[secdir] Secdir review of draft-ietf-i2rs-traceability

Watson Ladd <watsonbladd@gmail.com> Sat, 30 April 2016 14:26 UTC

Return-Path: <watsonbladd@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B215612D13B; Sat, 30 Apr 2016 07:26:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5cH05N5Yak4F; Sat, 30 Apr 2016 07:26:12 -0700 (PDT)
Received: from mail-vk0-x236.google.com (mail-vk0-x236.google.com [IPv6:2607:f8b0:400c:c05::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 33BAC12D107; Sat, 30 Apr 2016 07:26:08 -0700 (PDT)
Received: by mail-vk0-x236.google.com with SMTP id m188so20840171vka.1; Sat, 30 Apr 2016 07:26:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to; bh=F0ecc1gGXJnOnvELC6MxFvlL91Dmdbzo3YNq9krfNBg=; b=PrgXrain7rRTPNqN1Z13kJFJlhGRP5CUVs0tMPc2cASPapOCd7xO+nd5iVcZHMUSJr cv+HQwsNyBE5Oy0ocWLCpYSpvo6wZ8lza9J1e/LvmBS7Aj12KnqIugyR69cdQ5f+qdLE Qsu/bUdwaRJl+ZN817Tu28wJ9FolR6vIudXv9bcLAuWUB3i97tgU/mX2T6z2XWEBYBuy adxnCPiSOFcf4bNPRNls3FYDTWhjwMSHETaF83YGIaBHhPvLm/SX3L6Gib6ehgItqEia UfnM2kvvE2XDVOJwcXlybzDEMHkEYr3Dj3LJb4S8fAGLSm/DvMejDwmRMJDaX2x6m0dn RS9g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:date:message-id:subject:from:to; bh=F0ecc1gGXJnOnvELC6MxFvlL91Dmdbzo3YNq9krfNBg=; b=FPaLWlx63QXRRT03OGKjTH4vIodcafzGoLPzc5H31tow7QttAycAG3OItk0+84lH5g D8gVCk6zn39AvhqoI+53ri0PaS6+pL70fBk8TcHfpi4bqZFY3E9xPo2uqnk8Jvuq894l XQtynF/vHWpTvPAj5x0WSz5z+Uv9znHBoaY4U81/z7FNV4E4avcjQPkvAeZcufgaWD+H mbaOIC4Bs5jXEJxn2tEL5DK4JljatbtlBIFCk8gfRGUhuct+yk+0PRbnMEv/QrpUbi9G +xj1rwuG/wySZ5Ts5eVoS8O7ONzB4QGd0vQYcwNWVRUquA7VOiWClDuPKMiX5cD4cFF2 4hbg==
X-Gm-Message-State: AOPr4FWJumKHitNzbvaMnAztlcDXR7Ny7ZlLtP4VuHfB4i3M5Uus1EmPSoVOI00uN3K960PP8xWJUNL/oMCHXA==
MIME-Version: 1.0
X-Received: by 10.31.58.80 with SMTP id h77mr2350009vka.149.1462026367994; Sat, 30 Apr 2016 07:26:07 -0700 (PDT)
Received: by 10.176.64.68 with HTTP; Sat, 30 Apr 2016 07:26:07 -0700 (PDT)
Date: Sat, 30 Apr 2016 07:26:07 -0700
Message-ID: <CACsn0cnKf+vJtooh76B+Fnb8R5fjR8rPTFC1PzeghdpxcoqsdQ@mail.gmail.com>
From: Watson Ladd <watsonbladd@gmail.com>
To: secdir@ietf.org, "<iesg@ietf.org>" <iesg@ietf.org>, draft-ietf-i2rs-traceability.all@ietf.org
Content-Type: text/plain; charset=UTF-8
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/iOX-5JaOQgZdzCw1VWyaD3jVKk8>
Subject: [secdir] Secdir review of draft-ietf-i2rs-traceability
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 30 Apr 2016 14:26:13 -0000

Dear all,

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

In my opinion the document is ready. It describes what data should be logged.

While the security considerations section mentions the privacy impact
of the data in the logs, it doesn't mention the value of the
information in the logs for event reconstruction, which is mentioned
in the text. I don't see a lot of space for problems here, but maybe I
didn't see them.

Sincerely,
Watson Ladd