[secdir] SecDir review of draft-ietf-p2psip-service-discovery-14
Alexey Melnikov <alexey.melnikov@isode.com> Thu, 07 August 2014 10:33 UTC
Return-Path: <alexey.melnikov@isode.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4E5731B27E5; Thu, 7 Aug 2014 03:33:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KeS49imd5Tzj; Thu, 7 Aug 2014 03:33:26 -0700 (PDT)
Received: from waldorf.isode.com (ext-bt.isode.com [217.34.220.158]) by ietfa.amsl.com (Postfix) with ESMTP id D56BC1A00EA; Thu, 7 Aug 2014 03:33:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1407407604; d=isode.com; s=selector; i=@isode.com; bh=lsQabdr7+Ydvx5jXUplLXCKvb0G7AXHJJ1bzLqC6sQI=; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version: In-Reply-To:References:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description; b=rHRSDC2s3G3yyCQ7/V8FvHotWwwkKcIJdVxmZCADbeSn+FVPqmd5ArSyeIKa+VXh/bhKig hfSBBUOpGkSS5/WdZ2Eq4VC5tIQDCQOMpp3U3YdZyrpuySidWxPW35UtqJZTpsnWQf3PSt hW+uoQ4pWKfWcJ0btY+rPbo8/vaECqY=;
Received: from [192.168.0.4] (cpc5-nmal20-2-0-cust24.19-2.cable.virginm.net [92.234.84.25]) by waldorf.isode.com (submission channel) via TCP with ESMTPA id <U-NV8wAvQ7lO@waldorf.isode.com>; Thu, 7 Aug 2014 11:33:24 +0100
Message-ID: <53E355FB.5000101@isode.com>
Date: Thu, 07 Aug 2014 11:33:31 +0100
From: Alexey Melnikov <alexey.melnikov@isode.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Thunderbird/24.6.0
To: draft-ietf-p2psip-service-discovery.all@tools.ietf.org, "iesg@ietf.org" <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/secdir/SAixIKwWdv-4LVYBuFYZ1d49fSA
Subject: [secdir] SecDir review of draft-ietf-p2psip-service-discovery-14
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Aug 2014 10:33:27 -0000
Hi, I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. I believe this document is "ready with issues." REsource LOcation and Discovery (RELOAD) does not define a generic service discovery mechanism as a part of the base protocol. This document defines how the Recursive Distributed Rendezvous (ReDiR) service discovery mechanism used in OpenDHT can be applied to RELOAD overlays to provide a generic service discovery mechanism. The Security Considerations section points to the Security Considerations section of RFC 6940, which is quite extensive and relevant. The document also defines a new access control policy called NODE-ID-MATCH. As only nodes that own service discovery information can update it, it looks like there are no additional security issue raised beyond what is already covered in RFC 6940. As the information is public, I can't think of any privacy concerns. While I was able to follow the document, I think it lacks attention to details which are not obvious for somebody not following the technology. Minor issues that should be easy to fix: On page 4: H(x) - missing reference to SHA-1. Any specific properties required from H(x)? Namespace - missing reference to UTF-8. On page 6: H() with multiple arguments is not defined, especially if they can be both strings and integers (what byte order)? b' is not defined. Typo in the description? In 4.2 I read "the mode of those depths". Can you explain what this means? Or is this a typo?
- [secdir] SecDir review of draft-ietf-p2psip-servi… Alexey Melnikov
- Re: [secdir] SecDir review of draft-ietf-p2psip-s… Jouni Mäenpää
- Re: [secdir] SecDir review of draft-ietf-p2psip-s… Alexey Melnikov