[secdir] Sec-Dir Review: draft-mm-netconf-time-capability-05.tx

Olafur Gudmundsson <ogud@ogud.com> Wed, 29 July 2015 21:16 UTC

Return-Path: <ogud@ogud.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com []) by ietfa.amsl.com (Postfix) with ESMTP id D0DB21B2BE9 for <secdir@ietfa.amsl.com>; Wed, 29 Jul 2015 14:16:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.001
X-Spam-Status: No, score=-0.001 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=unavailable
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id XUVnfSLaEkgH for <secdir@ietfa.amsl.com>; Wed, 29 Jul 2015 14:16:00 -0700 (PDT)
Received: from smtp82.iad3a.emailsrvr.com (smtp82.iad3a.emailsrvr.com []) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BB5831B2C16 for <secdir@ietf.org>; Wed, 29 Jul 2015 14:15:54 -0700 (PDT)
Received: from smtp27.relay.iad3a.emailsrvr.com (localhost.localdomain []) by smtp27.relay.iad3a.emailsrvr.com (SMTP Server) with ESMTP id E6794180163; Wed, 29 Jul 2015 17:15:53 -0400 (EDT)
Received: by smtp27.relay.iad3a.emailsrvr.com (Authenticated sender: ogud-AT-ogud.com) with ESMTPSA id EBBC718030F; Wed, 29 Jul 2015 17:15:51 -0400 (EDT)
X-Sender-Id: ogud@ogud.com
Received: from [] (pool-173-66-187-177.washdc.fios.verizon.net []) (using TLSv1 with cipher DHE-RSA-AES256-SHA) by (trex/5.4.2); Wed, 29 Jul 2015 21:15:53 GMT
From: Olafur Gudmundsson <ogud@ogud.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_08155B96-9374-4C8C-B080-406CA3DF0941"
Date: Wed, 29 Jul 2015 17:15:51 -0400
Message-Id: <B1C78188-0906-48BC-8E94-52B42442CABF@ogud.com>
To: ietf <ietf@ietf.org>, netconf@ietf.org, draft-mm-netconf-time-capability.all@ietf.org
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2102\))
X-Mailer: Apple Mail (2.2102)
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/XfyK639vbSQp4K7zIWnIczCfPkM>
Cc: secdir@ietf.org
Subject: [secdir] Sec-Dir Review: draft-mm-netconf-time-capability-05.tx
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Jul 2015 21:16:01 -0000

I have reviewed this document as part of the security directorate's 
ongoing effort to review all IETF documents being processed by the 
IESG.  These comments were written primarily for the benefit of the 
security area directors.  Document editors and WG chairs should treat 
these comments just like any other last call comments.

This document is ready for publication
The document is well written.

The security considerations are clear and accurate. I would like highlight one omission though.  
This capability allows an attacker once it has gained access to schedule events in the future even 
though attackers access has been detected and revoked.