[secdir] SecDir review of draft-ietf-opsawg-coman-probstate-reqs-04

Alexey Melnikov <alexey.melnikov@isode.com> Thu, 19 February 2015 12:23 UTC

Return-Path: <alexey.melnikov@isode.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 238FA1A8A16; Thu, 19 Feb 2015 04:23:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.011
X-Spam-Level:
X-Spam-Status: No, score=-2.011 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bttoyhZh74ug; Thu, 19 Feb 2015 04:23:09 -0800 (PST)
Received: from statler.isode.com (ext-bt.isode.com [217.34.220.158]) by ietfa.amsl.com (Postfix) with ESMTP id 6C6A81A889C; Thu, 19 Feb 2015 04:23:09 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1424348586; d=isode.com; s=selector; i=@isode.com; bh=62DeHkU7g6SZS8R8+HE5W+nu7mNbLUzAwxBelJGA2MY=; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version: In-Reply-To:References:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description; b=duO7d4DFO+ZMKTqckCGBLfQL9KUTuckEYKzdUpihvvtR0+1rOoSJwNy6DlDi8S7UfYRsC9 HLOGi/L7biEy7Oalneat+FW/tq1lk95mCUvoGgm2kLK4CtuvGAYvMUkGtwR+sIFLizoK5w +ebcWCNiv4/aoNIATUbBS9wrPqPCdPQ=;
Received: from [172.20.1.215] (dhcp-215.isode.net [172.20.1.215]) by statler.isode.com (submission channel) via TCP with ESMTPSA id <VOXVqQBYAnsa@statler.isode.com>; Thu, 19 Feb 2015 12:23:06 +0000
Message-ID: <54E5D598.9070807@isode.com>
Date: Thu, 19 Feb 2015 12:22:48 +0000
From: Alexey Melnikov <alexey.melnikov@isode.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.4.0
To: iesg@ietf.org, secdir@ietf.org, draft-ietf-opsawg-coman-probstate-reqs.all@tools.ietf.org
MIME-Version: 1.0
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/biyzAQNUA5R1Icr46ac0Ht_v4xQ>
Subject: [secdir] SecDir review of draft-ietf-opsawg-coman-probstate-reqs-04
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Feb 2015 12:23:11 -0000

I have reviewed this document as part of the security directorate's 
ongoing effort to review all IETF documents being processed by the IESG. 
  These comments were written primarily for the benefit of the security 
area directors.  Document editors and WG chairs should treat these 
comments just like any other last call comments.

Summary: not sure, see below

I am agreeing with RAI ADs that it is not exactly clear what is the 
value in publishing this document. I am also very curious to see some 
design that can satisfy all of these requirements (which are frequently 
contradictive).

Having said that, I liked the introduction (problem statement) part of 
the document.

Security considerations seem to be covered, but as per above, I have 
hard time figuring out if a system that satisfy them is actually 
feasible. In particular I am interested in knowing how devices can 
satisfy the following requirements:

Support suitable security bootstrapping mechanisms

Self-configuration capability

Self-management - Self-healing

Recovery


in presence of hostile agents on a network of constraint devices.