IETF Logo Mail Archive

Re: [secdir] Early SecDir Reviews

Hannes Tschofenig <hannes.tschofenig@gmx.net> Mon, 24 August 2015 19:41 UTC

Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9C6B21B3245; Mon, 24 Aug 2015 12:41:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.61
X-Spam-Level:
X-Spam-Status: No, score=-2.61 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id F30_lNJkk7aQ; Mon, 24 Aug 2015 12:41:04 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net [212.227.15.19]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EC2D91B3247; Mon, 24 Aug 2015 12:41:03 -0700 (PDT)
Received: from [192.168.131.138] ([80.92.122.31]) by mail.gmx.com (mrgmx001) with ESMTPSA (Nemesis) id 0MQRWm-1ZJyG82260-00TnJu; Mon, 24 Aug 2015 21:40:44 +0200
Message-ID: <55DB732C.4030703@gmx.net>
Date: Mon, 24 Aug 2015 21:40:28 +0200
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.8.0
MIME-Version: 1.0
To: Russ Housley <housley@vigilsec.com>, Susan Hares <shares@ndzh.com>
References: <32779ADA-75D3-4754-AFD2-DFFE7237D939@vigilsec.com> <00c201d0de98$25ac79c0$71056d40$@ndzh.com> <8FBE7974-F6D5-4A05-A078-E705A61D976B@vigilsec.com>
In-Reply-To: <8FBE7974-F6D5-4A05-A078-E705A61D976B@vigilsec.com>
OpenPGP: id=4D776BC9
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="scppDv0K49WLm37eQorJLBQ0gmgV6a8Le"
X-Provags-ID: V03:K0:N7/NWeyyt/S4MLSYt05wf676wQlsOVD80krr103hHn/WNNb7+Dx xg+z/pl8mj0FXIoLyUm6PqgmhS8udgz+jzOU0k/kfEovT5u81M88wUrybW5egPxFpjVX5gF UwQF+MCVV69x68vKzBg1/HNFmYWTbRj1w1OQ9plrHtZg2kWyurC3Ks+C0t5lYcy3c7cE2xA 8MnxxNN3CygVV3Rys56gg==
X-UI-Out-Filterresults: notjunk:1;V01:K0:3p+mSamM5AY=:XsELFXlle1hr+1kSVf82Vd hgf5effdnH5jFzzpket6BzWkB22DZjxipbtVo7t/2wfi0/zGPJE6jp7IWw2EcPVhOoJ8889D7 RFhQLoROS7y/0qMT17ULI3/0Hf8Il7j8S3hSHO4FDHpMI+emVzgwKRNZUGhgCeZpjIpCEdWFb RUj8k1yibfQqT0RnnUBg95u/UyoEPpx1t8zaqtdQgyE1VSgETtoMka4fh/Aa4J0r9yynjLks1 dOWL9CbxHJ7+SOINfjCDJjRUpCnlHgc1oXk91f/ERqVIrukQAw2NhgSR+wSzSdmY7Xb03IpsH 0m3mBiNAijiDIdjDUfy3ktLpEjMX3WKIourK5b9i6Pc9sr4vyjL8rKUSBVZXF2v2096GbcJth Ab8386WX8a0hOIVMq7oP2ALfHfDM08EKDbIpB1a10Ke6m3wYmWKWZcn8HulBwc7+bFXCb+X7P jVWVw0Skg0IXWiFjz1uJ/s4k//vfU4UMeKkqq6M9yx4co0racSgZ7T75izkL0BMo0yMf820bO ayT+tKKoCloIYBU20cvXz3RX0kqjiYVFxoegGcMyd4dBdPfQVsGaIPn3SVKxAcnseXOzqkLNt 6W2Rbd7DF9KET9HNJiZrn5t0Om78FrpyN1jW2oPQRtsytO/JwZYavcf98qdeSsFlNB4WWXC97 ajNpfS/ymPvIXTbESZHi9X9KPyby4inQ/jOxzzubElF/UO6FUpjeH/K4nyD574Uh3ma2Hxebw 5YxIM5RAZ2r200P5
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/Tf5OB_KVrY7B1dPUz-d20jeIUJc>
Cc: 'Kathleen Moriarty' <kathleen.moriarty.ietf@gmail.com>, draft-hares-i2rs-auth-trans.all@ietf.org, draft-mglt-i2rs-security-requirements.all@ietf.org, 'IETF SecDir' <secdir@ietf.org>
Subject: Re: [secdir] Early SecDir Reviews
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Aug 2015 19:41:05 -0000

Just a minor note to the draft authors: Identity is an overloaded term
and most likely you mean identifier. If you really believe you mean
identity then check it against the definition in RFC 6973.

On 08/24/2015 09:27 PM, Russ Housley wrote:
>>   o  SEC-REQ-08: Each Identity is associated with one secondary
>> >      identity during a particular read/write sequence, but the
>> >      secondary identity may vary during the time a connection between
>> >      the I2RS client and I2RS agent is active.  The variance of the
>> >      secondary identity allows the I2rs client to be associated with
>> >      multiple applications and pass along an identifier for these
>> >      applications in the secondary identifier.
> Yes, if that identity is going to be used to make the access control decision.
>

v2.23.0 | Report a Bug | By Email