[secdir] SecDir review of draft-ietf-ccamp-assoc-info-03
Yoav Nir <ynir@checkpoint.com> Sun, 13 May 2012 06:46 UTC
Return-Path: <ynir@checkpoint.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A7FE121F85D3; Sat, 12 May 2012 23:46:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.411
X-Spam-Level:
X-Spam-Status: No, score=-10.411 tagged_above=-999 required=5 tests=[AWL=0.188, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6-bJIF8pQeO0; Sat, 12 May 2012 23:46:38 -0700 (PDT)
Received: from michael.checkpoint.com (smtp.checkpoint.com [194.29.34.68]) by ietfa.amsl.com (Postfix) with ESMTP id C96C521F85A5; Sat, 12 May 2012 23:46:37 -0700 (PDT)
Received: from il-ex01.ad.checkpoint.com (il-ex01.ad.checkpoint.com [194.29.34.26]) by michael.checkpoint.com (8.13.8/8.13.8) with ESMTP id q4D6kYM3005131; Sun, 13 May 2012 09:46:34 +0300
X-CheckPoint: {4FAF660F-1-1B221DC2-2FFFF}
Received: from il-ex03.ad.checkpoint.com (194.29.34.71) by il-ex01.ad.checkpoint.com (194.29.34.26) with Microsoft SMTP Server (TLS) id 8.3.213.0; Sun, 13 May 2012 09:46:34 +0300
Received: from il-ex01.ad.checkpoint.com ([126.0.0.2]) by il-ex03.ad.checkpoint.com ([194.29.34.71]) with mapi; Sun, 13 May 2012 09:46:32 +0300
From: Yoav Nir <ynir@checkpoint.com>
To: "ietf@ietf.org list" <ietf@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>, "draft-ietf-ccamp-assoc-info@tools.ietf.org" <draft-ietf-ccamp-assoc-info@tools.ietf.org>
Date: Sun, 13 May 2012 09:46:39 +0300
Thread-Topic: SecDir review of draft-ietf-ccamp-assoc-info-03
Thread-Index: Ac0w1CH59UUTwht/T5yyQqZVlWAu/w==
Message-ID: <329567CB-2EC4-4D9A-8E52-5D9D22C24417@checkpoint.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-KSE-AntiSpam-Interceptor-Info: protection disabled
X-KSE-Antivirus-Interceptor-Info: scan successful
X-KSE-Antivirus-Info: Clean
Subject: [secdir] SecDir review of draft-ietf-ccamp-assoc-info-03
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 13 May 2012 06:46:38 -0000
Hi, I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. The document does not define any new procedures or mechanisms, and mentions this fact three times throughout the document. It formalizes an email by Adrian Farrel clarifying the procedures for processing an ASSOCIATION object on a path message. The security considerations section repeats that the document does not define new procedures, and concludes that no security considerations are added. This is not a valid deduction, as clarification often involves prohibiting non-functional or insecure interpretation of the original document text. However, in this case the clarification is not about such insecure configurations, so the document is fine. One textual comment, though: section 2.2 near the bottom of page #5 lists 3 possible values for association ID. The second option is "The LSP ID of the LSP protecting an LSP". This is not clear. I suggest rewording as "The LSP ID of the protecting LSP" without an indefinite "an LSP". Yoav