[secdir] secdir review for draft-ietf-ipsecme-ad-vpn-problem-07
Carl Wallace <carl@redhoundsoftware.com> Thu, 20 June 2013 11:26 UTC
Return-Path: <carl@redhoundsoftware.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EE12121F9A5E for <secdir@ietfa.amsl.com>; Thu, 20 Jun 2013 04:26:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.424
X-Spam-Level:
X-Spam-Status: No, score=-2.424 tagged_above=-999 required=5 tests=[AWL=0.175, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id diw4HWXWbxm7 for <secdir@ietfa.amsl.com>; Thu, 20 Jun 2013 04:26:08 -0700 (PDT)
Received: from mail-qc0-x232.google.com (mail-qc0-x232.google.com [IPv6:2607:f8b0:400d:c01::232]) by ietfa.amsl.com (Postfix) with ESMTP id 69F1221F9A59 for <secdir@ietf.org>; Thu, 20 Jun 2013 04:26:08 -0700 (PDT)
Received: by mail-qc0-f178.google.com with SMTP id c11so3620996qcv.37 for <secdir@ietf.org>; Thu, 20 Jun 2013 04:26:07 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=user-agent:date:subject:from:to:message-id:thread-topic :mime-version:content-type:content-transfer-encoding :x-gm-message-state; bh=5B5OwsQb6JiPPDwu++YCC7h6XghMbSMzsW/rrcaeiGk=; b=cEUHcojVMmTbwdfNk58HPIZXaYPQzYHs8ndvgR7nHN1rxhcbOCo+dPCvurW+XRMeS1 E6G+6NSqwrG4uTDofkAdgznUNBuJ/ss4QCtSxCJ6I4y4HhAmMNoTcI1XzYyUf3ORa7CR RGCBMHuqUSuaawGM7w6DCIVL3TytpbYkoFJm5YW7t42Q8cKJ7hI94RUnZUhUeSf1cyiE rzl1q+S83I4iCSbpVYyS9OdJAoZDFLCWTIoABEDygp/TBLxkboaaYoUEVAJSn0U3u+cd 3zNnHAqHza5GY47IS/rUZkRvGwM2QxQmm0I6l4eALi4MK4VQumJUiZZwIkjmbDe8HwT7 HxnA==
X-Received: by 10.49.118.166 with SMTP id kn6mr8989630qeb.39.1371727567502; Thu, 20 Jun 2013 04:26:07 -0700 (PDT)
Received: from [192.168.2.6] (pool-173-79-116-61.washdc.fios.verizon.net. [173.79.116.61]) by mx.google.com with ESMTPSA id j5sm305229qan.7.2013.06.20.04.26.05 for <multiple recipients> (version=TLSv1 cipher=RC4-SHA bits=128/128); Thu, 20 Jun 2013 04:26:06 -0700 (PDT)
User-Agent: Microsoft-MacOutlook/14.3.1.130117
Date: Thu, 20 Jun 2013 07:26:06 -0400
From: Carl Wallace <carl@redhoundsoftware.com>
To: iesg@ietf.org, secdir@ietf.org, draft-ietf-ipsecme-ad-vpn-problem.all@tools.ietf.org
Message-ID: <CDE85F0E.45BF3%carl@redhoundsoftware.com>
Thread-Topic: secdir review for draft-ietf-ipsecme-ad-vpn-problem-07
Mime-version: 1.0
Content-type: text/plain; charset="US-ASCII"
Content-transfer-encoding: 7bit
X-Gm-Message-State: ALoCoQnAGfhBExd57mvqEfmg4Nk+Gy3wX1hQlDG2mUKJCmGs4eOoxJy1B0BqBgCEsF5DQ070aULC
Subject: [secdir] secdir review for draft-ietf-ipsecme-ad-vpn-problem-07
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Jun 2013 11:26:09 -0000
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This document describes the problem of enabling a large number of systems to communicate directly using IPSec and defines requirements for prospective solutions. As a problem statement, it does not introduce any new security concerns. I have no new use cases, requirements or security concerns to contribute. I had one minor nit. The use cases specifically call out a need for an authentication mechanism. The requirements do not (other than implicitly through requirement 5).
- [secdir] secdir review for draft-ietf-ipsecme-ad-… Carl Wallace