[secdir] Secdir review of draft-ietf-avtcore-monarch-17

Tina TSOU <Tina.Tsou.Zouting@huawei.com> Fri, 03 August 2012 17:43 UTC

Return-Path: <Tina.Tsou.Zouting@huawei.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id CED9521F8DE8; Fri, 3 Aug 2012 10:43:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.983
X-Spam-Status: No, score=-5.983 tagged_above=-999 required=5 tests=[AWL=0.616, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id xqc3XU1ehEiz; Fri, 3 Aug 2012 10:43:13 -0700 (PDT)
Received: from dfwrgout.huawei.com (dfwrgout.huawei.com []) by ietfa.amsl.com (Postfix) with ESMTP id 0539921F8DE7; Fri, 3 Aug 2012 10:43:12 -0700 (PDT)
Received: from (EHLO dfweml202-edg.china.huawei.com) ([]) by dfwrg01-dlp.huawei.com (MOS 4.2.3-GA FastPath) with ESMTP id AIQ99324; Fri, 03 Aug 2012 09:43:12 -0800 (PST)
Received: from DFWEML405-HUB.china.huawei.com ( by dfweml202-edg.china.huawei.com ( with Microsoft SMTP Server (TLS) id 14.1.323.3; Fri, 3 Aug 2012 10:41:26 -0700
Received: from DFWEML513-MBS.china.huawei.com ([]) by dfweml405-hub.china.huawei.com ([]) with mapi id 14.01.0323.003; Fri, 3 Aug 2012 10:41:20 -0700
From: Tina TSOU <Tina.Tsou.Zouting@huawei.com>
To: The IESG <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>, "draft-ietf-avtcore-monarch@tools.ietf.org" <draft-ietf-avtcore-monarch@tools.ietf.org>
Thread-Topic: Secdir review of draft-ietf-avtcore-monarch-17
Thread-Index: AQHNcZ8wwnHq2FsbBUKLVhmzYnYJXg==
Date: Fri, 3 Aug 2012 17:41:20 +0000
Message-ID: <C0E0A32284495243BDE0AC8A066631A81589262D@dfweml513-mbs.china.huawei.com>
References: <47091871-198D-4C5C-953A-919696F8CAFC@inria.fr>
In-Reply-To: <47091871-198D-4C5C-953A-919696F8CAFC@inria.fr>
Accept-Language: en-US, zh-CN
Content-Language: en-US
x-originating-ip: []
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Subject: [secdir] Secdir review of draft-ietf-avtcore-monarch-17
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Aug 2012 17:43:14 -0000


I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG.  These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments.

Draft-ietf-avtcore-monarch-17 as a whole provides useful advice. 
There are a number of editorial nits that will be provided to the authors in a separate E-mail.

Unfortunately, the Security Considerations section fails to appreciate both the more nuanced view and the contradiction exhibited by the same section of RFC 3611, to which it refers. On the one hand, the measurements reported in XR blocks could be sensitive and one might wish to provide them with confidentiality. On the other hand, intermediate parties may have legitimate reasons to view the measurements, so that end-to-end encryption is not always desirable.

It would be helpful for this document to discuss the trust models that might be encountered in operation, and how confidentiality and authorized usage could co-exist within these models. Of course, it may be legitimate to conclude that under some circumstances such coexistence may be impossible, and local policy may therefore be either to suppress the measurements or accept the consequences of their disclosure.