[secdir] SecDir review of draft-ietf-sidr-adverse-actions-03

"Brian Weis (bew)" <bew@cisco.com> Wed, 04 January 2017 17:37 UTC

Return-Path: <bew@cisco.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 69472129697; Wed, 4 Jan 2017 09:37:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.622
X-Spam-Status: No, score=-17.622 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-3.1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id S7xrR_-HziSg; Wed, 4 Jan 2017 09:37:54 -0800 (PST)
Received: from rcdn-iport-9.cisco.com (rcdn-iport-9.cisco.com []) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2453D12968D; Wed, 4 Jan 2017 09:37:54 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2268; q=dns/txt; s=iport; t=1483551474; x=1484761074; h=from:to:subject:date:message-id:content-id: content-transfer-encoding:mime-version; bh=D9Jfy9Glp72dYZeQYVzagtIPI78RH2o/+tabwuKJ0A4=; b=AIdK9N8FmFkuWvcosUTAb26ggV6HZw7nGrKaAamTkhFnVa7nyjL1b3Kj PiR72y8s4ttNfMorLVwTLRuOu+apUbIeoehR92GO6i6IOP4CklXxZCA4R mZVniTxnbbp3DPyZiuX30QJhqlRs0E3gbKnQ6WSu+3Ns7EMnqhsazuW0r g=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="5.33,459,1477958400"; d="scan'208";a="188079869"
Received: from alln-core-2.cisco.com ([]) by rcdn-iport-9.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 04 Jan 2017 17:37:53 +0000
Received: from XCH-RTP-005.cisco.com (xch-rtp-005.cisco.com []) by alln-core-2.cisco.com (8.14.5/8.14.5) with ESMTP id v04HbqDY006700 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 4 Jan 2017 17:37:53 GMT
Received: from xch-rtp-001.cisco.com ( by XCH-RTP-005.cisco.com ( with Microsoft SMTP Server (TLS) id 15.0.1210.3; Wed, 4 Jan 2017 12:37:52 -0500
Received: from xch-rtp-001.cisco.com ([]) by XCH-RTP-001.cisco.com ([]) with mapi id 15.00.1210.000; Wed, 4 Jan 2017 12:37:52 -0500
From: "Brian Weis (bew)" <bew@cisco.com>
To: secdir <secdir@ietf.org>, The IESG <iesg@ietf.org>, "draft-ietf-sidr-adverse-actions.all@tools.ietf.org" <draft-ietf-sidr-adverse-actions.all@tools.ietf.org>
Thread-Topic: SecDir review of draft-ietf-sidr-adverse-actions-03
Thread-Index: AQHSZrFGyP8oViwbEkKwjJSI9pFi2w==
Date: Wed, 04 Jan 2017 17:37:52 +0000
Message-ID: <92CD5332-0DA4-4DD9-8973-17D0597A2696@cisco.com>
Accept-Language: en-US
Content-Language: en-US
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: []
Content-Type: text/plain; charset="utf-8"
Content-ID: <4B20C8693C376045A3B028F57F9A2F04@emea.cisco.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/Ro20P04lGSg2-nldZmzZL1TLY94>
Subject: [secdir] SecDir review of draft-ietf-sidr-adverse-actions-03
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Jan 2017 17:37:55 -0000

I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments.

As stated in the Abstract, this document analyzes actions by or against a CA or independent repository manager in the RPKI that can adversely affect the Internet Number Resources (INRs) associated with that CA or its subordinate CAs. Put another way, it documents threats to the RPKI/BGPSEC PKI, in which there are unique threats to the PKI that can adversely affect Internet routing. The document is well written and internally consistent. The Security Considerations section is adequate.

I consider this draft Ready to publish, but here are a couple of discretionary comments for the authors.

1. The end of section 2 says "Note that not all adverse actions may be addressed by this taxonomy.”. The phrase “addressed by” confused me a little bit, as it implies some recommendation or remediation — which this document does not attempt to do. This might be more clearly worded as “described by” or “included in”.

2. In section 2.1, A-1.2 (Suppression), it seems that suppression could result in the CA certificate intended to be replaced to expire before an intended CA rollover operation happens due to thes suppressed replacement certificate. Perhaps it is not noted because this threat is not specific to RPKI/BGPSEC, but it could be another serious suppression affecting Internet routing.