Re: [secdir] Secdir last call review of draft-ietf-regext-rfc7483bis-04
"Hollenbeck, Scott" <shollenbeck@verisign.com> Mon, 01 February 2021 19:30 UTC
Return-Path: <shollenbeck@verisign.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 445CE3A1403; Mon, 1 Feb 2021 11:30:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=verisign.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ar3nbLxNpweA; Mon, 1 Feb 2021 11:30:25 -0800 (PST)
Received: from mail2.verisign.com (mail2.verisign.com [72.13.63.31]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 97E813A1389; Mon, 1 Feb 2021 11:30:24 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=verisign.com; l=2332; q=dns/txt; s=VRSN; t=1612207826; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=flbR8VlC+82ixR4efRDqKLNTAmzdgRPo/kbD09G8rxE=; b=M7CnnHJ4AQMRo+eV3E9hFfZWfYpFCneWqIUfUi1IfGZUQ8oqV+nWKHsr hiIlfDTN134Iwa6EljXYCXeq5+Uujq6O4LwuYXZ+Rzf/LoLGAt1B4YN3/ cPYS01X1CMzzWqpBKqVznd32k9CNJlI4AiNnpHeN96wycLcqHYlYhSi5K ukzWBSohwl+SsWewNsmeyWxYsRJnDlYEUdC4yGHiReCGCBaW2GnoU2kuv PhHUzo7ql1eIe5eEwRpb1keQ1McWC9FZCFEutbwFyZkYtsFv6CmI3GKUs SEF1PYabvxUbxH2GXH3A/7DvjJOam2xuxo95XvaoH3C2TXS1tmFb1wyXg w==;
IronPort-SDR: Y6S0ApVRjPxg7cFccw4W7jWYeQg0DrJoiZaV0v2u5UNy+nyr4HT8m/FYEDC4yl/iQ6rzKvwKhx x4J6qCeFv7TNMTmZAAHHdmssz1BGZFfFyU58Tv3pBmRMEY3ntqQ8FZzJY4dPRvf7ITwBiBAw/E wGZZn4Wm/ypH3JGecMBoCnKoZIpBZr+PVEIEvSBg9R1l50Xgtxd24BxdDnpi+ugNXohM/FxSVf hFyuAqb8oxUCxt47MiPdXHQaGy5JEVnB9e8AjLjLnRq3saIOrTkPNp4ngqEBAd8mMXegzZ6ujM Yr0=
X-IronPort-AV: E=Sophos;i="5.79,393,1602547200"; d="scan'208";a="4513033"
IronPort-PHdr: 9a23:F/3RRhViSFvzFAgCKbpQGgx95BzV8LGtZVwlr6E/grcLSJyIuqrYZReDvKdThVPEFb/W9+hDw7KP9fy5CCpbsd3Y6SpKMMQVEUNc1oNOx01oKfXGIHWzFOTtYS0+EZYKf35e1Fb/D3JoHt3jbUbZuHy44G1aMBz+MQ1oOra9QdaK3Iy42O+o5pLcfRhDiiajbrNuNhW2qhjautULjYd4Jas91x/ErmFGdulVym9kOE+fkwjh7cu04JJv7j5ctv08+8NCS6n2Y7g0QblFBzk6Lm4549HmuwPeRgWV/HscVWsWkhtMAwfb6RzxQ4n8vCjnuOdjwSeWJcL5Q6w6VjSk9KdrVQTniDwbOD4j8WHYkdJ/gaRGqx+8vRN/worUYIaINPpie67WYN0XSXZdUstXSidMBJ63YYkSAOobJetWr5fzqUYSrRWwBgesCuHgyj5UiXH50qI3yPghHhrE3AA8A94CrHbZodPoP6kSS+C1y6zIwC3NY/1U3jf97IzIfQ4nof6XQ71/bcnRxVEyHA3YklqQrpDlPy+b2u8QtGWb9OpgVeWri24jtQ5xpCOgydkwhYnKnY8V1E7L9T94wIYuJN24R0h7bcS4H5tXsiGXLo17Sd4tTG90oig10KEGuYKlcygQzpQq3wLTZ+GJfoaG/B/uW+mfLSl4in95e7+zmxm8/Fakx+HiSsW50UpHoCRYntTNuX4Byxze59aHR/Z5+kqtxSqC2xzV5+pZL040kq/bJIQgwr42jpcTsVjDHjPumEX3iq+WakUk9faw6+T9ZbXmupicOJNzigH6L6shhMK/AeU+MggPQ2ib+OO81Lv58ULjXLVGlv02krXFsJDCPsQbo7O5AxRJ0ok49Rm/Eiym38oFknUdLVJFfhSKhJXqNVHWOP30EOuzj06xnDppyf3KJKDtD5XDI3TZn7rsfq5x51NAxAYp0NxS5Y5YBqscLP/8WUL9rsHUAxw/Pgep2ejoEs992ZkbWW+XB6+ZN77dvkGQ6+I0JumMeJcVuDHgK/g5//LujWE2mVsafaSxwJYZdGi2EulmLEuBbnTjg8sNHXoQsgogUOPqj0eCUSZJa3moQq0w/C87CJi9DYfFXIyinLuB3CKjEp1XYGBJFEyMHG/1e4mYQfsAdSCfL8F7njAZVbWsRZUt2B6tuQPizrpoNOvU+ikWtZL509h14vXelQoy9TxzC8Sd13+CT2dvkWwWWzA237tyoVJjxVeZ0Kh4mP1YFdNV5/9TTgg6Mpvcw/RgC9/uQgLBYsuJSFG+T9W8GjE+VNYxwt4VbklnGNWtlBXD0DCrA7MPi7OLA5k0+LrG33ftP8Z912rG1K45glk9XMRAKXCphq9l9wXIBo7GjVmZl6iweaQbxi7N+3+JzXCSs0FATA5wTaLFUGgCaUvMt9v56F/CQ6avCbs5LgtBx9eOKrFUZd3mk1pHS+vjNM3EY2K/h2i9BxmFy7CCYYXxemUdxz/RB1IAkwAX5nuGNBYxBjuvo27ECzxuD13vaVv28eZisHO7UlM0zwaSYk1lzbW14QIVieWARPwJ2rIEvDwsqzRqE1ah0dLaEd2ApxBufK9Ee9My/E9H1X7Ftwx6JpGgNb5thlEAfAV4o0PjzBR3BZtckcgktn8qyxByKa3LmG9GInmCxpn0KJXeKWD39RHpYKnTkBmKys2f/rUn4fcxrlzi+gquExxmuz983tJZ0mG055jWAkwVS527GhIs+hN2pqvyYyQh6cXTz3I6YoeutTqXkfIuAO8ozBytdNQbeJiPExPuWYVOHMipLOgnnVKkZREsIu1I9bU1MMXgfPyDjv34dN18lS6r2DwUqLt21ViBonJx
X-IPAS-Result: A2ENNgBHVhhg/zCZrQpiHQEBAQEJARIBBQUBQIFPgiGBAIE9CoQ2jwaCUQOBBZlWgWgLAQEBAQEBAQEBCAEvBAEBhEoCF4FkJjgTAgMBAQsBAQEFAQEBAQEGAwEBAQKGW4I4IoN2AQEBAQMjEUUMBAIBCBEEAQEDAiYCAgIwFQgIAgQBDQUIgx+yajx2gTKKWYEOKoZ8hkJBgUI+gRGCZDU+g38KARIBCYMxgmAEgyoBA1IBgREHOxAvARgLkz2lPgMHgnabdCujE5QqnRcYhDgCBAIEBQIWgSVIgQtwcIM5UBcCDZxqdDcCBgoBAQMJiwSBEQEB
Received: from BRN1WNEX02.vcorp.ad.vrsn.com (10.173.153.49) by BRN1WNEX01.vcorp.ad.vrsn.com (10.173.153.48) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2106.2; Mon, 1 Feb 2021 14:30:23 -0500
Received: from BRN1WNEX02.vcorp.ad.vrsn.com ([fe80::7c0a:1cc:5def:9dde]) by BRN1WNEX02.vcorp.ad.vrsn.com ([fe80::7c0a:1cc:5def:9dde%4]) with mapi id 15.01.2106.006; Mon, 1 Feb 2021 14:30:23 -0500
From: "Hollenbeck, Scott" <shollenbeck@verisign.com>
To: "rsalz@akamai.com" <rsalz@akamai.com>, "secdir@ietf.org" <secdir@ietf.org>
CC: "draft-ietf-regext-rfc7483bis.all@ietf.org" <draft-ietf-regext-rfc7483bis.all@ietf.org>, "last-call@ietf.org" <last-call@ietf.org>, "regext@ietf.org" <regext@ietf.org>
Thread-Topic: [secdir] Secdir last call review of draft-ietf-regext-rfc7483bis-04
Thread-Index: AQHW+M+EnpkkwTM+eEegnOw2Eg1SQKpDruWQ
Date: Mon, 01 Feb 2021 19:30:22 +0000
Message-ID: <c2d547a912964de4953bbc0f4291ac9b@verisign.com>
References: <161220714890.15602.5069607060927407996@ietfa.amsl.com> <44F5BDA3-4488-4E76-84DE-87EBBFE4F0B0@akamai.com>
In-Reply-To: <44F5BDA3-4488-4E76-84DE-87EBBFE4F0B0@akamai.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.170.148.18]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/QzK0ScAuM1WhB9A5Ud5vUjYK3bA>
Subject: Re: [secdir] Secdir last call review of draft-ietf-regext-rfc7483bis-04
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Feb 2021 19:30:27 -0000
> -----Original Message----- > From: Salz, Rich <rsalz@akamai.com> > Sent: Monday, February 1, 2021 2:22 PM > To: secdir@ietf.org > Cc: draft-ietf-regext-rfc7483bis.all@ietf.org; last-call@ietf.org; > regext@ietf.org > Subject: [EXTERNAL] Re: [secdir] Secdir last call review of draft-ietf-regext- > rfc7483bis-04 > > Caution: This email originated from outside the organization. Do not click links > or open attachments unless you recognize the sender and know the content > is safe. > > Browser crashed. Here's the real review. > > I have reviewed this document as part of the security directorate's ongoing > effort to review all IETF documents being processed by the IESG. These > comments were written primarily for the benefit of the security area > directors. Document editors and WG chairs should treat these comments > just like any other last call comments. > > The summary of the review is ready with nits. > > I expected to see mention of HTTPS, as opposed to HTTP, in the protocol > definition. At a minimum > HTTPS MUST be used. > In the security considerations. > > I wonder if using "451" status is worthwhile? I can accept either answer. > > As this is a protocol transliteration, the references to other RFC's and security > considersations seem on-target. Thanks for the review, Rich. The security services for RDAP are described in RFC 7481, where it says, " HTTP over TLS MUST be used to protect all client-server exchanges unless operational constraints make it impossible to meet this requirement.". I intend to submit a request to move 7481 from Proposed Standard status to Standard status shortly to keep these in synch. Scott
- [secdir] Secdir last call review of draft-ietf-re… Rich Salz via Datatracker
- Re: [secdir] Secdir last call review of draft-iet… Salz, Rich
- Re: [secdir] Secdir last call review of draft-iet… Salz, Rich
- Re: [secdir] Secdir last call review of draft-iet… Hollenbeck, Scott