[secdir] Secdir review of draft-ietf-i2rs-protocol-security-requirements

Radia Perlman <radiaperlman@gmail.com> Sun, 02 October 2016 04:12 UTC

Return-Path: <radiaperlman@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 0D81112B13D; Sat, 1 Oct 2016 21:12:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id 5-hNZlDtnn84; Sat, 1 Oct 2016 21:12:12 -0700 (PDT)
Received: from mail-oi0-x229.google.com (mail-oi0-x229.google.com [IPv6:2607:f8b0:4003:c06::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 11B8412B01C; Sat, 1 Oct 2016 21:12:12 -0700 (PDT)
Received: by mail-oi0-x229.google.com with SMTP id r126so170011291oib.0; Sat, 01 Oct 2016 21:12:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:from:date:message-id:subject:to; bh=9Hw3ed+60X3r3P7mxNo5RbrpFE9uUU71L/ZO45MJLwU=; b=cEIt69jPqev1eqe4GnAe0Ck6KZmEbciAl/h6CheBbHNDOJE8jaMe/HU71vpx3kMvcg uDs2vYlxt7JAujH1TOFHu4rwyvZOz5DUy0Nq/DzteNhqMO3DZ386w6N/Mh15c85NrbPg ngmbltq9BXSXnuSWovpMAtgE6EuaMSJjhk5HuhwEftH3gvvCY4X5MbShea+24aiZq+0z 4oZZjP8oWCcVv0ReSOIEE+UVQEZ67X4l5kCamZTo5wkspBrBn3xl4yfotnjCFq30taNY JgijCYRwmrIyDy4mS/nmw9YauliPFrBkDXTY9lfc0w3Ythg6xBGYUmYoGzpB7O7TdoCF 4xhA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=9Hw3ed+60X3r3P7mxNo5RbrpFE9uUU71L/ZO45MJLwU=; b=m24ED0b8CzQyZrV+xdmZp2UMCH2U00gqso3Xe5v/QR2haWSu6dcCQq/NNq19Jt5Sn9 5SpFdrCSFgGxHmKkgrHkdNuqj5BVOEMuyWDB9z572wEWpnVn7rtiTxqsQhJVCgMCqomw ZOCZJ2zDIwPfc4uTuTG+fj72MwxsbV/z2g9UfLmw7sS2bfnxleeDiC2c5T4MA24Kslpb yJ4VmaSsa/Ie6QPPP/SgVySLaPns4stdjAax8cMM+EFEpKI3vzbDh20U49amFoZZszTW mIqahQmksuAqnJPw3d6ROKdJgboIjN3MFeZKxRR3u89V9gg0yXjHQ5QHN/1wIPPZjMq0 1Uow==
X-Gm-Message-State: AA6/9Rnqpmm5VqIexEdy8aB4KMa0UltIlSull05PHmn9LFG59qUovkyD6gXzT/MxRX/B70rsNqqUHxpK5VizZw==
X-Received: by with SMTP id z12mr10130024otz.240.1475381531436; Sat, 01 Oct 2016 21:12:11 -0700 (PDT)
MIME-Version: 1.0
Received: by with HTTP; Sat, 1 Oct 2016 21:12:10 -0700 (PDT)
From: Radia Perlman <radiaperlman@gmail.com>
Date: Sat, 01 Oct 2016 21:12:10 -0700
Message-ID: <CAFOuuo49L5=orrtOJ7CDTNMe7s+zm++dLNZYCrfBeL4NeyBFJw@mail.gmail.com>
To: "secdir@ietf.org" <secdir@ietf.org>, The IESG <iesg@ietf.org>, draft-ietf-i2rs-protocol-security-requirements.all@tools.ietf.org
Content-Type: multipart/alternative; boundary="94eb2c1907aa16ed0f053dda08c3"
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/gqHnKGgMl9e8GOalp2YSLQtmcdk>
Subject: [secdir] Secdir review of draft-ietf-i2rs-protocol-security-requirements
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 02 Oct 2016 04:12:13 -0000

On Thu, Sep 15, 2016 at 6:43 AM, Radia Perlman <radiaperlman@gmail.com>
I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG.
These comments were written primarily for the benefit of the security area
Document editors and WG chairs should treat these comments just like any
other last call comments.

I previously reviewed version 6 and 10, and all my comments are addressed
in this version (17). The secdir assignment was for version 14, but the
latest version seems to be 17, so that is the one that I reviewed.

Nothing substantive, certainly no security issues, and it's ready for

I do have a few super-minor typos in this version (17)  Apologies for the
weird formatting of my comments below. Perhaps it's gmail, that when I
cut-and-paste from the document, makes weird boxes, so please ignore the
boxes.  If gmail is just putting boxes in while I type in my comments, just
to annoy me, and they don't appear in the sent email, then ignore the
non-boxes I'm complaining about.  Anyway, here are my comments:

There seems to be a cut-and-paste error here:

"The optional insecure transport can only be used restricted set of
publically data available (events or information)"

Perhaps it should be "The optional insecure transport can only be used when
accessing publically available data (events or information)".

Not exactly sure what you'd like it to be...but there does seem to be at
least a missing word in the text from the document.

And as long as I'm noticing extremely minor editorial things during reread:

"The first application is a weekly configuration application
   that uses the I2RS protocol to change configurations.  The second
   application is an application that allows operators to makes
   emergency changes to routers in the network"

In the first sentence I'd probably say "periodic" instead of "weekly".

The second sentence should be "to make" instead of "to makes"


Another super-minor typo "A variety of forms of managemen"  is missing
the letter "t" in "management"