Re: [secdir] Security directorate
Stephen Kent <kent@bbn.com> Thu, 18 December 2014 16:00 UTC
Return-Path: <kent@bbn.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2EB2C1A8A89 for <secdir@ietfa.amsl.com>; Thu, 18 Dec 2014 08:00:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.21
X-Spam-Level:
X-Spam-Status: No, score=-4.21 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id O3sr8afBTu-N for <secdir@ietfa.amsl.com>; Thu, 18 Dec 2014 08:00:16 -0800 (PST)
Received: from smtp.bbn.com (smtp.bbn.com [128.33.0.80]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 782CA1A1B2C for <secdir@ietf.org>; Thu, 18 Dec 2014 08:00:16 -0800 (PST)
Received: from dommiel.bbn.com ([192.1.122.15]:45587 helo=COMSEC.local) by smtp.bbn.com with esmtp (Exim 4.77 (FreeBSD)) (envelope-from <kent@bbn.com>) id 1Y1dUV-000DiB-P6; Thu, 18 Dec 2014 10:59:51 -0500
Message-ID: <5492F9F7.1070909@bbn.com>
Date: Thu, 18 Dec 2014 10:59:51 -0500
From: Stephen Kent <kent@bbn.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: Susan Hares <shares@ndzh.com>, 'Tero Kivinen' <kivinen@iki.fi>, 'Kathleen Moriarty' <kathleen.moriarty.ietf@gmail.com>, charliekaufman@outlook.com
References: <074b01d00f31$1712da30$45388e90$@ndzh.com> <CAHbuEH7ko_Hz-YHNF=U52a9d8PsX6kYM1udKDK0pWKqhk7VE1Q@mail.gmail.com> <21650.47330.158595.209025@fireball.kivinen.iki.fi> <00e601d01ac4$b5b69b60$2123d220$@ndzh.com>
In-Reply-To: <00e601d01ac4$b5b69b60$2123d220$@ndzh.com>
Content-Type: multipart/alternative; boundary="------------080502050906050203000806"
Archived-At: http://mailarchive.ietf.org/arch/msg/secdir/W9MMSovHgae0_wvvPbJYAXZo03g
Cc: tnadeau@lucidvision.com, secdir <secdir@ietf.org>, 'Alia Atlas' <akatlas@gmail.com>, wardd@cisco.com, 'Jeffrey Haas' <jhaas@pfrc.org>, adrian@olddog.co.uk
Subject: Re: [secdir] Security directorate
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Dec 2014 16:00:21 -0000
SECDIR early review of draft-ietf-i2rs-problem-statement-04 I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG.These comments were written with the intent of improving security requirements and considerations in IETF drafts. Comments not addressed in last call may be included in AD reviews during the IESG review.Document editors and WG chairs should treat these comments just like any other last call comments. This is a short document describing the problem being addressed by the I2RS WG, and establishing some requirements for solutions. Section 2 describes the model for I2RS. It calls for using existing transport protocols to provide security, a good statement as part of the base protocol requirements. Looking at Figure 1, it seems that the only paths that are in scope for I2RS are between an I2RS agent and client and between clients. In section 5, authentication, authorization, and integrity are explicitly cited as requirements. This is a good statement of requirements. It might be nice to state whether confidentiality is also perceived as a requirement, or if it explicitly not a requirement. The Security Considerations section is a single paragraph consisting of 2 sentences. It opens with a nice statement about the importance of security in the I2RS context. I think a back pointer to the “secure Control” text would be appropriate. The second sentence says that more investigation is needed to fully define security requirements such as authorization and authentication levels. I don’t know what this last phrase means. Authorization (aka access control) isn’t usually described as having levels per se. Do you mean granularity of access control, or something else. Also, for authentication, there are various mechanisms one can employ, and these may be described as offering varying “levels” of security, but that is an oversimplification in many cases. A clearer description of what the authors are trying to convey here would be good. I also looked briefly at draft-hares-i2rs-security-02. That document begins with a very good discussion of security terminology based on RFC 4949. It also proposes very specific security requirements for communications in the I2RS model. That document calls for confidentiality as a requirement, which further motivates some mention of this security service in the problem statement, even if the statement is equivocal. Two typos I noted: Section 2: measuresments -> measurements Section 5: Such communications must also have its integrity protected. -> Such communications must also be integrity-protected.
- Re: [secdir] Security directorate Stephen Kent
- Re: [secdir] Security directorate Alia Atlas