IETF Logo Mail Archive

Re: [secdir] secdir review of draft-ietf-tsvwg-admitted-realtime-dscp-05

Fred Baker <fred@cisco.com> Sat, 22 November 2008 23:34 UTC

Return-Path: <secdir-bounces@ietf.org>
X-Original-To: secdir-archive@ietf.org
Delivered-To: ietfarch-secdir-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4FC513A6B03; Sat, 22 Nov 2008 15:34:37 -0800 (PST)
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 8C3003A6B03 for <secdir@core3.amsl.com>; Sat, 22 Nov 2008 15:34:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.476
X-Spam-Level:
X-Spam-Status: No, score=-106.476 tagged_above=-999 required=5 tests=[AWL=0.123, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3eJbirS12aVt for <secdir@core3.amsl.com>; Sat, 22 Nov 2008 15:34:35 -0800 (PST)
Received: from sj-iport-6.cisco.com (sj-iport-6.cisco.com [171.71.176.117]) by core3.amsl.com (Postfix) with ESMTP id D7E033A6807 for <secdir@ietf.org>; Sat, 22 Nov 2008 15:34:35 -0800 (PST)
X-IronPort-AV: E=Sophos;i="4.33,651,1220227200"; d="scan'208";a="199826686"
Received: from sj-dkim-1.cisco.com ([171.71.179.21]) by sj-iport-6.cisco.com with ESMTP; 22 Nov 2008 23:34:34 +0000
Received: from sj-core-5.cisco.com (sj-core-5.cisco.com [171.71.177.238]) by sj-dkim-1.cisco.com (8.12.11/8.12.11) with ESMTP id mAMNYYWj031907; Sat, 22 Nov 2008 15:34:34 -0800
Received: from xbh-sjc-211.amer.cisco.com (xbh-sjc-211.cisco.com [171.70.151.144]) by sj-core-5.cisco.com (8.13.8/8.13.8) with ESMTP id mAMNYTXU023034; Sat, 22 Nov 2008 23:34:34 GMT
Received: from xfe-sjc-212.amer.cisco.com ([171.70.151.187]) by xbh-sjc-211.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Sat, 22 Nov 2008 15:34:32 -0800
Received: from [172.28.172.194] ([10.21.89.76]) by xfe-sjc-212.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Sat, 22 Nov 2008 15:34:31 -0800
Message-Id: <D1920614-5B00-444E-9F75-70031D0706BB@cisco.com>
From: Fred Baker <fred@cisco.com>
To: Alexey Melnikov <alexey.melnikov@isode.com>
In-Reply-To: <49279C4F.10909@isode.com>
Mime-Version: 1.0 (Apple Message framework v929.2)
Date: Sat, 22 Nov 2008 17:34:30 -0600
References: <49279C4F.10909@isode.com>
X-Mailer: Apple Mail (2.929.2)
X-OriginalArrivalTime: 22 Nov 2008 23:34:31.0603 (UTC) FILETIME=[DE8C2030:01C94CFA]
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; l=1190; t=1227396874; x=1228260874; c=relaxed/simple; s=sjdkim1004; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=fred@cisco.com; z=From:=20Fred=20Baker=20<fred@cisco.com> |Subject:=20Re=3A=20secdir=20review=20of=20draft-ietf-tsvwg -admitted-realtime-dscp-05 |Sender:=20; bh=qnVadOlrBxxQJx2Hi8YNejGKebaCRyLMgNzkbVQDLtM=; b=auFvpVb0KExU+mLAAeoyFyFeGmhEuYrpVI/PujDMs7gkYkjeBTcLRxSVPq X8cz/T6WtlB5FhfErEH+fqTx1ZFujgJ8P3RTxUnbXjjPUTB9muM+YJaQhdNP 0HSttOWU3BGcXYy6tPXDrHWrUpIwuPTDQYOEEIupR44d8kmrVzU7g=;
Authentication-Results: sj-dkim-1; header.From=fred@cisco.com; dkim=pass ( sig from cisco.com/sjdkim1004 verified; );
Cc: draft-ietf-tsvwg-admitted-realtime-dscp@tools.ietf.org, tsvwg-chairs@tools.ietf.org, iesg@iesg.org, "secdir@ietf.org" <secdir@ietf.org>
Subject: Re: [secdir] secdir review of draft-ietf-tsvwg-admitted-realtime-dscp-05
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"; DelSp="yes"
Sender: secdir-bounces@ietf.org
Errors-To: secdir-bounces@ietf.org

On Nov 21, 2008, at 11:44 PM, Alexey Melnikov wrote:

> I found the Security Consideration section to be insufficiently  
> detailed
> about threats. While the list of threats seems to be adequate,
> it would be useful to have some pointers to documents describing  
> possible
> remedies (for example how to achieve adequately strong proof of  
> identity),
> or a clear statement that the protocol doesn't provide such facility.

Would a reference to 4542 be sufficient?

My sense is that the threat model on a AAA service is likely to be  
documented in something related to AAA services, and frankly you are  
more likely to have a pointer to the document than I. Similarly, the  
threat model regarding people getting capacity allocated to them that  
shouldn't have been seems implicit in RFC 1633, the documentation of  
RSVP, and the documentation of NSIS - protocols designed explicitly to  
prevent that from happening. There is of course a threat model for  
implementing such a protocol as well, which is mentioned in RFC 4230.

if I'm missing something and you want more, some idea of what kind of  
threat model you are looking for would be helpful.
_______________________________________________
secdir mailing list
secdir@ietf.org
https://www.ietf.org/mailman/listinfo/secdir

v2.23.0 | Report a Bug | By Email