Re: [secdir] Secdir last call review of draft-ietf-regext-unhandled-namespaces

"Gould, James" <jgould@verisign.com> Mon, 22 February 2021 16:41 UTC

Return-Path: <jgould@verisign.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C46693A09DE; Mon, 22 Feb 2021 08:41:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.398
X-Spam-Level:
X-Spam-Status: No, score=-4.398 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=verisign.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5TMfuRApgbrx; Mon, 22 Feb 2021 08:41:19 -0800 (PST)
Received: from mail2.verisign.com (mail2.verisign.com [72.13.63.31]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4CC883A1E26; Mon, 22 Feb 2021 08:41:07 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=verisign.com; l=19962; q=dns/txt; s=VRSN; t=1614012068; h=from:to:subject:date:message-id:references:in-reply-to: mime-version; bh=DY7LprpCRBKN6+VHTJzYs3nWDdgJ020xczSuAqfYViI=; b=djUx9MXfv676HTnyNMWxtEv5b/DydJe2TTo0m6bbCIQuPMvL6MlrZkS2 2lovVTy1PSseGeJeXNnnM1yKixgOCEtB2OIw+vOytGtqbs10IRXb2nOjO us+Z7L53cMTKfwnFK8jO2lzoAn3YjZcQzlRW09+NmKdIRQOJF7zclfqlG m40C4Y89lBP+4RQ9yDLhg++REB9F0x7MD/POqkkYn8rFH6VywDWRvRucj GnMO9hpEcAVQSBmSimflVovPThmH/+fjJ7YxJcI1GOzuHVoWtbjoFYWy3 ACK1dUQmBrXyvYacctrDognNygdbPePFRHq0Y6A43L0XOx6yB/rNRbXrr Q==;
IronPort-SDR: 3BLkUXzAGRdFEnv7Jc9Krwq1alNHiXpvrnJUABnUBv4oV7/j6GI0CHiMas+CclU+PofuBSgfsQ ELU6GKVoQXTmJIFEjpfb6PsGIypmrLmKOkQB8dzVzjdYkq6Nf0Q/AJzuNOj4ZYu4NOC41uQqPD Dz8MyrVnXf9xXFQaK4PAMINkK4fsvEX6ZgFTP8aIW/MaXN6iiWUkFsVGSJ/bfhqW9UXdA+ldbF GFnBsY/+QWJLFKnyocI3wSRkswovWggv4qT7nKPe6e6uHT9uoWYg+Oyd+bvfUkcdYs6uJTsODY iaA=
X-IronPort-AV: E=Sophos;i="5.81,197,1610409600"; d="png'150?scan'150,208,217,150";a="4900952"
Received: from BRN1WNEX01.vcorp.ad.vrsn.com (10.173.153.48) by BRN1WNEX01.vcorp.ad.vrsn.com (10.173.153.48) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2176.2; Mon, 22 Feb 2021 11:41:05 -0500
Received: from BRN1WNEX01.vcorp.ad.vrsn.com ([fe80::a89b:32d6:b967:337d]) by BRN1WNEX01.vcorp.ad.vrsn.com ([fe80::a89b:32d6:b967:337d%4]) with mapi id 15.01.2176.002; Mon, 22 Feb 2021 11:41:05 -0500
From: "Gould, James" <jgould@verisign.com>
To: "TirumaleswarReddy_Konda@McAfee.com" <TirumaleswarReddy_Konda@McAfee.com>, "secdir@ietf.org" <secdir@ietf.org>, "regext@ietf.org" <regext@ietf.org>, "draft-ietf-regext-unhandled-namespaces.all@ietf.org" <draft-ietf-regext-unhandled-namespaces.all@ietf.org>
Thread-Topic: Secdir last call review of draft-ietf-regext-unhandled-namespaces
Thread-Index: AdcIRsEdMoPcgxXERhinE+RBwxlfZwA8sIaA
Date: Mon, 22 Feb 2021 16:41:05 +0000
Message-ID: <84410DC5-0D46-4EAF-88F6-BB390902A0CD@verisign.com>
References: <PH0PR16MB41184F173F51F983010FAD1AEA829@PH0PR16MB4118.namprd16.prod.outlook.com>
In-Reply-To: <PH0PR16MB41184F173F51F983010FAD1AEA829@PH0PR16MB4118.namprd16.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.41.20091302
x-originating-ip: [10.170.148.18]
Content-Type: multipart/related; boundary="_004_84410DC50D464EAF88F6BB390902A0CDverisigncom_"; type="multipart/alternative"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/mQ692IMNcab3L3XYCCULYBixPOo>
Subject: Re: [secdir] Secdir last call review of draft-ietf-regext-unhandled-namespaces
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Feb 2021 16:41:21 -0000

Tiru,


In re-looking at it, it was intended to reference the set of normative EPP RFC’s used in the draft, which originally included RFC 5730, 5731, 3915, 5910, and 8590.  We moved all of the EPP RFCs 3915, 5910, and 8590 from normative references to informational references because they’re only used in the examples, which leaves the RFC 5730 and 5731 normative references.  I believe that the RFC 5731 normative reference can also be made an informational reference, since it’s only used in the examples.  If that was to be done, it would only leave RFC 5730, which is the target of the statement in the Security Considerations section.  This is a long way of proposing moving RFC 5731 to be informational and remove the second sentence “The security considerations described in these other specifications apply to this specification as well. “ from the Security Considerations section, since the first sentence covers RFC 5730 and no other EPP RFCs apply.



Thanks,

--

JG

[cid:image001.png@01D7090F.9AA1BF90]

James Gould
Fellow Engineer
jgould@Verisign.com<applewebdata://13890C55-AAE8-4BF3-A6CE-B4BA42740803/jgould@Verisign.com>

703-948-3271
12061 Bluemont Way
Reston, VA 20190

Verisign.com<http://verisigninc.com/>

From: "Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@McAfee.com>
Date: Sunday, February 21, 2021 at 6:48 AM
To: "secdir@ietf.org" <secdir@ietf.org>, "regext@ietf.org" <regext@ietf.org>, "draft-ietf-regext-unhandled-namespaces.all@ietf.org" <draft-ietf-regext-unhandled-namespaces.all@ietf.org>
Subject: [EXTERNAL] Secdir last call review of draft-ietf-regext-unhandled-namespaces
Resent-From: <alias-bounces@ietf.org>
Resent-To: James Gould <jgould@verisign.com>, <martin.casanova@switch.ch>, <ietf@antoin.nl>, <galvin@elistx.com>, <superuser@gmail.com>, <barryleiba@gmail.com>, <francesca.palombini@ericsson.com>, <barryleiba@computer.org>, David Smith <dsmith@verisign.com>, David Smith <dsmith@verisign.com>
Resent-Date: Sunday, February 21, 2021 at 6:48 AM

Reviewer: Tirumaleswar Reddy
Review result: Has nits

This document does not define any new EPP protocol elements, it specifies an operational practice using the existing EPP protocol. It does not discuss any security aspects other than relying on the security considerations in EPP protocol [RFC5730].

The security considerations described in these other specifications apply to this specification as well.

Comment> What other specifications are you referring to ?

-Tiru