[secdir] secdir review of draft-ietf-tsvwg-port-use
"Dan Harkins" <dharkins@lounge.org> Sat, 31 January 2015 00:04 UTC
Return-Path: <dharkins@lounge.org>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CC99C1A87E0; Fri, 30 Jan 2015 16:04:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.167
X-Spam-Level:
X-Spam-Status: No, score=-1.167 tagged_above=-999 required=5 tests=[BAYES_50=0.8, IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0xj5RSwq2pv7; Fri, 30 Jan 2015 16:04:10 -0800 (PST)
Received: from colo.trepanning.net (colo.trepanning.net [69.55.226.174]) by ietfa.amsl.com (Postfix) with ESMTP id 774C91A87E1; Fri, 30 Jan 2015 16:04:10 -0800 (PST)
Received: from www.trepanning.net (localhost [127.0.0.1]) by colo.trepanning.net (Postfix) with ESMTP id 1A6F310224008; Fri, 30 Jan 2015 16:04:10 -0800 (PST)
Received: from 104.36.248.10 (SquirrelMail authenticated user dharkins@lounge.org) by www.trepanning.net with HTTP; Fri, 30 Jan 2015 16:04:10 -0800 (PST)
Message-ID: <950ad656ed2a0e36e24fd7dc0e2b60b1.squirrel@www.trepanning.net>
Date: Fri, 30 Jan 2015 16:04:10 -0800
From: Dan Harkins <dharkins@lounge.org>
To: iesg@ietf.org, secdir@ietf.org, draft-ietf-tsvwg-port-use.all@tools.ietf.org
User-Agent: SquirrelMail/1.4.14 [SVN]
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/XcQV-s4qvLCs8LPJjR1YFuCJ7sQ>
Subject: [secdir] secdir review of draft-ietf-tsvwg-port-use
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 31 Jan 2015 00:04:12 -0000
Hello, I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This draft provides some advice and recommendations on protocol port use to application and service designers. It has a nice, brief history of port usage and a nice list of guiding principles to help conserve port space. It will make a nice BCP. In my opinion it is Ready For Publication. With that said, I do have a small comment. In section 7.4 the draft says that TLS should be used to protect services that do not provide their own security directly. It might be worth while adding mention of DTLS and IPsec. And if the latter is not something that should be recommended then justification for that stance should be given. regards, Dan.