[secdir] SECDIR review of draft-ietf-ipfix-anon-05

<kathleen.moriarty@emc.com> Sat, 30 October 2010 15:52 UTC

Return-Path: <kathleen.moriarty@emc.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 690C03A6A1B; Sat, 30 Oct 2010 08:52:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.533
X-Spam-Level:
X-Spam-Status: No, score=-5.533 tagged_above=-999 required=5 tests=[AWL=1.066, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TkSj32aVzRue; Sat, 30 Oct 2010 08:52:48 -0700 (PDT)
Received: from mexforward.lss.emc.com (mexforward.lss.emc.com [128.222.32.20]) by core3.amsl.com (Postfix) with ESMTP id 7E1503A68E3; Sat, 30 Oct 2010 08:52:48 -0700 (PDT)
Received: from hop04-l1d11-si04.isus.emc.com (HOP04-L1D11-SI04.isus.emc.com [10.254.111.24]) by mexforward.lss.emc.com (Switch-3.4.3/Switch-3.4.3) with ESMTP id o9UFsigJ006507 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sat, 30 Oct 2010 11:54:44 -0400
Received: from mailhub.lss.emc.com (mailhub.lss.emc.com [10.254.221.251]) by hop04-l1d11-si04.isus.emc.com (RSA Interceptor); Sat, 30 Oct 2010 11:54:41 -0400
Received: from corpussmtp4.corp.emc.com (corpussmtp4.corp.emc.com [10.254.169.197]) by mailhub.lss.emc.com (Switch-3.4.3/Switch-3.4.3) with ESMTP id o9UFrwB3021894; Sat, 30 Oct 2010 11:53:59 -0400
Received: from mxhub06.corp.emc.com ([128.221.46.114]) by corpussmtp4.corp.emc.com with Microsoft SMTPSVC(6.0.3790.4675); Sat, 30 Oct 2010 11:53:59 -0400
Received: from mx06a.corp.emc.com ([169.254.1.184]) by mxhub06.corp.emc.com ([128.221.46.114]) with mapi; Sat, 30 Oct 2010 11:53:58 -0400
From: <kathleen.moriarty@emc.com>
To: <iesg@ietf.org>, <secdir@ietf.org>, <boschie@tik.ee.ethz.ch>, <trammell@tik.ee.ethz.ch>
Date: Sat, 30 Oct 2010 11:53:47 -0400
Thread-Topic: SECDIR review of draft-ietf-ipfix-anon-05
Thread-Index: Act4SqEcJza7+doNQuO431YWCTqi3Q==
Message-ID: <AE31510960917D478171C79369B660FA0DABC627EA@MX06A.corp.emc.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-cr-hashedpuzzle: GL+g LCDD U5Vq VZEb WGYv aewL b/Hy h7nK jEph mYoW nUdG prJU p+Ji s8s2 uzrM xzZo; 4; YgBvAHMAYwBoAGkAZQBAAHQAaQBrAC4AZQBlAC4AZQB0AGgAegAuAGMAaAA7AGkAZQBzAGcAQABpAGUAdABmAC4AbwByAGcAOwBzAGUAYwBkAGkAcgBAAGkAZQB0AGYALgBvAHIAZwA7AHQAcgBhAG0AbQBlAGwAbABAAHQAaQBrAC4AZQBlAC4AZQB0AGgAegAuAGMAaAA=; Sosha1_v1; 7; {1C4B36C8-AA8C-4717-8546-BB63A011BCD6}; awBhAHQAaABsAGUAZQBuAC4AbQBvAHIAaQBhAHIAdAB5AEAAZQBtAGMALgBjAG8AbQA=; Sat, 30 Oct 2010 15:53:47 GMT; UwBFAEMARABJAFIAIAByAGUAdgBpAGUAdwAgAG8AZgAgAGQAcgBhAGYAdAAtAGkAZQB0AGYALQBpAHAAZgBpAHgALQBhAG4AbwBuAC0AMAA1AA==
x-cr-puzzleid: {1C4B36C8-AA8C-4717-8546-BB63A011BCD6}
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginalArrivalTime: 30 Oct 2010 15:53:59.0032 (UTC) FILETIME=[AA4DA780:01CB784A]
X-EMM-MHVC: 1
X-Mailman-Approved-At: Mon, 01 Nov 2010 08:18:58 -0700
Subject: [secdir] SECDIR review of draft-ietf-ipfix-anon-05
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 30 Oct 2010 15:52:58 -0000

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the IESG.
These comments were written primarily for the benefit of the security
area directors.  Document editors and WG chairs should treat these
comments just like any other last call comments.

General:
This document presents a mechanism for representing anonymized data within IPFIX [RFC5101] and guidelines for using it.  The document in general is well-written and no security issues were detected.  Adequate background information is included in section 1 which aids in the overall readability of the document.  Since the purpose of the document is to anonymize flow information, it is itself a security function for the IPFIX protocol.

The document covers the range of fields that are recommended for anonymization.  The draft contains adequate explanations as to how the fields might be used to detect either the entities responsible for the flows or information about the hosts sending or receiving the flows.  The fields recommended for anonymization include the IP address, MAC address (can be used to construct IPv6 addresses or may be possible to trace a device to an entity), port numbers (host OS identification techniques), timestamps and counters (can reveal host behavior information).  Methods to anonymize each field are provided in the draft, including the advantages of using some techniques for anonymization and remaining gaps if alternate techniques are selected.

The security section of the document further clarifies the purpose of this draft versus that of the existing IPFIX standards for confidentiality (not covered in this draft).  Encryption for confidentiality is covered in other drafts such as using TLS for transport, this draft is specific to anonymization.  The security section is adequate for this draft.

Note: While I majored in Math undergrad and actually enjoyed ring and field theory, I could be missing something in the evaluation as it seems like that was a long time ago!  I do not see any problems with the options presented for anonymization as it appears to be quite thorough.


Detailed Comments:
Introduction:  Grammar nit:  2nd paragraph, anonymisable is not a word.  Maybe replace this with Anonymize as it still reads fine and I think has the same intent.



Nice job!

-Kathleen