[secdir] Secdir review of draft-ietf-rmt-sec-discussion-08
"Klaas Wierenga (kwiereng)" <kwiereng@cisco.com> Tue, 18 June 2013 08:57 UTC
Return-Path: <kwiereng@cisco.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AF3C921F9DAC; Tue, 18 Jun 2013 01:57:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.599
X-Spam-Level:
X-Spam-Status: No, score=-10.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rVwVQ1bcjqU2; Tue, 18 Jun 2013 01:57:06 -0700 (PDT)
Received: from rcdn-iport-2.cisco.com (rcdn-iport-2.cisco.com [173.37.86.73]) by ietfa.amsl.com (Postfix) with ESMTP id 0E59221F9D05; Tue, 18 Jun 2013 01:57:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=1786; q=dns/txt; s=iport; t=1371545826; x=1372755426; h=from:to:subject:date:message-id:content-id: content-transfer-encoding:mime-version; bh=wW8JAURf937t+ChtUO9vn2up/re+egX8DMTwmzU5tRg=; b=B4flEaaikW+PRimNWmu7/K8oJzkgTcPoAiYHWYTkmZPr54NSObiFSxC4 6zvsLnWfpV4KDqytCZBE5cc2JYYp/+w0DqZpVLwtL3IJlef0BBds21lnc bcZOu7eykyQnxovGTJsamV9I3L6mf8ROagxDjkD1qlEto/H7580MdjzGL o=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AjMFAIYfwFGtJXG//2dsb2JhbABZgwl6vwh+FnSCJQEEOlEBKhRCJwQBGgyHerpSjg2BB4M3YQOpBIMPgWhA
X-IronPort-AV: E=Sophos;i="4.87,887,1363132800"; d="scan'208";a="224113514"
Received: from rcdn-core2-4.cisco.com ([173.37.113.191]) by rcdn-iport-2.cisco.com with ESMTP; 18 Jun 2013 08:57:05 +0000
Received: from xhc-rcd-x12.cisco.com (xhc-rcd-x12.cisco.com [173.37.183.86]) by rcdn-core2-4.cisco.com (8.14.5/8.14.5) with ESMTP id r5I8v53i010239 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Tue, 18 Jun 2013 08:57:05 GMT
Received: from xmb-aln-x12.cisco.com ([169.254.7.172]) by xhc-rcd-x12.cisco.com ([173.37.183.86]) with mapi id 14.02.0318.004; Tue, 18 Jun 2013 03:57:05 -0500
From: "Klaas Wierenga (kwiereng)" <kwiereng@cisco.com>
To: "draft-ietf-rmt-sec-discussion.all@tools.ietf.org" <draft-ietf-rmt-sec-discussion.all@tools.ietf.org>, The IESG <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
Thread-Topic: Secdir review of draft-ietf-rmt-sec-discussion-08
Thread-Index: AQHObAHOl4S6lR2FLUaMd9vNT8HF9w==
Date: Tue, 18 Jun 2013 08:57:05 +0000
Message-ID: <7E1636E02F313F4BA69A428B314B77C708BD6892@xmb-aln-x12.cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.61.109.84]
Content-Type: text/plain; charset="us-ascii"
Content-ID: <DB8E29A07EE8754B9AACA3295A91A824@emea.cisco.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: [secdir] Secdir review of draft-ietf-rmt-sec-discussion-08
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Jun 2013 08:57:11 -0000
Hi, I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This document describes general security considerations for Reliable Multicast Transport (RMT) building blocks and protocols. However the discussion is not limited to RMT per se but is rather a discussion in general about security issues that may influence the overall security of RMT. I have one major issue with this draft, I interpret the discussion sort of as a lengthy security considerations section for RMT. And while I applaud the effort that has gone into producing this draft I don't understand why you have not looked at RFC3552 (guidelines for writing security considerations) and take that as the starting point of your discussion. It appears to me that that would have been a more rigorous approach (for example, it is unclear to me why you have a discussion about IPSec, but not about TLS, to name an example). It would also have meant that you could reuse much of the text there or simply refer to it. We now end up with 2 documents that write about the same sort of issues but in different wording and in the case of this draft, far less scrutiny from the security community. In the current incantation I don't support forwarding the document, either it will have to be more rigorous (but still with the concern about doubling the work) or should refer to RFC3552 and just discuss the RMT specific issues and implementation choices. Hope this helps, Klaas
- [secdir] Secdir review of draft-ietf-rmt-sec-disc… Klaas Wierenga (kwiereng)