[secdir] Secdir review of draft-ietf-taps-transports-usage-06
Derrell Piper <derrell.piper@gmail.com> Wed, 06 September 2017 20:12 UTC
Return-Path: <derrell.piper@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1D9E5126B7E; Wed, 6 Sep 2017 13:12:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gDuzEvFvZ3cO; Wed, 6 Sep 2017 13:12:47 -0700 (PDT)
Received: from mail-yw0-x234.google.com (mail-yw0-x234.google.com [IPv6:2607:f8b0:4002:c05::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9B56B132031; Wed, 6 Sep 2017 13:12:47 -0700 (PDT)
Received: by mail-yw0-x234.google.com with SMTP id q80so249379ywg.2; Wed, 06 Sep 2017 13:12:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to:cc; bh=eNr6jNC6V8CcXXQAdXNEcXVttCSqAIAuqwVq6S2dytY=; b=grcMvj52opmdhlPt5S5CT6uk/WqjnM//Sdqi8lkZl/Dx1ken9tYw3S18MuKz1ww35z 9JvRMhUPFGtjiAaUI0EK2jWdjBtkJigi8vPRyRs9ipYB24J/yITPj39yD08gj549h+bE zgVWocKK00hVgBfsRMY4fdA6L1mQbtLqJBDFEcaP3T3P2qzqez4pG3+897BXYfyLqojw 2x2Mq90GNveTLSK37DruWoMu2/w+DqL7lmap0Ha9lJc7ctH4+QkrprAt5UWPID/fp0UA 3vo/EViEY17pCW2GMqiyFod3c+Md5APoWCk4O/fARwbSVPtGeYXrsQigeAo50mIS1+zU 9HYA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc; bh=eNr6jNC6V8CcXXQAdXNEcXVttCSqAIAuqwVq6S2dytY=; b=FflC82R4yEb8wZNqMLNTJvbnc8fdYdM/YhVVNnKUJu1OfNfugwGsuGD93kQxl4YvTA 4BMjAOnkp+a3dYbBgz9KJlEpwZhYGFSJz/fpS31QE5ZSdX5h02kvwDA0yyna53FkEpjd p7gChT2gN6LZOJNbD/yYZ+srtTBxXbJuDDx7L3eoKHc4aUswz9crhAtjQbxspIld/6SU Zr/RwowlPDH8CF1slPexuePFg0QYKd3gloBcw0MQ9FrbgI1xaETVh8gVDoRioxyS1h8h V6eJvJ/gaYD7sxMJIR/ywx0jz4e5XaFkKMZYqjGb+KXIta/5rSQKRGGLkTbXcbdCIm0P HnLA==
X-Gm-Message-State: AHPjjUiE/kalZF6hMoGb1g/vzYHaLv32NohN6sAvkw6fo7W28E5pPrLn 1wGOHOa9MP0UhdITxoJi2RMm/9HZDg==
X-Google-Smtp-Source: ADKCNb7Mz/ICW00zhw4dpTa2GCY1U7owAZ1ISuxewU0Abcvb/f4Gi0PLdSumlYmvStUMbgdlLIsR1b0FugNIWyTEBos=
X-Received: by 10.37.122.130 with SMTP id v124mr315278ybc.308.1504728766738; Wed, 06 Sep 2017 13:12:46 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.129.102.130 with HTTP; Wed, 6 Sep 2017 13:12:46 -0700 (PDT)
From: Derrell Piper <derrell.piper@gmail.com>
Date: Wed, 06 Sep 2017 13:12:46 -0700
Message-ID: <CAHk=RNuiVz9d7WkPXZG4fdJkJmn0751d1SEM=QcsAMAw1qNsHg@mail.gmail.com>
To: "secdir@ietf.org" <secdir@ietf.org>, The IESG <iesg@ietf.org>
Cc: draft-ietf-taps-transports-usage.all@tools.ietf.org
Content-Type: multipart/alternative; boundary="001a114baff09ffc4e05588af776"
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/jBVgRvtNYZ4Z9RvCftThTrL6UMg>
X-Mailman-Approved-At: Thu, 14 Sep 2017 11:32:20 -0700
Subject: [secdir] Secdir review of draft-ietf-taps-transports-usage-06
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Sep 2017 20:26:30 -0000
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. The summary of the review is Ready with Nits. Since I'm not following TAPS or most of this, I reviewed the ediff's between -05, -06, -07, and this version -08. There were no changes from -07, so -06 was the last relevant version. Radia's comments from her review of -05 were succint, so I'll just quote them: This informational document contains tutorial information on the use of the sockets API to send and receive data over the UDP and UDP-lite protocols. It is apparently part of an effort to write tutorial descriptions of APIs to all IETF-standardized transport protocols. This document refers the reader to the standards for all security considerations. That is probably appropriate. It’s always difficult to decide what information to include and what to exclude in a tutorial. I would have liked an explanation of how the sender knows whether to request UDP or UDP-lite, since it doesn't look like UDP-lite would be compatible with something that only speaks UDP. Section 3.4 has been expanded upon presumably to address her second point. I'm still not sure it gives the reader enough information to choose between all these things, but it was basically informative, even if it seems to raise more questions than it answers. Considering that this document doesn't even reference D/TLS or QUIC, I guess it's fine for what it is, but I would have preferred more text in the Security Considerations section and I guess more text overall about when these things are useful.
- [secdir] Secdir review of draft-ietf-taps-transpo… Derrell Piper