Archive

Re: [secdir] Review of draft-ietf-repute-query-http-09

Shawn M Emery <shawn.emery@oracle.com> Sun, 25 August 2013 04:56 UTC

Message-ID: <52198E83.7050406@oracle.com>
Date: Sat, 24 Aug 2013 22:56:35 -0600
From: Shawn M Emery <shawn.emery@oracle.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:17.0) Gecko/20130801 Thunderbird/17.0.8
MIME-Version: 1.0
To: dcrocker@bbiw.net
References: <51CAA254.6040303@oracle.com> <52158CF5.4050001@oracle.com> <521591FA.20601@dcrocker.net>
In-Reply-To: <521591FA.20601@dcrocker.net>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: draft-ietf-repute-query-http.all@tools.ietf.org, Dave Crocker <dhc@dcrocker.net>, secdir@ietf.org
Subject: Re: [secdir] Review of draft-ietf-repute-query-http-09
Precedence: list

On 08/21/13 10:22 PM, Dave Crocker wrote:
> On 8/21/2013 9:00 PM, Shawn M Emery wrote:
>> However, none of the
>> referenced RFCs and draft directly talk about the various attacks and
>> how to mitigate against said attacks.
>
>
> Shawn, some clarification please:
>
>    This is a simple query protocol, ableit yes one where the data is
> making trust assertions.
>
>    A possible implication of your above comment is that all IETF
> protocols should carry a threat analysis.  Have I misunderstood?

Hi Dave,

Sorry for not being specific.  I will try to clarify my concerns:

This draft references the reputation considerations draft when providing 
or using reputation services, I assume in a security context given that 
it is referenced in the security considerations section.  When I looked 
at the referenced draft's security considerations section it stated that 
there are threats discussed in the operation text above.  I think that 
these types of discussions deserve a separate section.  If the topic is 
mostly security it would be helpful to have a summary of the various 
threats and how to mitigate.  In any case, when looking through the 
entire draft I do see some suggestions for clients and their RSPs.

Shawn.
--

[secdir] Review of draft-ietf-mpls-tp-identifie... Shawn Emery
[secdir] Review of draft-ietf-sidr-ghostbusters-14 Shawn Emery
[secdir] Review of draft-ietf-rtgwg-lfa-applica... Shawn Emery
Re: [secdir] Review of draft-ietf-rtgwg-lfa-app... Stewart Bryant
[secdir] Review of draft-ietf-manet-smf-13 Shawn Emery
Re: [secdir] Review of draft-ietf-manet-smf-13 Joe Macker
[secdir] Review of draft-ietf-conex-concepts-us... Shawn Emery
[secdir] Review of draft-melnikov-smtp-priority... Shawn Emery
Re: [secdir] Review of draft-melnikov-smtp-prio... Alexey Melnikov
[secdir] Review of draft-ietf-dnsop-rfc4641bis-12 Shawn Emery
Re: [secdir] Review of draft-ietf-dnsop-rfc4641... Matthijs Mekking
Re: [secdir] Review of draft-ietf-dnsop-rfc4641... Shawn Emery
[secdir] Review of draft-ietf-karp-ospf-analysi... Shawn Emery
[secdir] Review of draft-ietf-oauth-assertions-09 Shawn Emery
Re: [secdir] Review of draft-ietf-oauth-asserti... Shawn Emery
[secdir] Review of draft-ietf-dhc-dhcpv6-client... Shawn Emery
Re: [secdir] Review of draft-ietf-dhc-dhcpv6-cl... Gaurav Halwasia (ghalwasi)
[secdir] Review of draft-ietf-netmod-interfaces... Shawn Emery
Re: [secdir] Review of draft-ietf-netmod-interf... Martin Bjorklund
Re: [secdir] Review of draft-ietf-netmod-interf... Benoit Claise
Re: [secdir] Review of draft-ietf-netmod-interf... Shawn Emery
[secdir] Review of draft-ietf-xrblock-rtcp-xr-j... Shawn M Emery
Re: [secdir] Review of draft-ietf-xrblock-rtcp-... Qin Wu
Re: [secdir] Review of draft-ietf-xrblock-rtcp-... Gonzalo Camarillo
Re: [secdir] Review of draft-ietf-xrblock-rtcp-... Donald Eastlake
Re: [secdir] Review of draft-ietf-xrblock-rtcp-... Gonzalo Camarillo
[secdir] Review of draft-ietf-repute-query-http-09 Shawn M Emery
Re: [secdir] Review of draft-ietf-repute-query-... Shawn M Emery
Re: [secdir] Review of draft-ietf-repute-query-... Uri Blumenthal
Re: [secdir] Review of draft-ietf-repute-query-... Dave Crocker
Re: [secdir] Review of draft-ietf-repute-query-... Murray S. Kucherawy
Re: [secdir] Review of draft-ietf-repute-query-... Shawn M Emery
[secdir] Review of draft-ietf-tictoc-security-r... Shawn M Emery
Re: [secdir] Review of draft-ietf-tictoc-securi... Tal Mizrahi
[secdir] Review of draft-ietf-cdni-requirements-13 Shawn M Emery
Re: [secdir] Review of draft-ietf-cdni-requirem... Kent Leung (kleung)
[secdir] Review of draft-ietf-isis-rfc6326bis-01 Shawn M Emery
[secdir] Review of draft-ietf-tcpm-fastopen-08 Shawn M Emery
Re: [secdir] Review of draft-ietf-tcpm-fastopen-08 Scharf, Michael (Michael)
[secdir] Review of draft-ietf-hip-rfc5202-bis-05 Shawn M Emery