[secdir] secdir review of draft-ietf-pcp-proxy-08

Samuel Weiler <weiler@watson.org> Mon, 06 July 2015 00:53 UTC

Return-Path: <weiler@watson.org>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 480911B29D3; Sun, 5 Jul 2015 17:53:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.79
X-Spam-Level:
X-Spam-Status: No, score=0.79 tagged_above=-999 required=5 tests=[BAYES_50=0.8, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lpyYAjghfpFL; Sun, 5 Jul 2015 17:53:44 -0700 (PDT)
Received: from cyrus.watson.org (cyrus.watson.org [198.74.231.69]) by ietfa.amsl.com (Postfix) with ESMTP id 2C4F91B29D5; Sun, 5 Jul 2015 17:53:41 -0700 (PDT)
Received: from fledge.watson.org (fledge.watson.org [198.74.231.63]) by cyrus.watson.org (Postfix) with ESMTPS id A2BE846BB5; Sun, 5 Jul 2015 20:53:40 -0400 (EDT)
Received: from fledge.watson.org (weiler@localhost.watson.org [127.0.0.1]) by fledge.watson.org (8.14.9/8.14.9) with ESMTP id t660reQN083464; Sun, 5 Jul 2015 20:53:40 -0400 (EDT) (envelope-from weiler@watson.org)
Received: from localhost (weiler@localhost) by fledge.watson.org (8.14.9/8.14.9/Submit) with ESMTP id t660reKm083461; Sun, 5 Jul 2015 20:53:40 -0400 (EDT) (envelope-from weiler@watson.org)
X-Authentication-Warning: fledge.watson.org: weiler owned process doing -bs
Date: Sun, 5 Jul 2015 20:53:40 -0400 (EDT)
From: Samuel Weiler <weiler@watson.org>
To: secdir@ietf.org, iesg@ietf.org, draft-ietf-pcp-proxy@tools.ietf.org
Message-ID: <alpine.BSF.2.11.1507050720440.50023@fledge.watson.org>
User-Agent: Alpine 2.11 (BSF 23 2013-08-11)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; format=flowed; charset=US-ASCII
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.4.3 (fledge.watson.org [127.0.0.1]); Sun, 05 Jul 2015 20:53:40 -0400 (EDT)
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/UaMWsqy-r_Wb0y7i7uOUsIOX8lA>
Subject: [secdir] secdir review of draft-ietf-pcp-proxy-08
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Jul 2015 00:53:45 -0000

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

Summary: document is ready for publication (with mild reservation).

My thanks to the document editors for producing a readable document.

Mild reservation: when I look at the use cases for PCP Proxy in this 
document (e.g. a consumer router doing NAT, connected to hotel NAT, 
connected to carrier NAT), it's hard to imagine that operational 
environment often fitting within the description of PCP's "simple 
threat model" (RFC6887, section 18.1).  And once you reject the 
simplifying assumptions in that "simple threat model", RFC6877 says 
PCP needs a security mechanism (section 18.2 of RFC6877).  Maybe this 
document should explicity reinforce that need, perhaps citing and 
blocking on draft-ietf-pcp-authentication?