Re: [secdir] secdir review of draft-ietf-intarea-nat-reveal-analysis-05

Suresh Krishnan <suresh.krishnan@ericsson.com> Fri, 08 March 2013 06:21 UTC

Return-Path: <secdir-bounces@mit.edu>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 72C4321F86B6 for <secdir@ietfa.amsl.com>; Thu, 7 Mar 2013 22:21:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -104.079
X-Spam-Level:
X-Spam-Status: No, score=-104.079 tagged_above=-999 required=5 tests=[AWL=2.520, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EZe2YQ1Gygcr for <secdir@ietfa.amsl.com>; Thu, 7 Mar 2013 22:21:00 -0800 (PST)
Received: from pch.mit.edu (PCH.MIT.EDU [18.7.21.90]) by ietfa.amsl.com (Postfix) with ESMTP id B997421F86A1 for <secdir@ietf.org>; Thu, 7 Mar 2013 22:21:00 -0800 (PST)
Received: from pch.mit.edu (pch.mit.edu [127.0.0.1]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id r286KxHd002418 for <secdir@ietf.org>; Fri, 8 Mar 2013 01:20:59 -0500
Received: from mailhub-dmz-4.mit.edu (MAILHUB-DMZ-4.MIT.EDU [18.7.62.38]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id r286Kt6X002415 for <secdir@PCH.mit.edu>; Fri, 8 Mar 2013 01:20:55 -0500
Received: from dmz-mailsec-scanner-6.mit.edu (DMZ-MAILSEC-SCANNER-6.MIT.EDU [18.7.68.35]) by mailhub-dmz-4.mit.edu (8.13.8/8.9.2) with ESMTP id r286KlNo015720 for <secdir@mit.edu>; Fri, 8 Mar 2013 01:20:55 -0500
Authentication-Results: symauth.service.identifier
Received: from usevmg20.ericsson.net (usevmg20.ericsson.net [198.24.6.45]) by dmz-mailsec-scanner-6.mit.edu (Symantec Messaging Gateway) with SMTP id 28.16.32259.64389315; Fri, 8 Mar 2013 01:20:55 -0500 (EST)
X-AuditID: 12074423-b7f5b6d000007e03-01-513983467512
Received: from EUSAAHC002.ericsson.se (Unknown_Domain [147.117.188.78]) by usevmg20.ericsson.net (Symantec Mail Security) with SMTP id 6E.4F.02430.54389315; Fri, 8 Mar 2013 07:20:54 +0100 (CET)
Received: from EUSAAMB107.ericsson.se ([147.117.188.124]) by EUSAAHC002.ericsson.se ([147.117.188.78]) with mapi id 14.02.0318.004; Fri, 8 Mar 2013 01:20:53 -0500
From: Suresh Krishnan <suresh.krishnan@ericsson.com>
To: "Scott G. Kelly" <scott@hyperthought.com>
Thread-Topic: secdir review of draft-ietf-intarea-nat-reveal-analysis-05
Thread-Index: AQHOG5BrjjJ9GD3Ee0CwotPG6hmADJibUwuE
Date: Fri, 08 Mar 2013 06:20:52 +0000
Message-ID: <qukmf5w7ff1ci8kid9if2mkq.1362723650973@email.android.com>
References: <1362701013.542210453@apps.rackspace.com>
In-Reply-To: <1362701013.542210453@apps.rackspace.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFmphk+JIrShJLcpLzFFi42I5JsGmq+vebBlocPoqi0Xbs91sDoweTWeO MgcwRnHZpKTmZJalFunbJXBldE5rZi74z1Nx+MkzxgbG+1xdjBwcEgImEl3N2l2MnByMAkYS u8+9YgWxJQTEJC7cW8/WxcjFISRwmVFi9qwuRoiEicT3X7eZIBJHGCXudf1jh3CWMUo0fWhh AqliA6rasPMzmC0ioCsxbW0rK0gRs8BuRolpz+ewgySEBdwlPq/eBVXkITHv5xZmCNtI4sD3 /2wg57EIqEic+S0MYvIKuElMPCsJUiEkYCrR//UGWCengJlE74Fb7BAfiEl8P7UGLM4sIC5x 68l8JoijBSSW7DnPDGGLSrx8/I8VokZHYsHuT2wQtrbEsoWvwWp4BQQlTs58wgJysoTADDaJ rysfMU1glJyFZO4sJP2zkPTPQtK/gJFlFaNsSm6Vbm5iZk5xarJucXJiXl5qka6ZXm5miV5q SukmRmAUCrG7KO9g/HNQ6RCjAAejEg9vxSaLQCHWxLLiytxDjJIcTEqivBYNloFCfEn5KZUZ icUZ8UWlOanFhxglOJiVRHh/ywDleFMSK6tSi/JhUtIcLErivNdSbvoLCaQnlqRmp6YWpBbB ZJk42A8xynBwKEnwhjYBdQsWpaanVqRl5pQgq+EEEVwga3iA1niDFPIWFyTmFmemQxSdYlSU EucVBEkIgCQySvPgBsAS5yVGWSlhXkYGBgYhHqALgB5HlX/FKA70tDDEeJ7MvBK46a+AFjMB LfYLtgBZXJKIkJJqYMyJbawoqbE/m7xsx7fvj5ek+y+Y+SxfqJ/NR1/nYrKGV4pAzdaj0W1K HtbKUk/NH+b/ORgQeozrf7Fa6LuEiyzpvaWvTs0/LXFzi+2t6gttnUvCi3V9ly1p+Rw4b9eL OqlpDyetm6X583y46wM7a20ZvRXN5tzLC6I3Lpb4qCXDuKxMenZnvRJLcUaioRZzUXEiACmc BzOXAwAA
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFrrCLMWRmVeSWpSXmKPExsUyuXSPn65bs2WgwfS5PBb7X5ZazPgzkdni 65YJjBZtz3azObB47NhxisVjyZKfTB5NZ44ye3y5/JktgCWKyyYlNSezLLVI3y6BK6NzWjNz wX+eisNPnjE2MN7n6mLk5JAQMJH4/us2E4QtJnHh3nq2LkYuDiGBI4wS97r+sUM4yxglmj60 gFWxAXVs2PkZzBYR0JWYtraVFaSIWWA3o8S053PYQRLCAu4Sn1fvgirykJj3cwszhG0kceD7 f6AVHBwsAioSZ34Lg5i8Am4SE89KglQICZhK9H+9AdbJKWAm0XvgFthERqDjvp9aAxZnFhCX uPVkPtTRAhJL9pxnhrBFJV4+/scKUaMjsWD3JzYIW1ti2cLXYDW8AoISJ2c+YZnAKDoLyahZ SFpmIWmZhaRlASPLKkaO0uLUstx0I4NNjMCYOSbBpruDcc9Ly0OM0hwsSuK8Qa4XAoQE0hNL UrNTUwtSi+KLSnNSiw8xMnFwSjUwzms4ouV/vXzHnumcsoJfzyhp3pycNoG97U7UcTafqNS7 yrw7dOL8MoXXl+xiuVXm3nf07dtTr5w/vJ9rz/db7Jq25KITp3r2GzyP3dj6YckLjf6Ja5uU 31Ws/K7e49SXL+rscjlJ+umsxx6pgTGq165seaP7rrEruiK1Q3/l9oi9Zg/vKGp+U2Ipzkg0 1GIuKk4EAC5FIsRnAgAA
X-MIME-Autoconverted: from quoted-printable to 8bit by pch.mit.edu id r286Kt6X002415
X-BeenThere: secdir@mit.edu
X-Mailman-Version: 2.1.6
Precedence: list
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: secdir-bounces@mit.edu
Errors-To: secdir-bounces@mit.edu
Cc: secdir <secdir@mit.edu>, "iesg@ietf.org" <iesg@ietf.org>, "draft-ietf-intarea-nat-reveal-analysis.all@tools.ietf.org" <draft-ietf-intarea-nat-reveal-analysis.all@tools.ietf.org>
Subject: Re: [secdir] secdir review of draft-ietf-intarea-nat-reveal-analysis-05
X-BeenThere: secdir@ietf.org
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Mar 2013 06:21:01 -0000

Hi Scott,
Thanks a lot for the review. Much appreciated.

Regards
Suresh


----- Original Message -----
From: "Scott G. Kelly" <scott@hyperthought.com>
To: "draft-ietf-intarea-nat-reveal-analysis.all@tools.ietf.org" <draft-ietf-intarea-nat-reveal-analysis.all@tools.ietf.org>, "iesg@ietf.org" <iesg@ietf.org>, secdir <secdir@mit.edu>
Sent: 3/7/2013 7:03 PM
Subject: secdir review of draft-ietf-intarea-nat-reveal-analysis-05



I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG.  These comments were written primarily for the benefit of the security area directors.  Document editors and WG chairs should treat these comments just like any other last call comments.

The intended status is Informational. From the abstract, the document describes a collection of solutions to reveal a host identifier (denoted as HOST_ID) when a Carrier Grade NAT (CGN) or application proxies are involved in the path. The document looks at several options for adding an identifier to packets that facilitates source disambiguation by endpoints.

The document includes a section on privacy considerations, and the security considerations section points out that servers should not rely on HOST_ID for trust decisions, and that admins should be aware of the potential for unwanted information leakage. It also says that  HOST_ID specification documents should elaborate further on threats specific to the particular solution.

I think this pretty well covers it, and I have no concerns with this document.

--Scott



_______________________________________________
secdir mailing list
secdir@mit.edu
https://mailman.mit.edu/mailman/listinfo/secdir