IETF Logo Mail Archive

Re: [secdir] SECDIR Reveiw of draft-ietf-hip-dex-11

"Eric Vyncke (evyncke)" <evyncke@cisco.com> Tue, 21 January 2020 08:50 UTC

Return-Path: <evyncke@cisco.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F01CB120043; Tue, 21 Jan 2020 00:50:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.498
X-Spam-Level:
X-Spam-Status: No, score=-14.498 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=aRr7fZDZ; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=zGJo2JPs
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EMmZXbRQVS7P; Tue, 21 Jan 2020 00:49:55 -0800 (PST)
Received: from rcdn-iport-5.cisco.com (rcdn-iport-5.cisco.com [173.37.86.76]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BDB94120025; Tue, 21 Jan 2020 00:49:55 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=3978; q=dns/txt; s=iport; t=1579596595; x=1580806195; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=70DIuN/57erH5PBhQuN7ona+zUxtwj5fYAUNt9H0erc=; b=aRr7fZDZ9oRoqjJByWbt25Sslh69atqYN0W9RX9x17U1Tu0p95xXI7ah W7k81MMThdPXrKK01sInqHLQOlLBT/DGMIzUYKA7ZVwDEUejV9Z+RB1e1 Xe8sVQSIbdfVzNZeayb1Z2aoTIXDB+wvOi0dlnzdy3dI4BW5UR9CMU+3P 0=;
IronPort-PHdr: 9a23:MknACRwcByeOiDvXCy+N+z0EezQntrPoPwUc9psgjfdUf7+++4j5YhSN/u1j2VnOW4iTq+lJjebbqejBYSQB+t7A1RJKa5lQT1kAgMQSkRYnBZuIF1z9J/3nRyc7B89FElRi+iLzPA==
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0CdBQDXuiZe/5NdJa1bBwMcAQEBAQEHAQERAQQEAQGBe4FUUAWBRCAECyqEEoNGA4p+jD+OLoJSA1QJAQEBDAEBLQIBAYRAAheBeSQ4EwIDDQEBBAEBAQIBBQRthTcMhV8CAQMSEQQNDAEBNwEPAgEIDgwCJgICAh8RFRACBAENBSKDBIJLAy4BoHwCgTmIYXV/M4J/AQEFhQUNC4IMCYEOKoV9hhcagUE/gREnIIJMPoIbggMrFwomgkkygiyQVZ4RLEQKgjmNAIUIhCkbljOERI5eiwKQBAIEAgQFAg4BAQWBaSKBWHAVOyoBgkFQGA2IAQwXg1CKU3Qyd4xHAQE
X-IronPort-AV: E=Sophos;i="5.70,345,1574121600"; d="scan'208";a="469074291"
Received: from rcdn-core-11.cisco.com ([173.37.93.147]) by rcdn-iport-5.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 21 Jan 2020 08:49:54 +0000
Received: from XCH-ALN-010.cisco.com (xch-aln-010.cisco.com [173.36.7.20]) by rcdn-core-11.cisco.com (8.15.2/8.15.2) with ESMTPS id 00L8ns1k004216 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Tue, 21 Jan 2020 08:49:54 GMT
Received: from xhs-aln-001.cisco.com (173.37.135.118) by XCH-ALN-010.cisco.com (173.36.7.20) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Tue, 21 Jan 2020 02:49:53 -0600
Received: from xhs-aln-003.cisco.com (173.37.135.120) by xhs-aln-001.cisco.com (173.37.135.118) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Tue, 21 Jan 2020 02:49:52 -0600
Received: from NAM10-MW2-obe.outbound.protection.outlook.com (173.37.151.57) by xhs-aln-003.cisco.com (173.37.135.120) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Tue, 21 Jan 2020 02:49:52 -0600
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=FkJjiNrSIbQKPOE0UEPc9Tu2nO/4FDHIIizHybzwgK/FLkZqPDHvAt5l0MBCwFhkUp2d44ULIiMFWcY3KhDkY7NanT0fSqLaqkLmcdq4Mj315f+cYQoWPsuPKR1EyShRRGcTm5VXt5sQIe8SIhZnOi+zS72OGDWEb5rZWoq6t5cKEkDkLLfpV4bi0xjUs/zScMOt/8GM484jdnUKyIgKwuoPbZtRBfHJwfKH9e2R6iJcS4EEr+3RtBIfDryNw3h3hxNnqnJwRzukTiS+/qpf5A0DTlqaC51YlrQpLIu+RskQLUO+C3WXZ1Qs02XdpSAsSw39ohcnHBs2vzqfVeQM2w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=70DIuN/57erH5PBhQuN7ona+zUxtwj5fYAUNt9H0erc=; b=bMPxOILKSRqDrlfZRjKQueoKiTj9CAbaWRNFuzwdPSFUKTE7u3LbHiliihyDPA5ZIYZdtmtK0Sdy1yDeL5NC10fgJbQD91q2o+1NhbWSZ0zFVH70tCzaqLvMp4OVkaJSscloXuG4XgjyCrE8cciAO8xqdKZ6NIJ1bcbnhEpQ/MsW3WQmAi7kq/RWUWu6iTA2yYY8XdtqbHauJpliv1S6+RXHKXfjasz6TALoWF7eCm+nkIqqEhNMLnC9KsGs/fIKl5VybqncDZfKDyajILdp7A9xwMZqs4FRjpmL4jHQwL+dOU+ckxlq6hyBPTT+1btimAfrEpXPFO832wBlkkiiUQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=70DIuN/57erH5PBhQuN7ona+zUxtwj5fYAUNt9H0erc=; b=zGJo2JPsmskKRoQIJWtSVlBndoM54Q5kPS2vZtFLGDY5VXgPZ18ayYdOToU4EThHjzZ92KtZUWSuw/xilarrwgTuIuIVokltTwoUcRbSKAEImx3iZSlN2objQxoAWxjpLwl8CP41Jg01UvE1pToVzujH73Uqb8OW0N5gZKmBWBc=
Received: from DM5PR11MB1753.namprd11.prod.outlook.com (10.175.88.141) by DM5PR11MB1675.namprd11.prod.outlook.com (10.172.38.136) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2644.20; Tue, 21 Jan 2020 08:49:51 +0000
Received: from DM5PR11MB1753.namprd11.prod.outlook.com ([fe80::9528:bb7a:843e:5ea3]) by DM5PR11MB1753.namprd11.prod.outlook.com ([fe80::9528:bb7a:843e:5ea3%12]) with mapi id 15.20.2644.026; Tue, 21 Jan 2020 08:49:51 +0000
From: "Eric Vyncke (evyncke)" <evyncke@cisco.com>
To: Donald Eastlake <d3e3e3@gmail.com>, "draft-ietf-hip-dex.all@ietf.org" <draft-ietf-hip-dex.all@ietf.org>
CC: secdir <secdir@ietf.org>
Thread-Topic: SECDIR Reveiw of draft-ietf-hip-dex-11
Thread-Index: AQHV0BHvB/wMJBby40WWNBrTjuSqXKf04BoA
Date: Tue, 21 Jan 2020 08:49:51 +0000
Message-ID: <5C2542F3-3B12-426B-9DB3-C2AAB5E16D4C@cisco.com>
References: <CAF4+nEH=x4Lggm+mmr2aFz9eEy6ajWK9upJE7BQk60p6xLDBxw@mail.gmail.com>
In-Reply-To: <CAF4+nEH=x4Lggm+mmr2aFz9eEy6ajWK9upJE7BQk60p6xLDBxw@mail.gmail.com>
Accept-Language: fr-BE, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.21.0.200113
authentication-results: spf=none (sender IP is ) smtp.mailfrom=evyncke@cisco.com;
x-originating-ip: [2001:420:44f0:1252:455b:4b74:3469:9ee1]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 7ebc2178-6a3a-46a8-7830-08d79e4ee0f7
x-ms-traffictypediagnostic: DM5PR11MB1675:
x-microsoft-antispam-prvs: <DM5PR11MB167571E5B2424EA3AA51CAA0A90D0@DM5PR11MB1675.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 0289B6431E
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(39860400002)(136003)(376002)(346002)(366004)(396003)(199004)(189003)(2616005)(4326008)(5660300002)(6486002)(33656002)(6512007)(2906002)(66476007)(6506007)(186003)(71200400001)(76116006)(8936002)(66946007)(478600001)(66446008)(66556008)(64756008)(91956017)(36756003)(110136005)(81156014)(316002)(86362001)(81166006)(8676002); DIR:OUT; SFP:1101; SCL:1; SRVR:DM5PR11MB1675; H:DM5PR11MB1753.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: TcSN0KUVbH5h2RuyBct4c/MDLEtTTFc+1Tqj47GL5OPK4JD11AZxL98WZWrJrpd3V/UPdI308e2FGQXvq/BS8/oiS5zXL2gCB6X6oO4yibCchi3Pgia26q8FPETxDDk09s+/VMK5rHwbhlrwnkj2aLZ7elLuZNmRx89i7/z1fX7eQKj/nZEHAQGUJXBdYJvYfxq9i4beBUGcHnbXLVXWYtwZeql9Tfuirvsl0vMxZpG0jaVfL0FXzYCE1gYmLBkqa60iO+N/NwtecOQ4KU0K7G6PpMF/QvEb5lVWW2Bzi9I6NphbIuV6O0FWlHvnGTtkhJ+84L4G20NFHWGmfuPoxXP856iDeIGARJZqZUuK98sopvdC/1iSIwmo7iWCbFVkGHwXYgqp0xTLdfpuI26ufe9qkhNSEWXT14BQfND0epJQw5JD5YnwCz4jjYMenrQ7
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <002F45657253E74F8B46640706F02CFF@namprd11.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 7ebc2178-6a3a-46a8-7830-08d79e4ee0f7
X-MS-Exchange-CrossTenant-originalarrivaltime: 21 Jan 2020 08:49:51.4826 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: B4yIhUSdSskZqU6UiRkYiDx9C4i8McT/ghiL4pVkveP3D6atftCuCPndJs5OI0CR5AKdFVCnIaRyVMYmVXmtFw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR11MB1675
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.20, xch-aln-010.cisco.com
X-Outbound-Node: rcdn-core-11.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/PxxrFN2cWZNb_xdOcjplWeD9f14>
Subject: Re: [secdir] SECDIR Reveiw of draft-ietf-hip-dex-11
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Jan 2020 08:50:01 -0000

Thank you Donald for your review, it is very much appreciate.

I will let the authors reply about the review

Regards


-éric

On 21/01/2020, 05:19, "iesg on behalf of Donald Eastlake" <iesg-bounces@ietf.org on behalf of d3e3e3@gmail.com> wrote:

    I have reviewed this document as (a very late) part of the security
    directorate's ongoing effort to review all IETF documents being
    processed by the IESG.
    
    The summary of the review is Ready with Nits.
    
    Sorry to get this review in so late but, while approved by the IESG,
    the draft is still in revised draft needed state so this may do some
    good. On the security front, although the draft is pretty complex and
    I am not that familiar with HIP, I did not see any significant
    security issues that were not already called out in the draft. So I
    concentrated on possible editorial issues.
    
    Editorial:
    
    Section 1.1, 3rd paragraph, page 5. Delete "However," a the beginning
    of the 2nd sentence. It doesn't make sense.
    
    Section 2.3, Definitions should be in alphabetic order.
    
    Section 2.3: It seems to me that people who are puzzled about what
    something means are most likely to be puzzled by the acronym. So I
    would put the acronym first, where there is an acronym or acronym-like
    term to use, then the expansion in parenthesis or in the body of the
    definition. This done for a couple of entries like CMAC and CKDF but
    most are the other way.
    
    Section 3 last paragraph and Section 12.10 5th bullet: "to use" -> "use of"
    
    I think OGA  and KEYMAT should be in the Definitions list and KEYMAT,
    which I assume just is short for "keying material", should be expanded
    on first use in Section 6.3. Alternatively, you could just replace all
    occurrences of KEYMAT with "Keying Material".
    
    Section 5.3.2, page 23. The first sentence of the first paragraph
    starting on that page has problems. Maybe "chose" should be "choses"
    but I'm not sure:
      "The DH_GROUP_LIST parameter contains the Responder's order of
       preference based on which the Responder chose the ECDH key contained
       in the HOST_ID parameter (see below)."
    
    Appendix A, first sentence, "allows to identify" -> "allows identifying"
    
    Appendix B, "IEDG" -> "IESG"
    
    Appendix B, around the middle of page 51, right after the line
    beginning with "Section 6," there are three line with a blank line
    before and after. I found this confusing at first. I suggest those
    three line also be indented.
    
    Appendix B, page 52, "SHOUDS" -> "SHOUDs"
    
    Thanks,
    Donald
    ===============================
     Donald E. Eastlake 3rd   +1-508-333-2270 (cell)
     2386 Panoramic Circle, Apopka, FL 32703 USA
     d3e3e3@gmail.com

v2.23.0 | Report a Bug | By Email