[secdir] secdir review of draft-ietf-dime-drmp-05

Tom Yu <tlyu@mit.edu> Tue, 03 May 2016 03:52 UTC

Return-Path: <tlyu@mit.edu>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1FCC712D531; Mon, 2 May 2016 20:52:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.217
X-Spam-Level:
X-Spam-Status: No, score=-5.217 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.996, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cAJV1jLMBjv3; Mon, 2 May 2016 20:51:59 -0700 (PDT)
Received: from dmz-mailsec-scanner-2.mit.edu (dmz-mailsec-scanner-2.mit.edu [18.9.25.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E631512B018; Mon, 2 May 2016 20:51:58 -0700 (PDT)
X-AuditID: 1209190d-fefff700000076cb-9d-5728205dfabd
Received: from mailhub-auth-3.mit.edu ( [18.9.21.43]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by (Symantec Messaging Gateway) with SMTP id 3C.24.30411.D5028275; Mon, 2 May 2016 23:51:57 -0400 (EDT)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by mailhub-auth-3.mit.edu (8.13.8/8.9.2) with ESMTP id u433pvOJ025265; Mon, 2 May 2016 23:51:57 -0400
Received: from localhost (sarnath.mit.edu [18.18.1.190]) (authenticated bits=0) (User authenticated as tlyu@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id u433pt9v011767; Mon, 2 May 2016 23:51:56 -0400
From: Tom Yu <tlyu@mit.edu>
To: iesg@ietf.org, secdir@ietf.org, draft-ietf-dime-drmp.all@ietf.org
Date: Mon, 02 May 2016 23:51:55 -0400
Message-ID: <ldvtwifdcis.fsf@sarnath.mit.edu>
Lines: 18
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFtrDIsWRmVeSWpSXmKPExsUixCmqrRuroBFusGuVgcX/ba9YLWb8mchs 8WHhQxYHZo8lS34yBTBGcdmkpOZklqUW6dslcGX8aNvCXLCMraKp9zNjA+NE1i5GTg4JAROJ Y3vfs3UxcnEICbQxSbx5/IcZwtnAKPG46wlU5jWjxPOH/UwgLWwC0hLHL+8Csjk4RARcJQ6+ VwMJCwsYSjTfb2UHsVkEVCUOdi5nBrF5BXQlOhvWMYLYPAKcEr/+TmCDiAtKnJz5hAXEZhbQ krjx7yXTBEaeWUhSs5CkFjAyrWKUTcmt0s1NzMwpTk3WLU5OzMtLLdI10svNLNFLTSndxAgO GEneHYz/7nodYhTgYFTi4V3wQD1ciDWxrLgy9xCjJAeTkiivxF2gEF9SfkplRmJxRnxRaU5q 8SFGCQ5mJRHeY3wa4UK8KYmVValF+TApaQ4WJXHemJtHw4QE0hNLUrNTUwtSi2CyMhwcShK8 x+WAGgWLUtNTK9Iyc0oQ0kwcnCDDeYCGXwCp4S0uSMwtzkyHyJ9i1OVY8OP2WiYhlrz8vFQp cd5bIEUCIEUZpXlwc8CRLsS47xWjONBbwrxx8kBVPMAkATfpFdASJqAl2etVQZaUJCKkpBoY L9dxPl9cnXaaLSdoR4PI7SWJf/p4n9Y+85BZplLi3ie7PH52kWT4bx2xie0x0/Q4G8x4P8dE lCYv0Hj5ZPFPEc5TpfK8MyQmFee8tNCSst91IPjvxvrVRiw+cUxvZQ4dVNRf8HjW1v1M6ivv NwgX19jMaH7wbMucmU9rclpDXOxX/VXnS2BXYinOSDTUYi4qTgQAudol7s8CAAA=
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/c-Hj9PB6ZRXAaRgtPwoedql5jxM>
Subject: [secdir] secdir review of draft-ietf-dime-drmp-05
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 May 2016 03:52:01 -0000

I have reviewed this document as part of the security directorate's 
ongoing effort to review all IETF documents being processed by the 
IESG.  These comments were written primarily for the benefit of the 
security area directors.  Document editors and WG chairs should treat 
these comments just like any other last call comments.

Summary: Ready with nits

The security considerations section of this document seems substantial.
I approve of including a treatment of the lack of end-to-end security in
the protocol.  This is a topic to which authors of other documents
should pay more attention.

Editorial:

Page headers say "DOIC" instead of something like "DRMP"; is this
intentional?  Section 11.3 title "End-to End-Security Issues" should
probably be "End-to-End Security Issues".