[secdir] Secdir review of draft-dukhovni-opportunistic-security-01

"Takeshi Takahashi" <takeshi_takahashi@nict.go.jp> Fri, 18 July 2014 10:33 UTC

Return-Path: <takeshi_takahashi@nict.go.jp>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com []) by ietfa.amsl.com (Postfix) with ESMTP id D094F1A01E5; Fri, 18 Jul 2014 03:33:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 3.907
X-Spam-Level: ***
X-Spam-Status: No, score=3.907 tagged_above=-999 required=5 tests=[BAYES_50=0.8, HELO_EQ_JP=1.244, HOST_EQ_JP=1.265, J_CHICKENPOX_62=0.6, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id J-wrdpiwl4zf; Fri, 18 Jul 2014 03:33:23 -0700 (PDT)
Received: from ns1.nict.go.jp (ns1.nict.go.jp [IPv6:2001:df0:232:300::1]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 40B531A015B; Fri, 18 Jul 2014 03:33:23 -0700 (PDT)
Received: from gw1.nict.go.jp (gw1 []) by ns1.nict.go.jp with ESMTP id s6IAXLMZ020845; Fri, 18 Jul 2014 19:33:21 +0900 (JST)
Received: from mail2.nict.go.jp (mail.nict.go.jp []) by gw1.nict.go.jp with ESMTP id s6IAXLe2003724; Fri, 18 Jul 2014 19:33:21 +0900 (JST)
Received: from mail2.nict.go.jp (localhost []) by mail2.nict.go.jp (NICT Mail) with ESMTP id 670D92C9A1; Fri, 18 Jul 2014 19:33:21 +0900 (JST)
Received: from VAIO (unknown []) by mail2.nict.go.jp (NICT Mail) with ESMTP id 610E52C902; Fri, 18 Jul 2014 19:33:21 +0900 (JST)
From: Takeshi Takahashi <takeshi_takahashi@nict.go.jp>
To: iesg@ietf.org, secdir@ietf.org, draft-dukhovni-opportunistic-security@tools.ietf.org
Date: Fri, 18 Jul 2014 19:33:22 +0900
Message-ID: <004101cfa273$b2c9c4a0$185d4de0$@nict.go.jp>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 14.0
Thread-Index: Ac+iaeTkN6eXeOd8TQarQkZUIC9lqg==
Content-Language: ja
X-Virus-Scanned: clamav-milter 0.97.8 at zenith1
X-Virus-Status: Clean
Archived-At: http://mailarchive.ietf.org/arch/msg/secdir/YX8qwQC3q1yrhYn4CvoOvj-a8w4
Subject: [secdir] Secdir review of draft-dukhovni-opportunistic-security-01
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Jul 2014 10:33:25 -0000


I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG.  These
comments were written primarily for the benefit of the security area
directors.  Document editors and WG chairs should treat these comments just
like any other last call comments.

This document defines the term "opportunistic security" and describes its
design philosophy.
The document begins with describing the difficulties to realize perfect
security and talks about the benefit of having opportunistic security.
The term "opportunistic security" is roughly defined at the end of section
1, and section 2 describes the design principles that realize the
opportunistic security.
Finally, the 2nd last paragraph of the section 2 clearly defines the term
"opportunistic security"

It is an interesting document, and I think it is ready.
Considering the intensive discussions in these months(on the saag mailing
list) and the nature of the document (informational), I see no reason to
block the document moving forward.

Below are minor comments.

In addition to defining the term "opportunistic security", this document
also describes the design philosophy of opportunistic security (in section
The abstract could be changed so that it can say this document also talks
about the design philosophy.

It is really just a comment.
When I was reading this document for the first time, I was feeling a bit
uneasy; I was expecting to see the clear definition of the term first, then
to see the design philosophy, but this document describes the design
philosophy of the opportunistic security before having clear definition of
the term(2nd last paragraph of section 2, starting with "In summary").
Having said that, the current structure is also fine, since this document is
short and concise.
Moreover, readers can have clear picture of the opportunistic security in
mind by the time they reach the sentences defining the term.

The security consideration is fairly short, but I think it is ok.
All it says is that opportunistic security is not the maximal security, but
it is much secure than no security. That explanation is fine for me.

Kind regards,