[secdir] Secdir review of draft-ietf-anima-brski-prm-05
Charlie Kaufman <charliekaufman@outlook.com> Mon, 05 December 2022 07:22 UTC
Return-Path: <charliekaufman@outlook.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5BEDBC14CE41; Sun, 4 Dec 2022 23:22:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=outlook.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XlV_RauxBD_J; Sun, 4 Dec 2022 23:22:02 -0800 (PST)
Received: from NAM10-DM6-obe.outbound.protection.outlook.com (mail-dm6nam10olkn2106.outbound.protection.outlook.com [40.92.41.106]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AB061C14F718; Sun, 4 Dec 2022 23:21:59 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=R4oTyboUM34XfUMXNZc0DNh26L45yBMXag8yUJ29B+yw4Qz0D5KlKfwbJdJf+LQzQLAJUC/PPSQcscltOqOGA07bsf7VR3j6to2IxOSpgSej9AuYhOBYfwsZlYMPUdqv3+WKk7eoeAv39TejwB3eeSGfm3RNBRYpOFI3GN67lh2c+reznrpifQSekUP+Di97QSp9kVXBZK/fW+lWkkXFTBgwFpBoIxo/oNVeSh1EtPYUdPwlHB2R9jGuFqzWnmlwoHkSzL4OeYOTbBO/98083rY/GdvkR5UfszQfhe4SkjDDWQdlDrfigAGfzDWuhxTbjbZDMFPwJWuLetmD0EvgKw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=w3ebdGYW+EV5fzffJtt3uVm4pQuw5YyaYzGQofj7pBM=; b=AqXtYlY8azgSu2pY3EDilP57VwAhsfXtTBTiMguZ7mAjJiKWO/dl8VC393w0fYN+XdCdmtrEMf1qBlh+iJTDogb1L4hX/ysqCrSkX71qJOdbEh1yyJZ9fKPH8UkLsIhruBMQMN8/fZtNYFiAKG/2rkfCjxh4iV+nf1OmXUngNxxEpnv11DLkPZ3aau3XDFXWl+zZQvXsEKtRETy/c0t2qxyRljNd3rFIcCaDvCsrTJDhX9oCyWX10rMLkQ1n68Y5wYf1EyGw/9rGKrKObG2FJxz131ES4KH6IBRjkOPL3uCd+p9wPf52sbeJrnG/7jsksoujMiodWqdaSU9S/H1wOA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=w3ebdGYW+EV5fzffJtt3uVm4pQuw5YyaYzGQofj7pBM=; b=GymC9IzmJfhqfdIwYQDwx7xiJ4uCjpS8CLvPctSEsb613sCsEAri8LSg0Vlrb5c74U7HwdCkl3GrftU+bjsHAChbn/fZ/i7sylVoiBanJU86cBNGN8m6iKuzA9zq2vmiilVct2JlScitV3zatj7C8SXdHhJHLsAC+jjGnbjTq9WX0qLvwlUuck6T+VJsGnSJQOopEbMhomQk8D0i39V2sZvI/3lVnMGQEX/R0Xsz65Bfhdd5Umqm7VAsg6ezbay+IRQCOnMs6brKpUiHGWjpdaQ9R2nUXaBUYiTx98DdlLmey0DPMRt6l6K2jLiljpK50ASie+siuOzM6n4C8uOU1Q==
Received: from MW2PR1901MB4683.namprd19.prod.outlook.com (2603:10b6:302:6::28) by MN2PR19MB3968.namprd19.prod.outlook.com (2603:10b6:208:1ee::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5880.11; Mon, 5 Dec 2022 07:21:58 +0000
Received: from MW2PR1901MB4683.namprd19.prod.outlook.com ([fe80::bb5f:7c9a:9cb6:53d1]) by MW2PR1901MB4683.namprd19.prod.outlook.com ([fe80::bb5f:7c9a:9cb6:53d1%4]) with mapi id 15.20.5880.013; Mon, 5 Dec 2022 07:21:58 +0000
From: Charlie Kaufman <charliekaufman@outlook.com>
To: "secdir@ietf.org" <secdir@ietf.org>, "iesg@ietf.org" <iesg@ietf.org>, "draft-ietf-anima-brski-prm.all@ietf.org" <draft-ietf-anima-brski-prm.all@ietf.org>
Thread-Topic: Secdir review of draft-ietf-anima-brski-prm-05
Thread-Index: AQHZCHn+kM888Dy/FESr5V839Bdomw==
Date: Mon, 05 Dec 2022 07:21:58 +0000
Message-ID: <MW2PR1901MB4683A079D9A325BCD4DFB20CDF189@MW2PR1901MB4683.namprd19.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels:
x-tmn: [G5WzzgTJak2AOVgn7DYaiZiHKjDuB3H3Ec+BRMj9rm9ZhvCojfees16Eb8KzAA8F]
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: MW2PR1901MB4683:EE_|MN2PR19MB3968:EE_
x-ms-office365-filtering-correlation-id: 66ea1db7-0147-470e-8a62-08dad691651d
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: r7yoPqB/R3usyjJU6NOAiJgUehF9kzfMj/x49SxXe7yrGcqxXg5YJPGBRIMWudoZ3nTkRfbPt2GB6yTzzMr75WB+Wxcd/9Y7cki8lI6WTqk3JfP426D7xJRnZeYZh/rtsiQkMpLciWlMxeUMgLW5RLM2XXAkblFTRtJhUylimDkxeFrx+72tIrt75bPp9xF2FMFQ77eH4SzUvkHSPPaOwYFEtO+nG7434xbEengR/UshDCgAo9KTYL/XUXX/3RzWPc7ssS9hfpKPhGVm7A6YGm1e4cvju1PqTtXqED7FJLS5WFkD+FkIqTIts1HmYT6Qs8eBVPG7guaOcUYV3FnuAxN47D92MVaN5fYHD55Xd4ZCQ65wHCjIoSvCysAJTvxg8hNUAJDtdv2ShsSA0AqR2PX9ztI4E0hhNZqNOE8T6cD0wYhkDddLsPSbhH0fEUjHkpwpvANrR1lqH97q5rUy1IGLuMbRpnZJk5a4TpplZ00mP6PqGLe0U/wfIOB5AMbPB0l0SQVZFVfr62B8/vAl/8ia6EQ0eBOkwxeejF5ASOU5lKrGkk0CPGu0yo1NuQYCt10lCs5Cz18139B94jGnsGvTji14C4aXZqbuniqBAxM=
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: +DTfo/dpvIV/55MiSIcuyqL3+b0EM2wJFjX8zM9evtaqV8GGkmgHTsxuf1xeANYvxUuZP7DUkiUFZQCQ1h2sMigo2zgnI+mRiz5tZ6AyYIN2EMviztFl2vxt9Kt1hOzzXvMRbDM1I/fLsGF023l/mW7eWcJrOjPsRHKhbERVlyvqh3Tj7kGQyrrHf6rJ/i/sfj7jouuuuchFnqa7dfgxfeWSy1Rj/WfBihU8pHbv9kELfDE3GzSVWdv9X/paRHSrb814WoEpVW7oFYLr/qoIHCAqmzlhBMFw/uDi1MI9pNxTbb8WuO9spAlrhHu/wTPlFSjpyU4QmVMvZuBbrOLAvTyPkylTPLZNJZRQQ3HuzPz4xYH2f029JyGl+EkX754YfE9Qm64mwHkREs55+gSXHLe8Z+ih5a5ffqLnTSGyMmAiHhfHofYOyZUzX42WczCrX6yPTzE57Ko3eXl9ECr5JpylYzhPTsr6v/J6GHVCrkbFtU6ritXM6Bj0Mlk7asH/sBlwpKzxyPLfd0ybEUjYY5YCr7WjZ4VmrT03bpxQ/TJHi6+ZBLt3hIr7GAdDd5cciz2GGdaLJeIdEvxC9s+pqBAqwC4Dq4Itmpt3Tmh4icEgErb4jY061NcmjUVIyL3hLfoUJIcjzPfpJNlMVzhpgagHMP3MpC2bkdd/oWub1nw2RcU4KX+F8zILHaPjQn4tNjgmOnXo8nWnKCIcopU2hFySnaLDrYpurBq4KyqBKF2rywvuNFsX9qlZdiN71RbD9H3Mwg+uVKyA8BXrnFl+r/mk3DwtNL0ir3km2N7TrGLPk75s16rMiWPdDAAwg4lxOccm6hCunVhbswzwZQmeTuf+olUX+4CS3AXWIU09Uae6iyDfSBYUgKn7PDbwhZKNyvoRmWhEOxcP4Cjfd9f0z93C4XkgvGjT2cwFJ0AvMGmb9iFTIW8q60tOaB+nCKLK1qCu9jiohfyfwVhHcDLeNp49Lann/SBSPUOKTUFytev4WfIq2hR+1PZkue3TgN+dLa7JwJcW86IejM3jEtyVuip8c6/NqluyNSAac8e3PCUd+FgCscXiwN9vZXHUx6oteFFTYIvs81kmeAMxsXGtRG/lG/OVAJVMEx+cJTO1BbNx85TpL+DnVXa9kLFHf9ajeJ1bQMpY6Fr5wqUmqsqoMMQiSoUvdhfSozfo3bpwXTdPu6gAmWETMLku+kdRo5uQbG9d32cZ9Zj/WWd83yfhKj1mL7eg65S5W0W0rwA06mqIW+Asvr9Q4jd7xilqDWTloXv7R2W2V38Gk+K020aDXFt35saw2dLUKYUIR1/cQH44UPN+bs3DUzhYzLs3FNdz/Za85Sj0HkRT0IiHeQILCQ==
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: MW2PR1901MB4683.namprd19.prod.outlook.com
X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-CrossTenant-Network-Message-Id: 66ea1db7-0147-470e-8a62-08dad691651d
X-MS-Exchange-CrossTenant-originalarrivaltime: 05 Dec 2022 07:21:58.1070 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR19MB3968
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/UIVjDb7bH4Nsdi3HqmOQfPfzysU>
Subject: [secdir] Secdir review of draft-ietf-anima-brski-prm-05
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 05 Dec 2022 07:22:03 -0000
Reviewer: Charlie Kaufman Review result: Has nits I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This Standards Track ID extends a family of protocols for limited function devices to obtain certificates from their surrounding environment with the assistance of an on-line manufacturer's authority that can authenticate information as coming from their device. It extends the BRSKI (RFC8995) protocol to deal with devices that prefer to accept incoming initialization requests rather than initiating outbound requests. It does this be defining a new node called a "registrar-agent" that acts as a client to both the to-be-registered "pledge" and the domain registrar. The protocol is more elaborate that I would have thought necessary, but I could find no problems with it. Typos: p1 "To establishment the" -> "To establish the" p4 "In this scenarios it is" -> "In this scenario it is" p5 "defined i this" -> "defined in this" p8 "as describe in" -> "as described in" p8 "it SHOULD initiate to that Registrar" --- initiate what? a request? a connection? p9 "This operational parameters" -> "These operational parameters" p9 "presume the" -> "presumes the" p11 "constraint environments" -> "constrained environments" p12 "endpoints were the" -> "endpoints where the" p12 "endpoints were additional" -> "endpoints where additional" p45 "a manufactures pledge" -> "a manufacturer's pledge" p64 "on misusage" -> "of misuse" p64 "an registrar-agent" -> "a registrar-agent" p64 "rouge" -> "rogue"
- [secdir] Secdir review of draft-ietf-anima-brski-… Charlie Kaufman
- Re: [secdir] Secdir review of draft-ietf-anima-br… Fries, Steffen