[secdir] SecDir review of draft-ietf-opsawg-coman-probstate-reqs-04
Alexey Melnikov <alexey.melnikov@isode.com> Thu, 19 February 2015 12:23 UTC
Return-Path: <alexey.melnikov@isode.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 238FA1A8A16; Thu, 19 Feb 2015 04:23:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.011
X-Spam-Level:
X-Spam-Status: No, score=-2.011 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bttoyhZh74ug; Thu, 19 Feb 2015 04:23:09 -0800 (PST)
Received: from statler.isode.com (ext-bt.isode.com [217.34.220.158]) by ietfa.amsl.com (Postfix) with ESMTP id 6C6A81A889C; Thu, 19 Feb 2015 04:23:09 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1424348586; d=isode.com; s=selector; i=@isode.com; bh=62DeHkU7g6SZS8R8+HE5W+nu7mNbLUzAwxBelJGA2MY=; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version: In-Reply-To:References:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description; b=duO7d4DFO+ZMKTqckCGBLfQL9KUTuckEYKzdUpihvvtR0+1rOoSJwNy6DlDi8S7UfYRsC9 HLOGi/L7biEy7Oalneat+FW/tq1lk95mCUvoGgm2kLK4CtuvGAYvMUkGtwR+sIFLizoK5w +ebcWCNiv4/aoNIATUbBS9wrPqPCdPQ=;
Received: from [172.20.1.215] (dhcp-215.isode.net [172.20.1.215]) by statler.isode.com (submission channel) via TCP with ESMTPSA id <VOXVqQBYAnsa@statler.isode.com>; Thu, 19 Feb 2015 12:23:06 +0000
Message-ID: <54E5D598.9070807@isode.com>
Date: Thu, 19 Feb 2015 12:22:48 +0000
From: Alexey Melnikov <alexey.melnikov@isode.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.4.0
To: iesg@ietf.org, secdir@ietf.org, draft-ietf-opsawg-coman-probstate-reqs.all@tools.ietf.org
MIME-Version: 1.0
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/biyzAQNUA5R1Icr46ac0Ht_v4xQ>
Subject: [secdir] SecDir review of draft-ietf-opsawg-coman-probstate-reqs-04
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Feb 2015 12:23:11 -0000
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. Summary: not sure, see below I am agreeing with RAI ADs that it is not exactly clear what is the value in publishing this document. I am also very curious to see some design that can satisfy all of these requirements (which are frequently contradictive). Having said that, I liked the introduction (problem statement) part of the document. Security considerations seem to be covered, but as per above, I have hard time figuring out if a system that satisfy them is actually feasible. In particular I am interested in knowing how devices can satisfy the following requirements: Support suitable security bootstrapping mechanisms Self-configuration capability Self-management - Self-healing Recovery in presence of hostile agents on a network of constraint devices.
- [secdir] SecDir review of draft-ietf-opsawg-coman… Alexey Melnikov