IETF Logo Mail Archive

Re: [secdir] Review of draft-ietf-dime-diameter-api-08

"Romascanu, Dan (Dan)" <dromasca@avaya.com> Tue, 16 June 2009 16:52 UTC

Return-Path: <dromasca@avaya.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 6B6633A6BB8; Tue, 16 Jun 2009 09:52:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.44
X-Spam-Level:
X-Spam-Status: No, score=-2.44 tagged_above=-999 required=5 tests=[AWL=0.159, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id V7cKppWA2lr7; Tue, 16 Jun 2009 09:52:16 -0700 (PDT)
Received: from nj300815-nj-outbound.net.avaya.com (nj300815-nj-outbound.net.avaya.com [198.152.12.100]) by core3.amsl.com (Postfix) with ESMTP id 42E953A695F; Tue, 16 Jun 2009 09:52:16 -0700 (PDT)
X-IronPort-AV: E=Sophos;i="4.42,229,1243828800"; d="scan'208";a="164452672"
Received: from unknown (HELO nj300815-nj-erheast.avaya.com) ([198.152.6.5]) by nj300815-nj-outbound.net.avaya.com with ESMTP; 16 Jun 2009 12:30:08 -0400
Received: from unknown (HELO 307622ANEX5.global.avaya.com) ([135.64.140.14]) by nj300815-nj-erheast-out.avaya.com with ESMTP; 16 Jun 2009 12:30:07 -0400
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Date: Tue, 16 Jun 2009 18:30:04 +0200
Message-ID: <EDC652A26FB23C4EB6384A4584434A04017D2C53@307622ANEX5.global.avaya.com>
In-Reply-To: <4A37BDAA.50306@ieca.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: Review of draft-ietf-dime-diameter-api-08
Thread-Index: AcnumX+1jgtXkBqHSRe3ViZPe/SmzQABYVJg
References: <4A37BDAA.50306@ieca.com>
From: "Romascanu, Dan (Dan)" <dromasca@avaya.com>
To: Sean Turner <turners@ieca.com>, secdir <secdir@ietf.org>, draft-ietf-dime-diameter-api@tools.ietf.org, iesg@ietf.org, dime-chairs@ietf.org
Cc: pacalhou@cisco.com, Hannes Tschofenig <Hannes.Tschofenig@gmx.net>, Victor Fajardo <vfajardo@tari.toshiba.com>, dave@frascone.com
Subject: Re: [secdir] Review of draft-ietf-dime-diameter-api-08
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Jun 2009 16:52:17 -0000

Sean,

Was your review sent to the editors of the document? 

Can you please clarify why you believe that the API introduces
supplementary security concerns, which would make the reference to the
security considerations of RFC 5366 insufficient? 

Thanks and Regards,

Dan


> -----Original Message-----
> From: iesg-bounces@ietf.org [mailto:iesg-bounces@ietf.org] On 
> Behalf Of Sean Turner
> Sent: Tuesday, June 16, 2009 6:44 PM
> To: secdir; draft-ietf-dime-diameter-api@tools.ietf.org; 
> iesg@ietf.org; dime-chairs@ietf.org
> Cc: Hannes Tschofenig
> Subject: Review of draft-ietf-dime-diameter-api-08
> 
> I have reviewed this document (twice now) as part of the 
> security directorate's ongoing effort to review all IETF 
> documents being processed by the IESG. These comments were 
> written primarily for the benefit of the security area 
> directors. Document editors and WG chairs should treat these 
> comments just like any other last call comments.
> 
> This version does not address the comments I made against the 
> -07 version, notably:
> 
> The document needs to discuss the security considerations 
> surrounding the API in your document, as opposed to just 
> pointing to RFC5388.
> 
> Nits:
> - Sec 3.1.1: add "." to end of last sentence
> - Sec 3.4.3.1 and 3.4.3.2: r/- The NAI of the user./The NAI 
> of the user.
> - Sec 3.4.5.7: Move description before C code.
> 
> spt
>

v2.23.0 | Report a Bug | By Email