Re: [secdir] Secdir review of draft-ietf-eman-requirements-10

Juergen Quittek <Quittek@neclab.eu> Tue, 29 January 2013 16:41 UTC

Return-Path: <Quittek@neclab.eu>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6BF0A21F8933; Tue, 29 Jan 2013 08:41:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -104.449
X-Spam-Level:
X-Spam-Status: No, score=-104.449 tagged_above=-999 required=5 tests=[AWL=-1.150, BAYES_00=-2.599, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id p46vBa+1xMcQ; Tue, 29 Jan 2013 08:41:36 -0800 (PST)
Received: from mailer1.neclab.eu (mailer1.neclab.eu [195.37.70.40]) by ietfa.amsl.com (Postfix) with ESMTP id A8B4D21F892C; Tue, 29 Jan 2013 08:41:36 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mailer1.neclab.eu (Postfix) with ESMTP id 18AAC102F82; Tue, 29 Jan 2013 17:41:36 +0100 (CET)
X-Virus-Scanned: Amavisd on Debian GNU/Linux (netlab.nec.de)
Received: from mailer1.neclab.eu ([127.0.0.1]) by localhost (atlas-a.office.hd [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id s9RtOQRBM74Z; Tue, 29 Jan 2013 17:41:35 +0100 (CET)
Received: from ENCELADUS.office.hd (enceladus.office.hd [192.168.24.52]) by mailer1.neclab.eu (Postfix) with ESMTP id B68C8102F85; Tue, 29 Jan 2013 17:41:15 +0100 (CET)
Received: from DAPHNIS.office.hd ([169.254.2.175]) by ENCELADUS.office.hd ([192.168.24.52]) with mapi id 14.01.0323.003; Tue, 29 Jan 2013 17:40:46 +0100
From: Juergen Quittek <Quittek@neclab.eu>
To: =?iso-8859-1?Q?Magnus_Nystr=F6m?= <magnusn@gmail.com>, "iesg@ietf.org" <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>, "draft-ietf-eman-requirements@tools.ietf.org" <draft-ietf-eman-requirements@tools.ietf.org>
Thread-Topic: Secdir review of draft-ietf-eman-requirements-10
Thread-Index: AQHN94ylUZYZCHg9G0an9myQqW0GSphgjuWA
Date: Tue, 29 Jan 2013 16:40:46 +0000
Message-ID: <CD2DB835.6B138%quittek@neclab.eu>
In-Reply-To: <CADajj4Z6jQej-Q4jCHZ873wjX5M5-Z+sfCczXhn4aZgb8SkE=w@mail.gmail.com>
Accept-Language: de-DE, en-US
Content-Language: de-DE
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.14.0.111121
x-originating-ip: [10.7.0.92]
Content-Type: text/plain; charset="iso-8859-1"
Content-ID: <7EF3404CFCEA7646B6625E72193B08C6@office.hd>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: Re: [secdir] Secdir review of draft-ietf-eman-requirements-10
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Jan 2013 16:41:37 -0000

Hi Magnus,

Many thanks for the review.

As you suggested, I extended the paragraph in the Security
Considerations section:

OLD
   Monitoring energy-related quantities of an entity addressed in
   Sections 5 - 8 can be used to derive more information than just the
   received and provided energy, so monitored data requires privacy
   protection.  Monitored data may be used as input to control,
   accounting, and other actions, so integrity of transmitted
   information and authentication of the origin may be needed.

NEW
   Monitoring energy-related quantities of an entity addressed in
   Sections 5 - 8 can be used to derive more information than just the
   received and provided energy, so monitored data requires protection.
   This protection includes authentication and authorization of entities
   requesting access to monitored data as well as privacy protection
   during transmission of monitored data.  Monitored data may be used as
   input to control, accounting, and other actions, so integrity of
   transmitted information and authentication of the origin may be
   needed.


Does this look OK for you?

Thanks,
    Juergen


On 21.01.13 05:05, "Magnus Nyström" <magnusn@gmail.com> wrote:

>I have reviewed this document as part of the security directorate's
>ongoing effort to review all IETF documents being processed by the
>IESG.  These comments were written primarily for the benefit of the
>security area directors. Document editors and WG chairs should treat
>these comments just like any other last call comments.
>
>This standards-track document describes requirements on standards for
>managing power entities over networks.
> As stated in the Security Considerations section, controlling power
>state and power supply of networked energy entities are highly sensitive
>actions and thus authorization, privacy etc. may be required. Similarly,
>the date provided by those entities will often require integrity and
>sometimes authenticity. The document may gain by also making clear the
>potential need for the energy entities to identify, authenticate and
>authorize the entities requesting access to power data. I would suggest
>to add some text around this - because I assume some requirements on
>standards will be present for that.
>
>