[secdir] Secdir review of draft-ietf-taps-transports-11

"Paul Hoffman" <paul.hoffman@vpnc.org> Sat, 10 September 2016 23:47 UTC

Return-Path: <paul.hoffman@vpnc.org>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C1D1012B1B2; Sat, 10 Sep 2016 16:47:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 927lSfFwLX6B; Sat, 10 Sep 2016 16:47:08 -0700 (PDT)
Received: from mail.proper.com (Opus1.Proper.COM [207.182.41.91]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DC7B8126579; Sat, 10 Sep 2016 16:47:07 -0700 (PDT)
Received: from [10.32.60.33] (50-1-99-230.dsl.dynamic.fusionbroadband.com [50.1.99.230]) (authenticated bits=0) by mail.proper.com (8.15.2/8.14.9) with ESMTPSA id u8ANl39k026584 (version=TLSv1 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sat, 10 Sep 2016 16:47:04 -0700 (MST) (envelope-from paul.hoffman@vpnc.org)
X-Authentication-Warning: mail.proper.com: Host 50-1-99-230.dsl.dynamic.fusionbroadband.com [50.1.99.230] claimed to be [10.32.60.33]
From: "Paul Hoffman" <paul.hoffman@vpnc.org>
To: secdir <secdir@ietf.org>
Date: Sat, 10 Sep 2016 16:47:03 -0700
Message-ID: <26279EC7-C98E-4BED-8205-46C21D4DA370@vpnc.org>
MIME-Version: 1.0
Content-Type: text/plain; format=flowed
X-Mailer: MailMate (1.9.4r5234)
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/jgQCqY1DQJ-W8wMIFcN1D_E8JTU>
Cc: draft-ietf-taps-transports.all@ietf.org
Subject: [secdir] Secdir review of draft-ietf-taps-transports-11
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 10 Sep 2016 23:47:08 -0000

Greetings. draft-ietf-taps-transports, "Services provided by IETF 
transport protocols and congestion control mechanisms", is an 
informational overview of a large number of transport protocols. It does 
not change any of the protocols, just compares them.

The Security Considerations section says "This document does not specify 
any new features or mechanisms for providing these features", which is 
appropriate and correct. In addition, Section 5, which collects some of 
the comparisons of features, lists security features and says which of 
the transport protocols support them. In that list, it says that replay 
protection is offered by FLUTE/ALC and DTLS, but does not list TLS. That 
seems like an oversight because DTLS and TLS offer similar replay 
semantics. (The rest of the list seems sensible.)

--Paul Hoffman