[secdir] Secdir review of draft-ietf-taps-transports-11
"Paul Hoffman" <paul.hoffman@vpnc.org> Sat, 10 September 2016 23:47 UTC
Return-Path: <paul.hoffman@vpnc.org>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C1D1012B1B2; Sat, 10 Sep 2016 16:47:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 927lSfFwLX6B; Sat, 10 Sep 2016 16:47:08 -0700 (PDT)
Received: from mail.proper.com (Opus1.Proper.COM [207.182.41.91]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DC7B8126579; Sat, 10 Sep 2016 16:47:07 -0700 (PDT)
Received: from [10.32.60.33] (50-1-99-230.dsl.dynamic.fusionbroadband.com [50.1.99.230]) (authenticated bits=0) by mail.proper.com (8.15.2/8.14.9) with ESMTPSA id u8ANl39k026584 (version=TLSv1 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sat, 10 Sep 2016 16:47:04 -0700 (MST) (envelope-from paul.hoffman@vpnc.org)
X-Authentication-Warning: mail.proper.com: Host 50-1-99-230.dsl.dynamic.fusionbroadband.com [50.1.99.230] claimed to be [10.32.60.33]
From: Paul Hoffman <paul.hoffman@vpnc.org>
To: secdir <secdir@ietf.org>
Date: Sat, 10 Sep 2016 16:47:03 -0700
Message-ID: <26279EC7-C98E-4BED-8205-46C21D4DA370@vpnc.org>
MIME-Version: 1.0
Content-Type: text/plain; format="flowed"
X-Mailer: MailMate (1.9.4r5234)
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/jgQCqY1DQJ-W8wMIFcN1D_E8JTU>
Cc: draft-ietf-taps-transports.all@ietf.org
Subject: [secdir] Secdir review of draft-ietf-taps-transports-11
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 10 Sep 2016 23:47:08 -0000
Greetings. draft-ietf-taps-transports, "Services provided by IETF transport protocols and congestion control mechanisms", is an informational overview of a large number of transport protocols. It does not change any of the protocols, just compares them. The Security Considerations section says "This document does not specify any new features or mechanisms for providing these features", which is appropriate and correct. In addition, Section 5, which collects some of the comparisons of features, lists security features and says which of the transport protocols support them. In that list, it says that replay protection is offered by FLUTE/ALC and DTLS, but does not list TLS. That seems like an oversight because DTLS and TLS offer similar replay semantics. (The rest of the list seems sensible.) --Paul Hoffman
- [secdir] Secdir review of draft-ietf-taps-transpo… Paul Hoffman