty provided is
only limited to the path secured by IPsec and this path may not encompass
the effective packet sender.

Regards,

   Vincent