[secdir] SECDIR Review of http://tools.ietf.org/html/draft-krishnan-nomcom-tools-01

Phillip Hallam-Baker <hallam@gmail.com> Wed, 27 June 2012 14:20 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CCC1021F8778 for <secdir@ietfa.amsl.com>; Wed, 27 Jun 2012 07:20:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level:
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Miruj+vrni-O for <secdir@ietfa.amsl.com>; Wed, 27 Jun 2012 07:20:28 -0700 (PDT)
Received: from mail-gh0-f172.google.com (mail-gh0-f172.google.com [209.85.160.172]) by ietfa.amsl.com (Postfix) with ESMTP id DFCE321F8795 for <secdir@ietf.org>; Wed, 27 Jun 2012 07:20:27 -0700 (PDT)
Received: by ghbg16 with SMTP id g16so1054260ghb.31 for <secdir@ietf.org>; Wed, 27 Jun 2012 07:20:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=yAWVoeQi8GRIq09q/gBmKpWwmR6HU2O+6Idx4uTDC8k=; b=pnrF9lICr7ZMcSSv5d7NtfNfZGf/nvHe71h24CMSMZD68IrINWOfNxMKP/pY/t2mwe uyLSYDOFzg8R3bBj+N+8PTFQKLFIBXMkv0v4ucS+0PA+x99NA3s3y/MbHRLyTBNVWHi5 NDGRNW9ETFQjRJugY4DvzNO7IhdyUALLtn5ikw/k3E9d+zGZFxD/zDA1VsgS6PjOsbiC O2pmouEVx+B8rZMZ2GNpTj4cGtm9oF8jjZxmG4fqL41iADfiOBm/RwHTe3YKD+c/2PH4 gjDgMxu29WwTGnxBJQ0pH4NzwfIOB2xT7pzMwlhmY3rOWrKsbS84mQI6iw8eQPkGmh3h e3ng==
MIME-Version: 1.0
Received: by 10.60.154.232 with SMTP id vr8mr3319576oeb.30.1340806827432; Wed, 27 Jun 2012 07:20:27 -0700 (PDT)
Received: by 10.182.64.166 with HTTP; Wed, 27 Jun 2012 07:20:27 -0700 (PDT)
Date: Wed, 27 Jun 2012 10:20:27 -0400
Message-ID: <CAMm+Lwi7W9CoNinCF+4jjygEHsph_nBmBfnbxiYR3yqZOQKFiA@mail.gmail.com>
From: Phillip Hallam-Baker <hallam@gmail.com>
To: suresh.krishnan@ericsson.com, joel.halpern@ericsson.com, secdir@ietf.org, Russ Housley <housley@vigilsec.com>
Content-Type: text/plain; charset=ISO-8859-1
Subject: [secdir] SECDIR Review of http://tools.ietf.org/html/draft-krishnan-nomcom-tools-01
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Jun 2012 14:20:29 -0000

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors. Document editors and WG chairs should treat
these comments just like any other last call comments.


Surprisingly for a non protocol draft, this one actually is almost
completely security requirements. Unfortunately I find it rather hard
to tell if the security architecture meets the security goals because
they are not separated from each other.

I think the document should have a section stating the security goals
or reference another document that states them. Presumably these are
all derived from the Nomcom RFC.


The document specifies creation of a public key but not the algorithm
or strength. Given that this is an RFP, I think it would be
appropriate to completely and uniquely specify the cipher suite to be
supported.



-- 
Website: http://hallambaker.com/