Re: [secdir] Secdir review: draft-ietf-ccamp-otn-signal-type-subregistry-03
"Matt Hartley (mhartley)" <mhartley@cisco.com> Thu, 10 March 2016 15:40 UTC
Return-Path: <mhartley@cisco.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E516512D82E; Thu, 10 Mar 2016 07:40:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.521
X-Spam-Level:
X-Spam-Status: No, score=-14.521 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id C0Ah7NKVMHc1; Thu, 10 Mar 2016 07:40:46 -0800 (PST)
Received: from rcdn-iport-9.cisco.com (rcdn-iport-9.cisco.com [173.37.86.80]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4909F12D8F3; Thu, 10 Mar 2016 07:40:46 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=14916; q=dns/txt; s=iport; t=1457624446; x=1458834046; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=tOvwDP0Ul6IIFPrJer+LdupMvBuuvD+cy9TK94gy9NA=; b=DGhqLxJ6Ysh8+C83hwAnhMYg/9OkBE2cn3d3dWhLseN3V4FCaGmU7ml5 j/6v2LZhXzhx9mxLklDnjMYy5UbaJI3NSgpCV64Tor0f8/LPP6pp2u/1Q X7lSb3lBmACr/+SGvIhg7Zke0urOIKuIA71wEQisEp8hwA7Rqe5Ip3nbG 4=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0AkAgDnlOFW/40NJK1egnJMUm0GulgBDYFtHYVyAoFBOBQBAQEBAQEBZCeEQQEBAQQtTBACAQgRAwEBASgHMhQJCAIEAQ0FCIgcDr1BAQEBAQEBAQEBAQEBAQEBAQEBAQEBFYYYhEKEWhaEBAWNa4UShD8BhWmIB4I2jFCOaQEPDwEBQoNkaohVAX0BAQE
X-IronPort-AV: E=Sophos; i="5.24,316,1454976000"; d="scan'208,217"; a="79380410"
Received: from alln-core-8.cisco.com ([173.36.13.141]) by rcdn-iport-9.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 10 Mar 2016 15:40:45 +0000
Received: from XCH-RCD-005.cisco.com (xch-rcd-005.cisco.com [173.37.102.15]) by alln-core-8.cisco.com (8.14.5/8.14.5) with ESMTP id u2AFejkq032677 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 10 Mar 2016 15:40:45 GMT
Received: from xch-rcd-001.cisco.com (173.37.102.11) by XCH-RCD-005.cisco.com (173.37.102.15) with Microsoft SMTP Server (TLS) id 15.0.1104.5; Thu, 10 Mar 2016 09:40:43 -0600
Received: from xch-rcd-001.cisco.com ([173.37.102.11]) by XCH-RCD-001.cisco.com ([173.37.102.11]) with mapi id 15.00.1104.009; Thu, 10 Mar 2016 09:40:44 -0600
From: "Matt Hartley (mhartley)" <mhartley@cisco.com>
To: Daniele Ceccarelli <daniele.ceccarelli@ericsson.com>, "Zafar Ali (zali)" <zali@cisco.com>, Robert Sparks <rjsparks@nostrum.com>, "secdir@ietf.org" <secdir@ietf.org>, "iesg@ietf.org" <iesg@ietf.org>, "draft-ietf-ccamp-otn-signal-type-subregistry.all@ietf.org" <draft-ietf-ccamp-otn-signal-type-subregistry.all@ietf.org>, "CCamp-chairs@ietf.org" <CCamp-chairs@ietf.org>
Thread-Topic: Secdir review: draft-ietf-ccamp-otn-signal-type-subregistry-03
Thread-Index: AQHReX33vqcogrnZg0ykW8cVvnIfnJ9QIQSAgAI5wuCAAHiTcA==
Date: Thu, 10 Mar 2016 15:40:44 +0000
Message-ID: <a109acdab84e490789495115947e789c@XCH-RCD-001.cisco.com>
References: <56DF3E1A.4010003@nostrum.com> <D304CA35.16E796%zali@cisco.com> <4A1562797D64E44993C5CBF38CF1BE48162564BB@ESESSMB301.ericsson.se>
In-Reply-To: <4A1562797D64E44993C5CBF38CF1BE48162564BB@ESESSMB301.ericsson.se>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [161.44.213.171]
Content-Type: multipart/alternative; boundary="_000_a109acdab84e490789495115947e789cXCHRCD001ciscocom_"
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/ojIaYKJsh4OMTn0FGaW5j5zPBe0>
X-Mailman-Approved-At: Thu, 10 Mar 2016 07:42:10 -0800
Cc: "Matt Hartley (mhartley)" <mhartley@cisco.com>
Subject: Re: [secdir] Secdir review: draft-ietf-ccamp-otn-signal-type-subregistry-03
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Mar 2016 15:40:55 -0000
That looks good to me! Cheers Matt Hi Zafar, I would suggest a section similar to RFC7139 , as it's the reference for the OTN signal type sub-registry. What about something like: This document introduces no new security considerations to the existing GMPLS signaling protocols. Refer to [RFC7139]for further details of the specific security measures. Additionally, [RFC5920<http://tools.ietf.org/html/rfc5920>] provides an overview of security vulnerabilities and protection mechanisms for the GMPLS control plane. Robert, does this address your concern? BR Daniele From: Zafar Ali (zali) [mailto:zali@cisco.com] Sent: mercoledì 9 marzo 2016 00:30 To: Robert Sparks; secdir@ietf.org<mailto:secdir@ietf.org>; iesg@ietf.org<mailto:iesg@ietf.org>; draft-ietf-ccamp-otn-signal-type-subregistry.all@ietf.org<mailto:draft-ietf-ccamp-otn-signal-type-subregistry.all@ietf.org> Subject: Re: Secdir review: draft-ietf-ccamp-otn-signal-type-subregistry-03 Hi Robert- We can add a security section stating "no new consideration is required". Thanks Regards ... Zafar From: Robert Sparks <rjsparks@nostrum.com<mailto:rjsparks@nostrum.com>> Date: Tuesday, March 8, 2016 at 4:03 PM To: "secdir@ietf.org<mailto:secdir@ietf.org>" <secdir@ietf.org<mailto:secdir@ietf.org>>, "iesg@ietf.org<mailto:iesg@ietf.org>" <iesg@ietf.org<mailto:iesg@ietf.org>>, "draft-ietf-ccamp-otn-signal-type-subregistry.all@ietf.org<mailto:draft-ietf-ccamp-otn-signal-type-subregistry.all@ietf.org>" <draft-ietf-ccamp-otn-signal-type-subregistry.all@ietf.org<mailto:draft-ietf-ccamp-otn-signal-type-subregistry.all@ietf.org>> Subject: Secdir review: draft-ietf-ccamp-otn-signal-type-subregistry-03 I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. Summary: Almost ready for publication as PS with process nit This very short draft only changes the registration policy for an existing (sub)registry at IANA - adding "Specification Required" to the current "Standards Action" policy. It introduces no new security considerations. It has no security considerations section - the shepherd writeup asserts none is needed. As far as I recall, that's not true. A short section explicitly saying there are no new considerations is required.
- [secdir] Secdir review: draft-ietf-ccamp-otn-sign… Robert Sparks
- Re: [secdir] Secdir review: draft-ietf-ccamp-otn-… Zafar Ali (zali)
- Re: [secdir] Secdir review: draft-ietf-ccamp-otn-… Daniele Ceccarelli
- Re: [secdir] Secdir review: draft-ietf-ccamp-otn-… Matt Hartley (mhartley)