[secdir] SecDir Review of draft-farrell-perpass-attack-02
"Adam W. Montville" <adam@stoicsecurity.com> Tue, 17 December 2013 03:02 UTC
Return-Path: <adam@stoicsecurity.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8F96D1AE055; Mon, 16 Dec 2013 19:02:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 36WF7p5P0lYn; Mon, 16 Dec 2013 19:02:13 -0800 (PST)
Received: from p3plsmtpa09-07.prod.phx3.secureserver.net (p3plsmtpa09-07.prod.phx3.secureserver.net [173.201.193.236]) by ietfa.amsl.com (Postfix) with ESMTP id 25F6A1AE05C; Mon, 16 Dec 2013 19:02:12 -0800 (PST)
Received: from [192.168.1.69] ([99.64.100.240]) by p3plsmtpa09-07.prod.phx3.secureserver.net with id 2T271n0055BBm5P01T28x9; Mon, 16 Dec 2013 20:02:11 -0700
From: "Adam W. Montville" <adam@stoicsecurity.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Message-Id: <FA28AEE6-D91A-45A7-97A7-24EDF9A5EE36@stoicsecurity.com>
Date: Mon, 16 Dec 2013 21:02:06 -0600
To: secdir@ietf.org, iesg@ietf.org, draft-farrell-perpass-attack-02.all@tools.ietf.org
Mime-Version: 1.0 (Mac OS X Mail 7.1 \(1827\))
X-Mailer: Apple Mail (2.1827)
Subject: [secdir] SecDir Review of draft-farrell-perpass-attack-02
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Dec 2013 03:02:14 -0000
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. In my opinion, the draft is ready. The draft does a good job explaining pervasive monitoring, why pervasive monitoring is considered an attack, and that the IETF will *continue* to mitigate the effects of such an attack where possible. I found it easy enough to follow and particularly good at removing politics from the equation. If I had any criticism at all, it would be that the draft doesn't convey that privacy is security as it pertains to a particular type of information (replace personally identifying information with credit card data, and you've got something more like PCI security). To those unfamiliar with security and/or privacy, this point might be made clearer either in a draft like this or in something like RFC6973 (and it may be covered well there). Like I said, though, I think the draft is ready. Regards, Adam
- [secdir] SecDir Review of draft-farrell-perpass-a… Adam W. Montville