Re: [secdir] Secdir last call review of draft-ietf-i2nsf-capability-data-model-16
"Mr. Jaehoon Paul Jeong" <jaehoon.paul@gmail.com> Sat, 14 August 2021 07:43 UTC
Return-Path: <jaehoon.paul@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6ED6E3A0EEE; Sat, 14 Aug 2021 00:43:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.545
X-Spam-Level:
X-Spam-Status: No, score=-1.545 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HK_NAME_FM_MR_MRS=0.542, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_FREEMAIL_DOC_PDF=0.01, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fE4bl3ihZ1YP; Sat, 14 Aug 2021 00:43:26 -0700 (PDT)
Received: from mail-lf1-x12a.google.com (mail-lf1-x12a.google.com [IPv6:2a00:1450:4864:20::12a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 07E883A0EED; Sat, 14 Aug 2021 00:43:20 -0700 (PDT)
Received: by mail-lf1-x12a.google.com with SMTP id y34so24375967lfa.8; Sat, 14 Aug 2021 00:43:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=OJUcNE8vBZqFE+06NROiYZuaESHcugQvx2nDO4TBh14=; b=SEIIc+JD/UF7oGZJAS262IpbYYXNwOMDhn8Z1toqgkuirruJK6MKQnJfwGsXF7rvuk 00jafEvNmArT6eORmgzeRY5AI67ZCTL8evXOnZlSDIhresvFOCppCO/6ZXa3+eci7JnF z2LNMVdHEmmZ3IZutyVsf/hXZ+pnkf/oTC4rTF7nQdkQYKbw6B3FoLNpsO1KYbwQjmty U6LfQX34GIa6ZgNNjpARyRE74FEzQ0uhoUKiClyvn4SnajnNUsGUOwfTzbhlOLcRyH6g 5fuE3cHZP4zmfrRPGnY+Q7E5y0NxiIWyN83queIZpcaqsZccmm715jQPiee2YfFFVN3u +Waw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=OJUcNE8vBZqFE+06NROiYZuaESHcugQvx2nDO4TBh14=; b=jRcdNZiKG8ub48WZK02nCHCHyoch6aPvUWiJ7uROcB1dkmlkO+xoKWgrsM63h7Mg9W TtmOXXXK3tRNflpdh/0Np9Y5WXDCXFEuoCuEGxcEfLqyTtmN16cYHLMTAtERYaC3494N cszOZXOWtDPjWHBi/b5n7UIHJN6C8+RQTZw+26N53VTAUXEQoDWvo839yIOXNWjOJTgM uXpdqEmzhT1YTMSejiwXX8hEsBHWImlvPiMZ/Eea4/yNqyfPMClKI9LdUmcDeNlpByuC xIt0hVwO7mQxI93llpwhNU+pRGlxBm2OLIYWPRMjMSR369PqlY6hA2x7afNjG0dwAy3K gQXw==
X-Gm-Message-State: AOAM531MaKnXM10+JOsjxZlPO03Z58DOjcS22IOuRVGpBjtf4d0PNAgg 0l/r4qk/cccbs1vNJNDT7+TLcMvL1KAs6lCdj/F3aZSJFlsgHA==
X-Google-Smtp-Source: ABdhPJyd9r6Q3KjLPOGfSsbx6fLOEL8XD1PEb6LpuCjLTrqpqp4H3FSb9IrAUqbaSJkJPsCid1L1eKLFxShxcPJrb4k=
X-Received: by 2002:ac2:4947:: with SMTP id o7mr4285611lfi.601.1628926996764; Sat, 14 Aug 2021 00:43:16 -0700 (PDT)
MIME-Version: 1.0
References: <162136896309.19274.13384213577960243417@ietfa.amsl.com>
In-Reply-To: <162136896309.19274.13384213577960243417@ietfa.amsl.com>
From: "Mr. Jaehoon Paul Jeong" <jaehoon.paul@gmail.com>
Date: Sat, 14 Aug 2021 16:42:39 +0900
Message-ID: <CAPK2DewwZwyQ6ALP6RSW0-ZyLmhDVvvB+gSjH7kzsiguqaGGBQ@mail.gmail.com>
To: Paul Wouters <paul@nohats.ca>
Cc: secdir@ietf.org, "i2nsf@ietf.org" <i2nsf@ietf.org>, Last Call <last-call@ietf.org>, Roman Danyliw <rdd@cert.org>, skku-iotlab-members <skku-iotlab-members@googlegroups.com>, "Mr. Jaehoon Paul Jeong" <jaehoon.paul@gmail.com>
Content-Type: multipart/mixed; boundary="00000000000001fa3605c9801f23"
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/b2kGQRxvFpThNc7-n1RTUofLw2o>
Subject: Re: [secdir] Secdir last call review of draft-ietf-i2nsf-capability-data-model-16
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 14 Aug 2021 07:43:32 -0000
Hi Paul, Here are the revision letter and revised draft reflecting your comments. https://datatracker.ietf.org/doc/html/draft-ietf-i2nsf-capability-data-model-17 You can find my responses to your comments from page 36 in the revision letter. Patrick and I worked together for this revision. Please let me know whether this version satisfies your comments or not. Thanks. Best Regards, Paul Jeong On Wed, May 19, 2021 at 5:16 AM Paul Wouters via Datatracker < noreply@ietf.org> wrote: > Reviewer: Paul Wouters > Review result: Has Nits > > I have reviewed this document as part of the security directorate's > ongoing > effort to review all IETF documents being processed by the IESG. These > comments were written primarily for the benefit of the security area > directors. > Document editors and WG chairs should treat these comments just like any > other > last call comments. > > The summary of the review Has Nits > > The issues that Michael Scharf raised regarding TOS have been addressed. > Thank > you. I have no items that are serious issues, just some comments that you > may > take into consideration for a minor update. > > Nits: > > The privacy section talks about a trade-off between privacy and security. > But I > do not understand what trade-off is meant. The document does not seem to > make > any trade-off. It just defines capabilities that can be used, some of which > might process private material. But the trade-offs of that are really at > the > protocol level (like they did use TLS or IPsec or why not). I dont think > describing technical capabilities is a trade-off of security vs privacy. > Perhaps the section could talk about the discovery and/or usage of > capabilities > and that those capabilities handling private information should attempt to > report their usage/findings/events underst conditions that preserve the > privacy > (eg require TLS or IPsec between SG and NSF ?) > > The Security section talks about layers that "can use" SSH or TLS for > security. > I'm not sure why it does not say SHOULD or MUST ? I would rewrite "need to > be > tightly secured and monitored" to "MUST be tightly secured, monitored and > audited". > > Section 3.1 states: > > These capabilities MAY have their access control restricted by a > policy; > > In light of the other recommendations in the Security Section, I think > this MAY > should really be a SHOULD or even MUST. Alternatively, perhaps say "Some of > these capabilities SHOULD" ? > > > > > > >
- [secdir] Secdir last call review of draft-ietf-i2… Paul Wouters via Datatracker
- Re: [secdir] Secdir last call review of draft-iet… Mr. Jaehoon Paul Jeong
- Re: [secdir] Secdir last call review of draft-iet… Mr. Jaehoon Paul Jeong
- Re: [secdir] Secdir last call review of draft-iet… Paul Wouters