[secdir] secdir review of draft-ietf-appsawg-rfc5451bis

Tobias Gondrom <tobias.gondrom@gondrom.org> Wed, 03 July 2013 12:21 UTC

Return-Path: <tobias.gondrom@gondrom.org>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 35D4521F9C19 for <secdir@ietfa.amsl.com>; Wed, 3 Jul 2013 05:21:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -95.361
X-Spam-Status: No, score=-95.361 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FM_DDDD_TIMES_2=1.999, HELO_DYNAMIC_IPADDR=2.426, HELO_EQ_DE=0.35, HTML_MESSAGE=0.001, RDNS_DYNAMIC=0.1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id m4+ZKgo58PAY for <secdir@ietfa.amsl.com>; Wed, 3 Jul 2013 05:20:58 -0700 (PDT)
Received: from lvps176-28-13-69.dedicated.hosteurope.de (lvps176-28-13-69.dedicated.hosteurope.de []) by ietfa.amsl.com (Postfix) with ESMTP id 5B36611E8196 for <secdir@ietf.org>; Wed, 3 Jul 2013 05:20:57 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=gondrom.org; b=YeFj8CPO/ElktePTpqaMEQC7cC0aSHnbdXfFAF6urqWnPg5PFjibslzJGcQhEnHSkt51+GRvTkKW+Rwju/LZ1MxCG5OZgF9TZf+04OmjNC8wdtCfM4IEtjndeHVQGhSq; h=Received:Received:Message-ID:Date:From:User-Agent:MIME-Version:To:Subject:X-Enigmail-Version:Content-Type;
Received: (qmail 11832 invoked from network); 3 Jul 2013 14:20:54 +0200
Received: from d1-162-57-143-118-on-nets.com (HELO ? ( by lvps176-28-13-69.dedicated.hosteurope.de with ESMTPSA (DHE-RSA-AES256-SHA encrypted, authenticated); 3 Jul 2013 14:20:54 +0200
Message-ID: <51D41722.8080900@gondrom.org>
Date: Wed, 03 Jul 2013 20:20:50 +0800
From: Tobias Gondrom <tobias.gondrom@gondrom.org>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130623 Thunderbird/17.0.7
MIME-Version: 1.0
To: secdir@ietf.org, iesg@ietf.org, draft-ietf-appsawg-rfc5451bis.all@tools.ietf.org
X-Enigmail-Version: 1.5.1
Content-Type: multipart/alternative; boundary="------------010805030407070205070605"
Subject: [secdir] secdir review of draft-ietf-appsawg-rfc5451bis
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Jul 2013 12:21:06 -0000

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the IESG.
These comments were written primarily for the benefit of the security
area directors. Document editors and WG chairs should treat these
comments ust like any other last call comments.

This ID is Standards Track and specifies specifies a header field for
use with electronic mail messages to indicate the results of message
authentication efforts.

I believe the security implications have been evaluated sufficiently in
the security considerations sections and think the draft is ok to proceed.

One personal comment IMHO:
the security considerations rely heavily on the established trust
boundary. However in section 1.2 it is declared that "How this trust is
obtained is outside the scope of this document.  It is entirely a local
matter."  So the document itself is ok, but I feel that this "local
matter" of establishing and ensuring this trust is an essential
pre-requisite for a secure system.

Best regards, Tobias