Re: [secdir] secdir review of draft-ietf-decade-problem-statement-05
Songhaibin <haibin.song@huawei.com> Thu, 22 March 2012 11:42 UTC
Return-Path: <haibin.song@huawei.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CCB1621F86AD; Thu, 22 Mar 2012 04:42:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Y0CgB-iUl9fd; Thu, 22 Mar 2012 04:42:45 -0700 (PDT)
Received: from dfwrgout.huawei.com (dfwrgout.huawei.com [206.16.17.72]) by ietfa.amsl.com (Postfix) with ESMTP id 3161321F86AB; Thu, 22 Mar 2012 04:42:45 -0700 (PDT)
Received: from 172.18.9.243 (EHLO dfweml202-edg.china.huawei.com) ([172.18.9.243]) by dfwrg01-dlp.huawei.com (MOS 4.2.3-GA FastPath) with ESMTP id AEP39025; Thu, 22 Mar 2012 07:42:44 -0400 (EDT)
Received: from DFWEML406-HUB.china.huawei.com (10.193.5.131) by dfweml202-edg.china.huawei.com (172.18.9.108) with Microsoft SMTP Server (TLS) id 14.1.323.3; Thu, 22 Mar 2012 04:40:02 -0700
Received: from SZXEML435-HUB.china.huawei.com (10.72.61.63) by dfweml406-hub.china.huawei.com (10.193.5.131) with Microsoft SMTP Server (TLS) id 14.1.323.3; Thu, 22 Mar 2012 04:40:01 -0700
Received: from SZXEML534-MBX.china.huawei.com ([169.254.2.30]) by szxeml435-hub.china.huawei.com ([::1]) with mapi id 14.01.0323.003; Thu, 22 Mar 2012 19:39:57 +0800
From: Songhaibin <haibin.song@huawei.com>
To: Leif Johansson <leifj@sunet.se>
Thread-Topic: secdir review of draft-ietf-decade-problem-statement-05
Thread-Index: AQHM/8ckkXYM1WOcX0uR8SdmSpAMmJZ1/Tbw//+sioCAAJGbEA==
Date: Thu, 22 Mar 2012 11:40:45 +0000
Message-ID: <E33E01DFD5BEA24B9F3F18671078951F1586BD77@szxeml534-mbx.china.huawei.com>
References: <4F5D0D74.5030209@sunet.se> <E33E01DFD5BEA24B9F3F18671078951F1586BC89@szxeml534-mbx.china.huawei.com> <4F6B00CB.40707@sunet.se>
In-Reply-To: <4F6B00CB.40707@sunet.se>
Accept-Language: en-US, zh-CN
Content-Language: zh-CN
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.138.41.129]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Cc: "secdir@ietf.org" <secdir@ietf.org>, "Woundy, Richard" <Richard_Woundy@cable.comcast.com>, "draft-ietf-decade-problem-statement.all@tools.ietf.org" <draft-ietf-decade-problem-statement.all@tools.ietf.org>, "iesg@ietf.org" <iesg@ietf.org>
Subject: Re: [secdir] secdir review of draft-ietf-decade-problem-statement-05
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Mar 2012 11:42:45 -0000
Hi Leif, I do not say your suggestion is wrong. Instead, I think your comment is very reasonable. I say this is the problem statement draft, I admit we are going to dig a little deeper with the potential threats in our context (without an architecture as the basis), but these threats are not going to be solved here, they will be considered when designing the architecture document. BR, -Haibin > -----Original Message----- > From: Leif Johansson [mailto:leifj@sunet.se] > Sent: Thursday, March 22, 2012 6:37 PM > To: Songhaibin > Cc: draft-ietf-decade-problem-statement.all@tools.ietf.org; iesg@ietf.org; > secdir@ietf.org > Subject: Re: secdir review of draft-ietf-decade-problem-statement-05 > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 03/22/2012 08:44 AM, Songhaibin wrote: > > Thank you Leif, > > > >> My main problem with the draft is that the Security > >> Considerations Section is weak. I would have liked a more > >> in-depth analysis of the enumerated threats in the context of > >> decade. For instance the privacy aspects of using in-network > >> storage for P2P networks is only covered briefly as part of a > >> discussion on traffic analysis. > > > > Because many of the security threats are not very special compared > > to other client-server interactions, so we did not give much > > analysis there, but only quote the potential threats here. But we > > will try to think a little more deeper. > > > > I think thats where we disagree. My argument is that since some of > the architecture is invalidated by common solutions to the usual > threat vectors (eg e2e encryption). > > Cheers Leif > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.11 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iEYEARECAAYFAk9rAMYACgkQ8Jx8FtbMZndKTQCfRPosiDyR8qVxzVv5mxOCZybE > 7ggAnjrKN/BC5ZL5F5I/5griYLcwnTa/ > =dAdC > -----END PGP SIGNATURE-----
- [secdir] secdir review of draft-ietf-decade-probl… Leif Johansson
- Re: [secdir] secdir review of draft-ietf-decade-p… Songhaibin
- Re: [secdir] secdir review of draft-ietf-decade-p… Leif Johansson
- Re: [secdir] secdir review of draft-ietf-decade-p… Songhaibin
- Re: [secdir] secdir review of draft-ietf-decade-p… Leif Johansson
- Re: [secdir] secdir review of draft-ietf-decade-p… David Harrington