[secdir] secdir review of draft-ietf-mext-aero-reqs8

Sam Hartman <hartmans-ietf@mit.edu> Fri, 21 August 2009 10:46 UTC

Return-Path: <hartmans@mit.edu>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B25DE3A6BBE; Fri, 21 Aug 2009 03:46:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.157
X-Spam-Level:
X-Spam-Status: No, score=-2.157 tagged_above=-999 required=5 tests=[AWL=-0.119, BAYES_00=-2.599, IP_NOT_FRIENDLY=0.334, SARE_SUB_OBFU_Q1=0.227]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oFPkaXpZt5Ts; Fri, 21 Aug 2009 03:46:47 -0700 (PDT)
Received: from carter-zimmerman.suchdamage.org (carter-zimmerman.suchdamage.org [69.25.196.178]) by core3.amsl.com (Postfix) with ESMTP id DCF483A67E6; Fri, 21 Aug 2009 03:46:46 -0700 (PDT)
Received: by carter-zimmerman.suchdamage.org (Postfix, from userid 8042) id 5157A64492; Fri, 21 Aug 2009 06:46:49 -0400 (EDT)
To: secdir@ietf.org,iesg@ietf.org
From: Sam Hartman <hartmans-ietf@mit.edu>
Date: Fri, 21 Aug 2009 06:46:49 -0400
Message-ID: <tsl8whdqw9y.fsf@mit.edu>
User-Agent: Gnus/5.11 (Gnus v5.11) Emacs/22.2 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Cc: draft-ietf-mext-aero-reqs@tools.ietf.org, mext-chairs@tools.ietf.org
Subject: [secdir] secdir review of draft-ietf-mext-aero-reqs8
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Aug 2009 10:46:47 -0000

This is a security directorate review; editors should treat these
comments as any other last call comments.

Sorry that the review is late.  I read the draft, prepared my comments
and failed to send them out.

This draft describes requirements from the air and space communities
for nemo route optimization for aircraft and spacecraft.

Within that scope, I have no additional security concerns.

However it is important to make sure that everyone involved
understands meeting these requirements alone without more general
security requirements would not produce an acceptable solution.  If
the intent of this draft is to state all the requirements that mext
needs to consider in developing a solution that meets IETF standards
and that meets the needs of the air/space community, then it falls
significantly short.  I don't think that is the intent though; I think
this is simply intended to be one stakeholder's input.  Presumably,
even if we are only targeting deployment in air/space enviroments, we
will look at more general security and management requirements
necessary to make the technology deployable on the internet.  If we're
all on the same page on that point, then this draft is fine.

I think the stated requirements seem reasonable.  However, I'm not
actually sure that a solution exists as an extension to current basic
nemo.  In particular, requirements about minimizing or avoiding custom
software may rule out nemo.  However, perhaps I'm missing something.