[secdir] Secdir review: draft-ietf-mile-rfc6045-bis-05
Leif Johansson <leifj@sunet.se> Mon, 16 January 2012 10:02 UTC
Return-Path: <leifj@sunet.se>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F3A1821F8584; Mon, 16 Jan 2012 02:02:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id t3TSnMptXaem; Mon, 16 Jan 2012 02:02:30 -0800 (PST)
Received: from backup-server.nordu.net (backup-server.nordu.net [IPv6:2001:948:4:1::66]) by ietfa.amsl.com (Postfix) with ESMTP id 1E0DD21F853C; Mon, 16 Jan 2012 02:02:29 -0800 (PST)
Received: from [109.105.104.164] (dhcp30.se-tug.nordu.net [109.105.104.164] (may be forged)) (authenticated bits=0) by backup-server.nordu.net (8.14.3/8.14.3) with ESMTP id q0GA2NYP017760 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 16 Jan 2012 11:02:26 +0100 (CET)
Message-ID: <4F13F5AE.9060205@sunet.se>
Date: Mon, 16 Jan 2012 11:02:22 +0100
From: Leif Johansson <leifj@sunet.se>
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:8.0) Gecko/20111124 Thunderbird/8.0
MIME-Version: 1.0
To: secdir@ietf.org, draft-ietf-mile-rfc6045-bis.all@tools.ietf.org, iesg@ietf.org
X-Enigmail-Version: 1.3.4
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Subject: [secdir] Secdir review: draft-ietf-mile-rfc6045-bis-05
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Jan 2012 10:02:31 -0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. These document updates RFC6045 - Real-time Inter-network Defence (RID) The document defines a way to communicate IODEF objects between Service Providers. In general I find the document well written and I especially like the way the XML schema is described in ASCII graphics. A few comments: - - The term "Network Provider" is still used in parts of the document where it might be better to be consistent with the new term "Service Provider" (the name-change is announced in the introduction). - - The introduction states that the document moves RFC6505 to Historic status and also that it updates RFC6505. This is confusing to me. It seems like this is a simple case of an update that changes the document status (Informational -> Standards Track) and I'm not sure Historic needs to enter into it. - - The discussions on PKI issues and trust is quite good but I would have liked to see an explicit mention of the fact that strong name- key binding is the key to establishing a good trust infrastructure. The use of PKI is strongly encouraged but for smaller consortia it would be entirely feasible to establish the required level of trust by manually sharing keys instead of running a PKI. - - The security considerations section re-iterates a dependency on PKI and PKI federations to fulfill the trust requirements of RID consortia. However it is worth noting that very few examples of the type of PKI federations that RID depend on, exist in the wild. Cheers Leif -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk8T9asACgkQ8Jx8FtbMZndm7ACfaMed3PP8yZcLCOAbvfAk6QsN Lx8An1G/mntbsaGHJp8OQ88tgjawpx6d =qsnU -----END PGP SIGNATURE-----
- [secdir] Secdir review: draft-ietf-mile-rfc6045-b… Leif Johansson
- Re: [secdir] Secdir review: draft-ietf-mile-rfc60… kathleen.moriarty