[secdir] secdir review of draft-hoffman-tao-as-web-page-03

Tom Yu <tlyu@MIT.EDU> Fri, 13 July 2012 03:34 UTC

Return-Path: <tlyu@mit.edu>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id EAC4E11E80E5; Thu, 12 Jul 2012 20:34:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -104.216
X-Spam-Status: No, score=-104.216 tagged_above=-999 required=5 tests=[AWL=-0.617, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id oaYi2UOnkeWZ; Thu, 12 Jul 2012 20:34:32 -0700 (PDT)
Received: from dmz-mailsec-scanner-4.mit.edu (DMZ-MAILSEC-SCANNER-4.MIT.EDU []) by ietfa.amsl.com (Postfix) with ESMTP id A06D111E80B6; Thu, 12 Jul 2012 20:34:31 -0700 (PDT)
X-AuditID: 1209190f-b7f306d0000008b4-2e-4fff9764d71a
Received: from mailhub-auth-4.mit.edu ( []) by dmz-mailsec-scanner-4.mit.edu (Symantec Messaging Gateway) with SMTP id 92.95.02228.4679FFF4; Thu, 12 Jul 2012 23:35:00 -0400 (EDT)
Received: from outgoing.mit.edu (OUTGOING-AUTH.MIT.EDU []) by mailhub-auth-4.mit.edu (8.13.8/8.9.2) with ESMTP id q6D3Z06t004333; Thu, 12 Jul 2012 23:35:00 -0400
Received: from cathode-dark-space.mit.edu (CATHODE-DARK-SPACE.MIT.EDU []) (authenticated bits=56) (User authenticated as tlyu@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.6/8.12.4) with ESMTP id q6D3Yv2I008098 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Thu, 12 Jul 2012 23:34:58 -0400 (EDT)
Received: (from tlyu@localhost) by cathode-dark-space.mit.edu ( id q6D3Yumu018453; Thu, 12 Jul 2012 23:34:56 -0400 (EDT)
To: secdir@ietf.org, iesg@ietf.org, draft-hoffman-tao-as-web-page.all@tools.ietf.org
From: Tom Yu <tlyu@MIT.EDU>
Date: Thu, 12 Jul 2012 23:34:56 -0400
Message-ID: <ldvipdspc4f.fsf@cathode-dark-space.mit.edu>
Lines: 30
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFrrJIsWRmVeSWpSXmKPExsUixG6nrpsy/b+/wct5uhYn/n9ns5jxZyKz xYeFD1kcmD2WLPnJ5PHl8me2AKYoLpuU1JzMstQifbsErozud0oF83grVn2bwdzA+ISri5GT Q0LAROLa5jlMELaYxIV769m6GLk4hAT2MUr09XSxQDgbGCUubLrODOFcYZJ4+mM6I4TTxSgx 5dFidpB+EYFYiU33boDNEhawkni4eh1QnIODTUBa4ujiMpAwi4CqxMeLm1hBbF4BC4kH2y+z gdg8ApwSj85eZoKIC0qcnPmEBcRmFtCSuPHvJdMERr5ZSFKzkKQWMDKtYpRNya3SzU3MzClO TdYtTk7My0st0jXRy80s0UtNKd3ECAo1Tkn+HYzfDiodYhTgYFTi4f0d+99fiDWxrLgy9xCj JAeTkijvyslAIb6k/JTKjMTijPii0pzU4kOMEhzMSiK8CtOAcrwpiZVVqUX5MClpDhYlcd6r KTf9hQTSE0tSs1NTC1KLYLIyHBxKEry7QBoFi1LTUyvSMnNKENJMHJwgw3mAhq8BG15ckJhb nJkOkT/FqMtx7eGtW4xCLHn5ealS4ry1IEUCIEUZpXlwc2Ap4hWjONBbwhCjeIDpBW7SK6Al TEBLZv38B7KkJBEhJdXA6Pk54ZXeunMyQSU+D7cfXr38BO/ywBvKxWrHLtoqCbkddr+sy9dd 8Of9DftQZbv9Ss+KTz7Q+bz+3VOm53N/iL3W6rZQWVAX6r4op3CRne3Xdsa+N7V73KZGzlw6 K1W1+sS5uAU8scpet9P4vNecWlbMU1NjsbLxsLvm1JcBpUsurBHccMSxQImlOCPRUIu5qDgR AIiC3rzsAgAA
Subject: [secdir] secdir review of draft-hoffman-tao-as-web-page-03
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Jul 2012 03:34:33 -0000

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

The Security Considerations section says

   The Tao is available over TLS at <https://www.ietf.org/tao.html>.

This statement seems to imply that protecting the integrity of the Tao
while transmitting it to a reader is important.  The public nature of
the Tao implies that the confidentiality of this channel is also not a
significant concern.  It seems odd to make a statement about the
integrity of the channel between the reader and the www.ietf.org web
server, while saying nothing about the channel that the Tao editor
uses.  It is likely that an attack on the integrity of the editing
channel will have a far greater impact than an attack on the integrity
of the reading channel.

On the other hand, malicious manipulation of the Tao will probably at
worst mislead newcomers about the workings of the IETF, because the
formal process specifications for the IETF are BCP RFCs.
Additionally, if the editor of the Tao can only edit a proposed text,
rather than the officially published version, the IESG can presumably
discover any malicious alterations of the proposed text prior to
approving it.  It seems reasonable to assume that any process that the
IETF Secretariat uses to publish the proposed text after its IESG
approval is no less secure than the processes for publishing other
official information on the IETF web site.