[secdir] 答复: [dnssd] Secdir telechat review of draft-ietf-dnssd-push-19
"Xialiang (Frank, Network Standard & Patent Dept)" <frank.xialiang@huawei.com> Mon, 24 June 2019 07:55 UTC
Return-Path: <frank.xialiang@huawei.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 314721200EB; Mon, 24 Jun 2019 00:55:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NKNGkm7G0tzL; Mon, 24 Jun 2019 00:55:04 -0700 (PDT)
Received: from huawei.com (lhrrgout.huawei.com [185.176.76.210]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1C2B5120088; Mon, 24 Jun 2019 00:55:04 -0700 (PDT)
Received: from lhreml704-cah.china.huawei.com (unknown [172.18.7.106]) by Forcepoint Email with ESMTP id C4498432CF4F5A995E43; Mon, 24 Jun 2019 08:55:01 +0100 (IST)
Received: from DGGEMM401-HUB.china.huawei.com (10.3.20.209) by lhreml704-cah.china.huawei.com (10.201.108.45) with Microsoft SMTP Server (TLS) id 14.3.408.0; Mon, 24 Jun 2019 08:55:01 +0100
Received: from DGGEMM511-MBX.china.huawei.com ([169.254.1.140]) by DGGEMM401-HUB.china.huawei.com ([10.3.20.209]) with mapi id 14.03.0439.000; Mon, 24 Jun 2019 15:53:58 +0800
From: "Xialiang (Frank, Network Standard & Patent Dept)" <frank.xialiang@huawei.com>
To: Tom Pusateri <pusateri@bangj.com>
CC: "draft-ietf-dnssd-push.all@ietf.org" <draft-ietf-dnssd-push.all@ietf.org>, "dnssd@ietf.org" <dnssd@ietf.org>, IETF <ietf@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
Thread-Topic: [dnssd] Secdir telechat review of draft-ietf-dnssd-push-19
Thread-Index: AQHVDMmJ76Sy5YjtmUawwK/ZaNP/bKaclEoAgA4VfBA=
Date: Mon, 24 Jun 2019 07:53:58 +0000
Message-ID: <C02846B1344F344EB4FAA6FA7AF481F13E7AFE9C@dggemm511-mbx.china.huawei.com>
References: <155807923913.14794.15819590021470228961@ietfa.amsl.com> <233D5D9C-F966-4D3D-A06B-841203564C61@bangj.com> <3E95DD9D-9C10-4575-B927-68ECF8E1C41C@bangj.com>
In-Reply-To: <3E95DD9D-9C10-4575-B927-68ECF8E1C41C@bangj.com>
Accept-Language: zh-CN, en-US
Content-Language: zh-CN
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.134.159.76]
Content-Type: text/plain; charset="gb2312"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/b4F7YQYbufXQYYUEiUXjAO9JGtw>
Subject: [secdir] 答复: [dnssd] Secdir telechat review of draft-ietf-dnssd-push-19
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Jun 2019 07:55:06 -0000
Hi Tom, Sorry for responding your response email promptly. I have checked the latest version -20 draft, and thought it have addressed all my security issues. Thanks! B.R. Frank -----邮件原件----- 发件人: Tom Pusateri [mailto:pusateri@bangj.com] 发送时间: 2019年6月16日 0:47 收件人: Xialiang (Frank, Network Standard & Patent Dept) <frank.xialiang@huawei.com> 抄送: draft-ietf-dnssd-push.all@ietf.org; dnssd@ietf.org; IETF <ietf@ietf.org>; secdir@ietf.org 主题: Re: [dnssd] Secdir telechat review of draft-ietf-dnssd-push-19 Does this address your concerns? > On May 17, 2019, at 11:59 AM, Tom Pusateri <pusateri@bangj.com> wrote: > > Will also address TLS comments. > >> 3. In the section of Security Considerations: >> 1) you should also mention that TLS provides the anti-replay protection >> service for DNS Push; I have added a 4th security service in the Security section: Anti-replay protection: TLS provides for the detection of and prevention against messages sent previously over a TLS connection (such as DNS Push Notifications). Prior messages cannot be re- sent at a later time as a form of a man-in-the-middle attack. >> 2) maybe you need to consider the client >> authentication to achieve policy control and detect illegal client; I have added a new paragraph in the Security section: As a consequence of requiring TLS, client certificate authentication and verification may also be enforced by the server for stronger client-server security or end-to-end security. However, recommendations for security in particular deployment scenarios are outside the scope of this document. >> 3) TLS >> WG are specifying the SNI encryption mechanism, will it influence your TLS >> name authentication? SNI encryption has no effect on our use of TLS name authentication. Thanks, Tom
- [secdir] Secdir telechat review of draft-ietf-dns… Liang Xia via Datatracker
- Re: [secdir] [dnssd] Secdir telechat review of dr… Tom Pusateri
- Re: [secdir] [dnssd] Secdir telechat review of dr… Tom Pusateri
- Re: [secdir] [dnssd] Secdir telechat review of dr… Ted Lemon
- Re: [secdir] [dnssd] Secdir telechat review of dr… Tom Pusateri
- Re: [secdir] [dnssd] Secdir telechat review of dr… Tom Pusateri
- Re: [secdir] [dnssd] Secdir telechat review of dr… Ted Lemon
- [secdir] 答复: [dnssd] Secdir telechat review of dr… Xialiang (Frank, Network Standard & Patent Dept)