[secdir] secdir review of draft-cheshire-dnsext-nbp-09.txt

Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de> Mon, 01 November 2010 09:46 UTC

Return-Path: <j.schoenwaelder@jacobs-university.de>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 0ADD03A67B3; Mon, 1 Nov 2010 02:46:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -99.649
X-Spam-Level:
X-Spam-Status: No, score=-99.649 tagged_above=-999 required=5 tests=[BAYES_50=0.001, HELO_EQ_DE=0.35, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TWpAD-upXWCa; Mon, 1 Nov 2010 02:46:28 -0700 (PDT)
Received: from hermes.jacobs-university.de (hermes.jacobs-university.de [212.201.44.23]) by core3.amsl.com (Postfix) with ESMTP id 0C4BE3A67E5; Mon, 1 Nov 2010 02:46:28 -0700 (PDT)
Received: from localhost (demetrius4.jacobs-university.de [212.201.44.49]) by hermes.jacobs-university.de (Postfix) with ESMTP id 8D1B6C004A; Mon, 1 Nov 2010 10:46:28 +0100 (CET)
X-Virus-Scanned: amavisd-new at jacobs-university.de
Received: from hermes.jacobs-university.de ([212.201.44.23]) by localhost (demetrius4.jacobs-university.de [212.201.44.32]) (amavisd-new, port 10024) with ESMTP id apx8iRs+fsEk; Mon, 1 Nov 2010 10:46:27 +0100 (CET)
Received: from elstar.local (elstar.iuhb02.iu-bremen.de [10.50.231.133]) by hermes.jacobs-university.de (Postfix) with ESMTP id 6539FC0051; Mon, 1 Nov 2010 10:46:24 +0100 (CET)
Received: by elstar.local (Postfix, from userid 501) id 49EFE158C311; Mon, 1 Nov 2010 10:46:24 +0100 (CET)
Date: Mon, 1 Nov 2010 10:46:24 +0100
From: Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>
To: iesg@ietf.org, secdir@ietf.org, draft-cheshire-dnsext-nbp.all@tools.ietf.org
Message-ID: <20101101094624.GC29846@elstar.local>
Mail-Followup-To: iesg@ietf.org, secdir@ietf.org, draft-cheshire-dnsext-nbp.all@tools.ietf.org
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.5.21 (2010-09-15)
Subject: [secdir] secdir review of draft-cheshire-dnsext-nbp-09.txt
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Nov 2010 09:46:29 -0000

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

The informational draft discusses requirements for a IP replacement of
AppleTalk's Name Binding Protocol (NBP). As an individual submission,
there is likely little value in commenting on the content. However, I
would have appreciated if the authors would have discussed security as
a requirement for an NBP replacement. I know that flexible discovery
is often pretty much as odd with security, having "security measures
appropriate to the environment in which" an NBP replacement "will be
used" could have been an explicit requirement.

Editorial nit:

On page 9, the DNS name "printer1.ietf.org" should probably changed to
"printer1.example.com".

/js

-- 
Juergen Schoenwaelder           Jacobs University Bremen gGmbH
Phone: +49 421 200 3587         Campus Ring 1, 28759 Bremen, Germany
Fax:   +49 421 200 3103         <http://www.jacobs-university.de/>