Re: [secdir] Secdir review of draft-ietf-cdni-footprint-capabilities-semantics-12
Kevin Ma J <kevin.j.ma@ericsson.com> Wed, 23 March 2016 15:58 UTC
Return-Path: <kevin.j.ma@ericsson.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 399CC12D6CA; Wed, 23 Mar 2016 08:58:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.202
X-Spam-Level:
X-Spam-Status: No, score=-4.202 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Nza7d1I3S4G9; Wed, 23 Mar 2016 08:58:48 -0700 (PDT)
Received: from usplmg21.ericsson.net (usplmg21.ericsson.net [198.24.6.65]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D1EC512D6A2; Wed, 23 Mar 2016 08:58:47 -0700 (PDT)
X-AuditID: c6180641-f79fa6d0000057a9-7b-56f2bd14c09d
Received: from EUSAAHC001.ericsson.se (Unknown_Domain [147.117.188.75]) by usplmg21.ericsson.net (Symantec Mail Security) with SMTP id 86.0C.22441.41DB2F65; Wed, 23 Mar 2016 16:58:13 +0100 (CET)
Received: from EUSAAMB103.ericsson.se ([147.117.188.120]) by EUSAAHC001.ericsson.se ([147.117.188.75]) with mapi id 14.03.0248.002; Wed, 23 Mar 2016 11:58:46 -0400
From: Kevin Ma J <kevin.j.ma@ericsson.com>
To: "Brian Weis (bew)" <bew@cisco.com>, The IESG <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
Thread-Topic: Secdir review of draft-ietf-cdni-footprint-capabilities-semantics-12
Thread-Index: AQHRhHdhY2ZvuIxqdkmtH/tNM8qcVp9nLyug
Date: Wed, 23 Mar 2016 15:58:46 +0000
Message-ID: <A419F67F880AB2468214E154CB8A556206D43DFF@eusaamb103.ericsson.se>
References: <6A77AE94-D1D3-42FF-BA8B-41FE180E1489@cisco.com>
In-Reply-To: <6A77AE94-D1D3-42FF-BA8B-41FE180E1489@cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [147.117.188.11]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFmpnkeLIzCtJLcpLzFFi42KZXLrHW1d076cwgzt/uCz63jayWtw77mox 489EZosPCx+yOLB4TPm9kdVjyZKfTB5fLn9mC2CO4rJJSc3JLEst0rdL4MpYt3wuc8FuqYoz PQoNjBdFuxg5OSQETCT+/z7OBmGLSVy4tx7I5uIQEjjCKLFjej87hLOcUeLF0VtMIFVsAloS j7/+BbNFBNIlznw6CtbNLDCRUeLQVWkQW1ggWOLrxQcsEDUhEl9arrJ2MXIA2UYSW286gZgs AqoS97/YgFTwCvhKdK5YBjZFSMBG4uL/+8wgNqeArcTX2WfANjEC3fb91BomiE3iEreezGeC uFlAYsme88wQtqjEy8f/WCFsJYmPv+ezQ9TrSCzY/QnqSm2JZQtfM0PsFZQ4OfMJywRGsVlI xs5C0jILScssJC0LGFlWMXKUFhfk5KYbGW5iBEbPMQk2xx2Me3s9DzEKcDAq8fAWnPsYJsSa WFZcmXuIUYKDWUmEN37DpzAh3pTEyqrUovz4otKc1OJDjNIcLErivN8+Xg4TEkhPLEnNTk0t SC2CyTJxcEo1MHZPDN2254S82+Rl3OLWUaoNS1mYkxeH1df3yEeln9jgERNr8Om3kOXvB20r fxYv4Lxm+Z95984VLLoP7/zedzjPUe1L51rjanX1BiWLE/a2EwxFJgmu3sd/JEcpeeeWw4lx AaFnj/rtk3n78RL3i7/Fd5O6v100PZPs/UxtyjOWuA1PVFuiW5RYijMSDbWYi4oTASqHaZSa AgAA
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/bSdLWmAnt8g2VnZzvtZ48nNdrys>
Cc: "draft-ietf-cdni-footprint-capabilities-semantics.all@tools.ietf.org" <draft-ietf-cdni-footprint-capabilities-semantics.all@tools.ietf.org>
Subject: Re: [secdir] Secdir review of draft-ietf-cdni-footprint-capabilities-semantics-12
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Mar 2016 15:58:50 -0000
Hi Brian, Thank you for the review. It is a fair comment and a good suggestion. I agree that the follow-on protocol spec will have to do the real security evaluation, and it makes sense to not offer too many assumptions in the semantics doc. I will update the security section in the next rev, to remove that statement and add the suggested privacy measures, in line with the other CDNI protocol drafts. thanx! -- Kevin J. Ma > -----Original Message----- > From: Brian Weis (bew) [mailto:bew@cisco.com] > Sent: Tuesday, March 22, 2016 4:14 PM > To: The IESG; secdir@ietf.org > Cc: draft-ietf-cdni-footprint-capabilities-semantics.all@tools.ietf.org > Subject: Secdir review of draft-ietf-cdni-footprint-capabilities- > semantics-12 > > I have reviewed this document as part of the security directorate's > ongoing effort to review all IETF documents being processed by the IESG. > These comments were written primarily for the benefit of the security area > directors. Document editors and WG chairs should treat these comments just > like any other last call comments. > > The document describes high level semantics around the method that sites > in a CDN Interconnection (CDNI) can perform a capability exchange, and > defines the semantics that would be exchanged. The described semantics do > not form a protocol, or even a data format, but provide an overview of > considerations and guidance on the types of information that are to be > exchanged. > > The Security Considerations section does make requirements on protocols > that would implement a capabilities exchange conforming to this document, > which is that they must provide "integrity and authentication services" > between the sites. It also notes that since a CDNI is setup as the result > of business relationships, it's reasonable to expect and out of band > method for exchanging authentication state for a protocol. This seems > right to me. > > Confidentiality of protocols that implement these semantics is not > considered a high priority because "It is not believed that there are any > serious privacy risks in sharing footprint or capability information". The > section states an assumption that the shared information will be > aggregated data and policy-related information about media, rather than > personally identifying information (PII). However, since this document is > not specifying any particular protocol, and thus does not strictly control > the contents of the protocol, this seems like an uncertain assumption to > me. It would be better to make a more positive assertion recommending > confidentiality, so that protocol implementors conforming to this > document are less likely to forget to add confidentiality when they do > pass PII, or when they forget to think about privacy threats to PII. If a > traditional cryptographic system (such as TLS) is deployed to obtain > integrity, including confidentiality protection comes for a very small > (perhaps negligible) additional cost but provides substantial added > privacy value, so there isn't much technical justification to explicitly > omit confidentiality. > > Because of this privacy risks discussion, I consider document is "Ready > with issues" (but it's just the one issue, all else looks fine to me). > > Brian
- [secdir] Secdir review of draft-ietf-cdni-footpri… Brian Weis (bew)
- Re: [secdir] Secdir review of draft-ietf-cdni-foo… Kevin Ma J
- Re: [secdir] Secdir review of draft-ietf-cdni-foo… Brian Weis (bew)