Re: [secdir] sec-dir review of draft-ietf-i2nsf-problem-and-use-cases-12
"Susan Hares" <shares@ndzh.com> Tue, 02 May 2017 17:32 UTC
Return-Path: <shares@ndzh.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0C051129422; Tue, 2 May 2017 10:32:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 3.645
X-Spam-Level: ***
X-Spam-Status: No, score=3.645 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DOS_OUTLOOK_TO_MX=2.845] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id v0wkr5-7d44V; Tue, 2 May 2017 10:32:27 -0700 (PDT)
Received: from hickoryhill-consulting.com (50-245-122-97-static.hfc.comcastbusiness.net [50.245.122.97]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AE3E7129B62; Tue, 2 May 2017 10:29:50 -0700 (PDT)
X-Default-Received-SPF: pass (skip=forwardok (res=PASS)) x-ip-name=70.194.10.118;
From: Susan Hares <shares@ndzh.com>
To: 'Derek Atkins' <derek@ihtfp.com>, iesg@ietf.org, secdir@ietf.org
Cc: i2nsf-chairs@ietf.org, pauljeong@skku.edu, rkkumar@juniper.net, Christian.jacquenet@orange.com, myo@varmour.com, diego.r.lopez@telefonica.com
References: <sjmpog04cim.fsf@securerf.ihtfp.org>
In-Reply-To: <sjmpog04cim.fsf@securerf.ihtfp.org>
Date: Tue, 02 May 2017 13:23:58 -0400
Message-ID: <040d01d2c368$e281d3e0$a7857ba0$@ndzh.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQHq5flN5MHN2CksilV0i54d1XYwXqGw+CTQ
Content-Language: en-us
X-Authenticated-User: skh@ndzh.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/gC5_IYuCl-ZIttB3DZLZU_SfYR0>
Subject: Re: [secdir] sec-dir review of draft-ietf-i2nsf-problem-and-use-cases-12
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 May 2017 17:32:30 -0000
Derek: I apologize for the delay in responding to you. I will check to make sure these are fixed in version 16. Sue Hares -----Original Message----- From: Derek Atkins [mailto:derek@ihtfp.com] Sent: Tuesday, April 25, 2017 1:34 PM To: iesg@ietf.org; secdir@ietf.org Cc: i2nsf-chairs@ietf.org; pauljeong@skku.edu; rkkumar@juniper.net; Christian.jacquenet@orange.com; myo@varmour.com; diego.r.lopez@telefonica.com; shares@ndzh.com Subject: sec-dir review of draft-ietf-i2nsf-problem-and-use-cases-12 Hi, I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written with the intent of improving security requirements and considerations in IETF drafts. Comments not addressed in last call may be included in AD reviews during the IESG review. Document editors and WG chairs should treat these comments just like any other last call comments. Summary: Ready to publish with small edits. Details: This document doesn't specify any protocols. There appears to be a missing word in the end of the Security Considerations section which says: It is important to proper AAA [RFC2904] to authorize access to the network and access to the I2NSF management stream. I'm not sure if this is missing "proper AAA [something] [RFC2904] to authorize" or if there is a different phrasing. I'm not sure what is trying to be said about AAA, but this sentence is clearly missing an article (as "proper AAA" by itself is not a noun"). -derek -- Derek Atkins 617-623-3745 derek@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant
- [secdir] sec-dir review of draft-ietf-i2nsf-probl… Derek Atkins
- Re: [secdir] sec-dir review of draft-ietf-i2nsf-p… Susan Hares