[secdir] secdir review of draft-ietf-tsvwg-port-use

"Dan Harkins" <dharkins@lounge.org> Sat, 31 January 2015 00:04 UTC

Return-Path: <dharkins@lounge.org>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CC99C1A87E0; Fri, 30 Jan 2015 16:04:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.167
X-Spam-Level:
X-Spam-Status: No, score=-1.167 tagged_above=-999 required=5 tests=[BAYES_50=0.8, IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0xj5RSwq2pv7; Fri, 30 Jan 2015 16:04:10 -0800 (PST)
Received: from colo.trepanning.net (colo.trepanning.net [69.55.226.174]) by ietfa.amsl.com (Postfix) with ESMTP id 774C91A87E1; Fri, 30 Jan 2015 16:04:10 -0800 (PST)
Received: from www.trepanning.net (localhost [127.0.0.1]) by colo.trepanning.net (Postfix) with ESMTP id 1A6F310224008; Fri, 30 Jan 2015 16:04:10 -0800 (PST)
Received: from 104.36.248.10 (SquirrelMail authenticated user dharkins@lounge.org) by www.trepanning.net with HTTP; Fri, 30 Jan 2015 16:04:10 -0800 (PST)
Message-ID: <950ad656ed2a0e36e24fd7dc0e2b60b1.squirrel@www.trepanning.net>
Date: Fri, 30 Jan 2015 16:04:10 -0800 (PST)
From: "Dan Harkins" <dharkins@lounge.org>
To: iesg@ietf.org, secdir@ietf.org, draft-ietf-tsvwg-port-use.all@tools.ietf.org
User-Agent: SquirrelMail/1.4.14 [SVN]
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/XcQV-s4qvLCs8LPJjR1YFuCJ7sQ>
Subject: [secdir] secdir review of draft-ietf-tsvwg-port-use
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 31 Jan 2015 00:04:12 -0000

  Hello,

  I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

  This draft provides some advice and recommendations on protocol
port use to application and service designers. It has a nice, brief
history of port usage and a nice list of guiding principles to help
conserve port space. It will make a nice BCP. In my opinion it is Ready
For Publication. With that said, I do have a small comment. In section
7.4 the draft says that TLS should be used to protect services that do
not provide their own security directly. It might be worth while adding
mention of DTLS and IPsec. And if the latter is not something that
should be recommended then justification for that stance should be
given.

  regards,

  Dan.