[secdir] SECDIR review of draft-ietf-lisp-pubsub-06
Chris Lonvick <lonvick.ietf@gmail.com> Thu, 01 October 2020 12:34 UTC
Return-Path: <lonvick.ietf@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0AF363A0FF7; Thu, 1 Oct 2020 05:34:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lIChWyASIqDZ; Thu, 1 Oct 2020 05:34:50 -0700 (PDT)
Received: from mail-oi1-x244.google.com (mail-oi1-x244.google.com [IPv6:2607:f8b0:4864:20::244]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 038D73A0FF5; Thu, 1 Oct 2020 05:34:46 -0700 (PDT)
Received: by mail-oi1-x244.google.com with SMTP id x14so5356624oic.9; Thu, 01 Oct 2020 05:34:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=to:from:subject:message-id:date:user-agent:mime-version :content-transfer-encoding:content-language; bh=7TYw5l3NjOVYfCvB7HzCELnoSxw9kmUSSBytsaielDk=; b=XqFIMGzFB6+1/FggVbozKfUcX24sOOLCWjj2Y5KDWQ3UHKMcoHmdSSdM7bmi+tLisf DEH11gVRcBopGvFTXTyJbPysPiK/HN0x/kv/RVhT011HM2n706Gt5tUh2d9WQL8lN2HN K7IGfqFXHicyed5SgtYaOrLYoIWB7ogfuVGAPcn0CSvfaS8rCbHolIzfchREhegrrxoW 0T7iNRAh3Y/IVUWM8CtPy04V22heq8lJS1oW3sjd7hwRCadHC36MpP0SfJrqw/6jwxYv GEj7vZ8nUl7e1SeSvmr2Tq1zD88f4SzUehL8W4xoEruvAhHFYiLyn6OUnUBMmFm9xBW+ 96Rg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:to:from:subject:message-id:date:user-agent :mime-version:content-transfer-encoding:content-language; bh=7TYw5l3NjOVYfCvB7HzCELnoSxw9kmUSSBytsaielDk=; b=sWuz5ydt5+QqaY8zjIHTCDblP7NvqmwYgb6Kuyzz6uWxyYmimO9y8MjUoP+Kk5Zeak pBAequamsjuzzHtucAkgQ0zEXuWiNM4gKxiDVQjhZ4YpNjbEV1pMk8NZK+oW6U49+uov GZY1V6sSQC7e6h5GZjEj4yUpHXJxrKi5k2MzOKJ3BoNVJ32FIP+MQIDiN3qgQU/YEtmS vS2CFDD7MqSnybiamQSzJzyStlZhLhx5TMneIziHPZcZtx6Q635AEsqCtoZMy8kPtS8b pNQh8Qga2NX46MIg06vD9f6G6+38vVDC7IOVj4j1/urQ684iXA8BeTnKGtBd0zfAeqtO Zgqw==
X-Gm-Message-State: AOAM530X6qwNT87R7O9yzACr7c/kdikpKaTce/YNquC1K+2zq05TQQcZ PkktFspmMs0v/9fG+wcMawMPVAc8cjI=
X-Google-Smtp-Source: ABdhPJzl5jA1mbTVXTA3M8Eb8YxKknunCbciqFcx62OG/IorTgTqEpNwKx6U+6ey9kkALlQKI7qQjw==
X-Received: by 2002:aca:843:: with SMTP id 64mr4121647oii.135.1601555685041; Thu, 01 Oct 2020 05:34:45 -0700 (PDT)
Received: from Chriss-Air.attlocal.net ([2602:306:8b74:aad0:4964:9254:8747:be5d]) by smtp.googlemail.com with ESMTPSA id r131sm419242oig.50.2020.10.01.05.34.44 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 01 Oct 2020 05:34:44 -0700 (PDT)
To: "iesg@ietf.org" <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>, draft-ietf-lisp-pubsub.all@ietf.org
From: Chris Lonvick <lonvick.ietf@gmail.com>
Message-ID: <cee3ecb4-af25-289a-5a18-862142574f87@gmail.com>
Date: Thu, 01 Oct 2020 07:34:43 -0500
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:68.0) Gecko/20100101 Thunderbird/68.12.0
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/fXnbB89cexxqFqTEmaqVHV1wlgw>
Subject: [secdir] SECDIR review of draft-ietf-lisp-pubsub-06
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Oct 2020 12:34:51 -0000
Hi, I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This is an "Early Review Request" so I'm going to mark the draft as READY WITH NITS. It appears that there's a raft of drafts of LISP documents progressing together through the WG that cross-reference each other in that they all provide foundation and support for their collective features. (I'll admit that I haven't been keeping up.) So if my nits have been addressed in another document, that just means that I didn't dig far or deep enough so please consider giving a pointer in the Security Considerations of this document so others won't similarly be left adrift. In this document, and the associated others that I peered into, the term "nonce" seems to be used more as a "token" than, well, what I consider to be a nonce. In one case it may be a random value, but in several others the value is stored, compared, and reused. This is inconsistent with the IETF's Security Glossary RFC 4949. Also, there is a reference to increasing the nonce for a particular use. However, I saw no discussion of what to do when the value exceeds the field space. Other than that, the document appears to be well written and well thought out. Best regards, Chris
- [secdir] SECDIR review of draft-ietf-lisp-pubsub-… Chris Lonvick
- Re: [secdir] SECDIR review of draft-ietf-lisp-pub… Joel M. Halpern
- Re: [secdir] SECDIR review of draft-ietf-lisp-pub… Alberto Rodriguez Natal (natal)
- Re: [secdir] SECDIR review of draft-ietf-lisp-pub… Alberto Rodriguez-Natal (natal)