IETF Logo Mail Archive

[secdir] SecDir Review of draft-ietf-behave-dccp-03

Catherine Meadows <catherine.meadows@nrl.navy.mil> Tue, 21 October 2008 15:45 UTC

Return-Path: <secdir-bounces@ietf.org>
X-Original-To: secdir-archive@ietf.org
Delivered-To: ietfarch-secdir-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 1A8053A6A39; Tue, 21 Oct 2008 08:45:51 -0700 (PDT)
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 56BA33A67C0; Tue, 21 Oct 2008 08:45:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.599
X-Spam-Level:
X-Spam-Status: No, score=-4.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, GB_I_LETTER=-2]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nmENTzD2JhgF; Tue, 21 Oct 2008 08:45:49 -0700 (PDT)
Received: from fw5540.nrl.navy.mil (fw5540.nrl.navy.mil [132.250.196.100]) by core3.amsl.com (Postfix) with ESMTP id 711793A6A7C; Tue, 21 Oct 2008 08:45:49 -0700 (PDT)
Received: from chacs.nrl.navy.mil (sun1.fw5540.net [10.0.0.11]) by fw5540.nrl.navy.mil (8.13.6/8.13.6) with ESMTP id m9LFl0PS014562; Tue, 21 Oct 2008 11:47:00 -0400 (EDT)
Received: from chacs.nrl.navy.mil (sun1 [10.0.0.11]) by chacs.nrl.navy.mil (8.13.6/8.13.6) with SMTP id m9LFkuBR028627; Tue, 21 Oct 2008 11:46:58 -0400 (EDT)
Received: from enkidu.fw5540.net ([10.0.3.64]) by chacs.nrl.navy.mil (SMSSMTP 4.1.16.48) with SMTP id M2008102111465707796 ; Tue, 21 Oct 2008 11:46:57 -0400
Message-Id: <A627C94E-3550-46AB-936F-0208AE304014@nrl.navy.mil>
From: Catherine Meadows <catherine.meadows@nrl.navy.mil>
To: secdir@ietf.org, iesg@ietf.org, rem@videolan.org, dthaler@microsoft.com, dwing@cisco.com
Mime-Version: 1.0 (Apple Message framework v929.2)
Date: Tue, 21 Oct 2008 11:45:51 -0400
X-Mailer: Apple Mail (2.929.2)
Subject: [secdir] SecDir Review of draft-ietf-behave-dccp-03
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"; DelSp="yes"
Sender: secdir-bounces@ietf.org
Errors-To: secdir-bounces@ietf.org

  I have reviewed this document as part of the security directorate's  
ongoing effort to review all IETF documents being processed by the  
IESG. These comments were written primarily for the benefit of the  
security area directors.  Document editors and WG chairs should treat  
these comments just like any other last call comments.

This draft gives a set of behavioral requirements for network address  
translation for DCCP.
In the secure considerations section, the authors discuss the  
requirements that have security considerations,
and give recommendations.   This mostly looks in good shape, but I  
have trouble understanding the discussion of
Requirement 5 in this section.  It reads, in its entirety:

  REQ-5 recommends that a NAT that passively monitors DCCP state keep
    idle sessions alive for at least 124 minutes or 4 minutes depending
    on the state of the connection. it may attempt to actively determine
    the liveliness of a DCCP connection or let the NAT administrator
    configure more conservative timeouts.


It's unclear what the relationship is to security is here.  The  
discussion needs to make that explicit.

Some minor nits:

"problems. and" in the discussion of REQ-4 should be "problems and"

Second sentence in the discussion of REQ-5 should begin with a capital  
letter.


Catherine Meadows
Naval Research Laboratory
Code 5543
4555 Overlook Ave., S.W.
Washington DC, 20375
phone: 202-767-3490
fax: 202-404-7942
email: catherine.meadows@nrl.navy.mil



_______________________________________________
secdir mailing list
secdir@ietf.org
https://www.ietf.org/mailman/listinfo/secdir

v2.23.0 | Report a Bug | By Email