[secdir] Review of draft-ietf-core-groupcomm-21
Shawn M Emery <shawn.emery@oracle.com> Sat, 09 August 2014 02:24 UTC
Return-Path: <shawn.emery@oracle.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9DE841A0A9D for <secdir@ietfa.amsl.com>; Fri, 8 Aug 2014 19:24:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Mrzguq3ZcTGe for <secdir@ietfa.amsl.com>; Fri, 8 Aug 2014 19:24:23 -0700 (PDT)
Received: from userp1040.oracle.com (userp1040.oracle.com [156.151.31.81]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 301671A0A9C for <secdir@ietf.org>; Fri, 8 Aug 2014 19:24:23 -0700 (PDT)
Received: from acsinet22.oracle.com (acsinet22.oracle.com [141.146.126.238]) by userp1040.oracle.com (Sentrion-MTA-4.3.2/Sentrion-MTA-4.3.2) with ESMTP id s792OLZL013423 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Sat, 9 Aug 2014 02:24:22 GMT
Received: from userz7022.oracle.com (userz7022.oracle.com [156.151.31.86]) by acsinet22.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id s792OKke014726 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sat, 9 Aug 2014 02:24:21 GMT
Received: from abhmp0004.oracle.com (abhmp0004.oracle.com [141.146.116.10]) by userz7022.oracle.com (8.14.5+Sun/8.14.4) with ESMTP id s792OJZa000996; Sat, 9 Aug 2014 02:24:19 GMT
Received: from shawn-emerys-computer.local (/75.166.175.246) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Fri, 08 Aug 2014 19:24:18 -0700
Message-ID: <53E5864D.7040809@oracle.com>
Date: Fri, 08 Aug 2014 20:24:13 -0600
From: Shawn M Emery <shawn.emery@oracle.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:31.0) Gecko/20100101 Thunderbird/31.0
MIME-Version: 1.0
To: secdir@ietf.org
References: <53E1937A.9000502@oracle.com>
In-Reply-To: <53E1937A.9000502@oracle.com>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Source-IP: acsinet22.oracle.com [141.146.126.238]
Archived-At: http://mailarchive.ietf.org/arch/msg/secdir/jtvAS-y4SoIBB0dhTqeRfQMl9aE
Cc: draft-ietf-core-groupcomm.all@tools.ietf.org
Subject: [secdir] Review of draft-ietf-core-groupcomm-21
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 09 Aug 2014 02:24:24 -0000
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This informational draft provides guidance on CoAP (Constrained Application Protocol) communication when using multiple recipients (i.e. multicast). The security considerations section does exist and does disclose that CoAP group communication (i.e. multicast transmissions) does lack a security mode and references RFC 7252 for the various attacks. CoAP relies upon DTLS, which does not currently have a standardized solution for multicast communication. The draft goes on to state the various threats and how to mitigate against said attacks. It discusses possible future methods to protect multicast transmissions, such as draft-keoh-dice-multicast-security. The security considerations does also have a separate section on pervasive monitoring, which I thought was a good idea, but not just for this draft... General comments: None. Editorial comments: Please expand the first occurrence of CoAP, unless it's in the common abbreviations list. Shawn. --
- Re: [secdir] Review of draft-ietf-trill-irb-13 Shawn M Emery
- Re: [secdir] Review of draft-ietf-trill-irb-13 Donald Eastlake
- [secdir] Review of draft-ietf-tictoc-security-req… Shawn M Emery
- [secdir] Review of draft-ietf-core-groupcomm-21 Shawn M Emery
- Re: [secdir] Review of draft-ietf-core-groupcomm-… Rahman, Akbar
- Re: [secdir] Review of draft-ietf-trill-irb-13 Donald Eastlake
- Re: [secdir] Review of draft-ietf-trill-irb-13 Shawn M Emery
- Re: [secdir] Review of draft-ietf-trill-irb-13 Donald Eastlake
- [secdir] Review of draft-ietf-trill-irb-13 Shawn M Emery
- [secdir] Review of draft-ietf-l3vpn-mvpn-mldp-nlr… Shawn M Emery
- [secdir] Review of draft-ietf-aqm-recommendation-… Shawn M Emery
- [secdir] Review of draft-ietf-ccamp-rwa-wson-enco… Shawn M Emery
- [secdir] Secdir review of draft-ietf-nfsv4-lfs-re… Dacheng
- Re: [secdir] Review of draft-ietf-ccamp-rwa-wson-… Moriarty, Kathleen
- [secdir] Review of draft-ietf-manet-tlv-naming-02 Shawn M Emery
- [secdir] Review of draft-ietf-precis-nickname-18 Shawn M Emery
- [secdir] Review of draft-ietf-pwe3-iccp-stp-04 Shawn M Emery
- Re: [secdir] Review of draft-ietf-pwe3-iccp-stp-04 Mingui Zhang
- [secdir] Review of draft-ietf-dnsop-qname-minimis… Shawn M Emery
- Re: [secdir] Review of draft-ietf-dnsop-qname-min… Stephane Bortzmeyer
- [secdir] Review of draft-ietf-tcpm-undeployed-03 Shawn M Emery
- [secdir] Secdir review of draft-ietf-netconf-yang… Dacheng
- [secdir] Review of draft-ietf-bfd-seamless-base-09 Shawn M Emery
- Re: [secdir] Review of draft-ietf-bfd-seamless-ba… Carlos Pignataro (cpignata)
- [secdir] Review of draft-ietf-mpls-entropy-lsp-pi… Shawn M Emery
- Re: [secdir] Review of draft-ietf-mpls-entropy-ls… Andrew G. Malis
- Re: [secdir] Review of draft-ietf-mpls-entropy-ls… Carlos Pignataro (cpignata)
- [secdir] Review of draft-ietf-payload-rtp-ancilla… Shawn M Emery
- Re: [secdir] Review of draft-ietf-payload-rtp-anc… Thomas Edwards
- Re: [secdir] Review of draft-ietf-payload-rtp-anc… Shawn M Emery
- [secdir] Review of draft-ietf-trill-rfc6439bis-03 Shawn M Emery
- Re: [secdir] Review of draft-ietf-trill-rfc6439bi… Donald Eastlake
- Re: [secdir] Review of draft-ietf-trill-rfc6439bi… Shawn M Emery
- Re: [secdir] Review of draft-ietf-trill-rfc6439bi… Donald Eastlake
- Re: [secdir] Review of draft-ietf-trill-rfc6439bi… Shawn M Emery
- Re: [secdir] Review of draft-ietf-trill-rfc6439bi… Donald Eastlake