[secdir] Review of draft-ietf-ltans-xmlers-08

Shawn Emery <shawn.emery@oracle.com> Mon, 10 January 2011 07:35 UTC

Return-Path: <shawn.emery@oracle.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost []) by core3.amsl.com (Postfix) with ESMTP id EFE9F3A6A7D; Sun, 9 Jan 2011 23:35:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.56
X-Spam-Status: No, score=-6.56 tagged_above=-999 required=5 tests=[AWL=0.039, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([]) by localhost (core3.amsl.com []) (amavisd-new, port 10024) with ESMTP id 8b0h1TZa1WoW; Sun, 9 Jan 2011 23:35:58 -0800 (PST)
Received: from rcsinet10.oracle.com (rcsinet10.oracle.com []) by core3.amsl.com (Postfix) with ESMTP id 22D443A6A79; Sun, 9 Jan 2011 23:35:58 -0800 (PST)
Received: from acsinet15.oracle.com (acsinet15.oracle.com []) by rcsinet10.oracle.com (Switch-3.4.2/Switch-3.4.2) with ESMTP id p0A7c80o005714 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Mon, 10 Jan 2011 07:38:10 GMT
Received: from acsmt355.oracle.com (acsmt355.oracle.com []) by acsinet15.oracle.com (Switch-3.4.2/Switch-3.4.1) with ESMTP id p0A7DrhY009926; Mon, 10 Jan 2011 07:38:08 GMT
Received: from abhmt018.oracle.com by acsmt355.oracle.com with ESMTP id 911789261294645087; Sun, 09 Jan 2011 23:38:07 -0800
Received: from [] (/ by default (Oracle Beehive Gateway v4.0) with ESMTP ; Sun, 09 Jan 2011 23:38:06 -0800
Message-ID: <4D2AB75B.3070001@oracle.com>
Date: Mon, 10 Jan 2011 00:38:03 -0700
From: Shawn Emery <shawn.emery@oracle.com>
User-Agent: Mozilla/5.0 (X11; U; SunOS i86pc; en-US; rv: Gecko/20101220 Lightning/1.0b2 Thunderbird/3.1.7
MIME-Version: 1.0
To: secdir@ietf.org
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: draft-ietf-ltans-xmlers.all@tools.ietf.org, iesg@ietf.org
Subject: [secdir] Review of draft-ietf-ltans-xmlers-08
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Jan 2011 07:35:59 -0000

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG. These comments were written primarily for the benefit of the
security area directors. Document editors and WG chairs should treat
these comments just like any other last call comments.

This draft outlines XML schema and rules for Evidence Record Syntax (ERS).

The security considerations section does exist and states that tracking 
security suitability of cryptographic algorithms is out of scope for 
this document.  It goes on to say that different Evidence Records should 
be generated for the same data object in case a particular algorithm 
becomes weak or an attack is discovered.  On secure time stamps; the 
draft gives guidance on the strength of the algorithm to use between 
normal, archival, and renewal purposes.  I agree with the above points 
and do not find other issues in the draft.

General comments:


Editorial comments: