Re: [secdir] Secdir review of draft-ietf-geopriv-uncertainty-03

"Takeshi Takahashi" <takeshi_takahashi@nict.go.jp> Sat, 11 October 2014 04:27 UTC

Return-Path: <takeshi_takahashi@nict.go.jp>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 23E461A1A8F; Fri, 10 Oct 2014 21:27:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.178
X-Spam-Level:
X-Spam-Status: No, score=-0.178 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_JP=1.244, HOST_EQ_JP=1.265, RP_MATCHES_RCVD=-0.786, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2miQ-zCe76SZ; Fri, 10 Oct 2014 21:27:15 -0700 (PDT)
Received: from ns1.nict.go.jp (ns1.nict.go.jp [IPv6:2001:df0:232:300::1]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 061331A1A76; Fri, 10 Oct 2014 21:27:13 -0700 (PDT)
Received: from gw1.nict.go.jp (gw1 [133.243.18.250]) by ns1.nict.go.jp with ESMTP id s9B4R5kp010921; Sat, 11 Oct 2014 13:27:05 +0900 (JST)
Received: from TakeVaioVJP13 (ssh.nict.go.jp [133.243.3.49]) by gw1.nict.go.jp with ESMTP id s9B4R0fn002270; Sat, 11 Oct 2014 13:27:00 +0900 (JST)
From: "Takeshi Takahashi" <takeshi_takahashi@nict.go.jp>
To: "'Kathleen Moriarty'" <kathleen.moriarty.ietf@gmail.com>
References: <0e2601cfe210$7a2da6c0$6e88f440$@nict.go.jp> <CABkgnnWzYoXGqK1wCtCRxdGqa=7WZuGHOG3DZhsGo11F_Eqn9Q@mail.gmail.com> <002101cfe293$0cd79a80$2686cf80$@nict.go.jp> <AFBD5392-FB3D-42B6-A12F-839DA9506DB9@gmail.com>
In-Reply-To: <AFBD5392-FB3D-42B6-A12F-839DA9506DB9@gmail.com>
Date: Sat, 11 Oct 2014 13:28:45 +0900
Message-ID: <000001cfe50b$d84fc0a0$88ef41e0$@nict.go.jp>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----=_NextPart_000_0001_01CFE557.483B3930"
X-Mailer: Microsoft Outlook 15.0
Thread-Index: AQImlKRxqlvRmyoUUTkIhML2uiQ9NALqS5aaAmYoU00A7XZCr5tK/aKw
Content-Language: ja
X-Virus-Scanned: clamav-milter 0.97.8 at zenith1
X-Virus-Status: Clean
Archived-At: http://mailarchive.ietf.org/arch/msg/secdir/peARidwXO_uz3KFKZhgl_SCrLRo
Cc: geopriv-chairs@tools.ietf.org, draft-ietf-geopriv-uncertainty.all@tools.ietf.org, 'Martin Thomson' <martin.thomson@gmail.com>, 'The IESG' <iesg@ietf.org>, secdir@ietf.org
Subject: Re: [secdir] Secdir review of draft-ietf-geopriv-uncertainty-03
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 11 Oct 2014 04:27:19 -0000

Hi Kathleen,

I think the schema is fine.

Here is the justification.
I've run a validator, called MSV, to check the validity of the confidence
schema mentioned in section 7.
The attached xsd file is the confidence schema, and the attached bmp file is
the result of the validation produced by the MSV validator.
Though the validation result is written in Japanese, it basically says that
the MSV validator could not find any problem.

Kind regards,
Take


-----Original Message-----
From: Kathleen Moriarty [mailto:kathleen.moriarty.ietf@gmail.com] 
Sent: Saturday, October 11, 2014 10:58 AM
To: Takeshi Takahashi
Cc: Martin Thomson; geopriv-chairs@tools.ietf.org; secdir@ietf.org; The
IESG; draft-ietf-geopriv-uncertainty.all@tools.ietf.org
Subject: Re: Secdir review of draft-ietf-geopriv-uncertainty-03

Hi Take,

Can you do me a favor and validate the schema in section 7?  I'll do this as
well, but am on travel and don't have all the tools I need.

We may need to get new XML schema experts listed.  I'm one of them, but just
for IODEF and the others are not available so far.  I know you have the
expertise as well, it's a short schema (that I think looks good without
tools) and should not take much time.

The apps ADs may appoint someone, but in the meantime, this may help us
progress this draft.

Thanks for your SecDir review and the level of detail in your review.  It's
helpful.

Best regards,
Kathleen

Sent from my iPhone

> On Oct 7, 2014, at 5:59 PM, "Takeshi Takahashi"
<takeshi_takahashi@nict.go.jp> wrote:
> 
> Hello Martin,
> 
> I see, thank you for the clarification.
> 
> Kind regards,
> Take
> 
> -----Original Message-----
> From: Martin Thomson [mailto:martin.thomson@gmail.com]
> Sent: Wednesday, October 8, 2014 6:19 AM
> To: Takeshi Takahashi
> Cc: draft-ietf-geopriv-uncertainty.all@tools.ietf.org; 
> geopriv-chairs@tools.ietf.org; The IESG; secdir@ietf.org
> Subject: Re: Secdir review of draft-ietf-geopriv-uncertainty-03
> 
> Thanks for the review,
> 
> The draft is, as you note, in two pieces.  However, when I took this to
the working group in two parts, the overwhelming consensus there was to
merge the documents.  As a result, it becomes standards track with large
informational sections.  The normative parts are small, and so the use of
2119 language is also restricted.
> 
> As for your concerns about security, the general issue of altering parts
of an object is only a concern if you have partial integrity mechanisms.
The security considerations of RFC 4119 cover a lot of that (the use of
S/MIME for confidentiality and integrity, for instance).
> 
>> On 7 October 2014 02:24, Takeshi Takahashi <takeshi_takahashi@nict.go.jp>
wrote:
>> Hello,
>> 
>> I have reviewed current version of this document as part of the 
>> security directorate's ongoing effort to review all IETF documents 
>> being processed by the IESG.  These comments were written primarily 
>> for the benefit of the security area directors.  Document editors and 
>> WG chairs should treat these comments just like any other last call
comments.
>> 
>> This draft provides lots of information on how to handle uncertainty 
>> and confidence.
>> It also defines a schema for describing confidence information.
>> 
>> I believe this document is very helpful for readers.
>> It outlines assorted techniques in a very clear way.
>> 
>> I think this draft is almost ready, but I have clarification 
>> questions as follows.
>> 
>> 
>> 1. standards track (std), or informational?
>> 
>> I am not sure what would be the criteria for being a std RFC, but I 
>> feel like that this draft talks as if it is an informational draft.
>> I do not mean that I object to make it as a std rfc, but 
>> clarification is appreciated.
>> 
>> A std RFC specifies the interfaces that communication parties need to 
>> follow, IMHO.
>> The RFC 3863 and 5139 is std RFCs since they define data 
>> format/schema each communication party needs to follow.
>> The RFC 3693, which this draft is updating, is an informational RFC 
>> and provides lots of useful knowledge, but it does not force anything 
>> to communication parties.
>> How is the case of this draft?
>> 
>> I know that the draft specifies a schema for the confidence 
>> information, but I feel like this is rather smaller part of the 
>> issues discussed in this draft.
>> It talks about schemes to handle uncertainty, but it does not define 
>> a single scheme to handle uncertainty. (It outlines several 
>> techniques, but implementers need to consider which techniques to 
>> use, and they can implement different techniques, IMHO.)
>> 
>> To sum up, I would appreciate if you could clarify why the draft is 
>> in the std rfc.
>> 
>> 
>> 
>> 2. why this document is not split into two documents?
>> 
>> This is related to the issue 1.
>> 
>> Here are my understanding of the sections.
>> Section 7 defines the confidence schema.
>> I understood that this document normatively defines this schema and 
>> implementers need to follow this schema.
>> On the other hand, sections 2 - 5 provides helpful information, but 
>> the draft does not mandate implementers to do anything.
>> I have understood that implementers can use arbitrary techniques 
>> (including the techniques introduced in this document) to handle
uncertainty.
>> 
>> I wonder whether it would have been easier to have separate drafts 
>> for the issues; i.e., the content described in section 7 goes to std 
>> RFC while the rest goes to another informational rfc.
>> 
>> 
>> 
>> 3. content in sections 2-5
>> 
>> Thank you for your elaboration.
>> This is very helpful to get knowledge on the uncertainty manipulation.
>> 
>> If this document goes to a std RFC, I would expect to see sentences 
>> such as "SHOULD/MUST/is recommended to use the techniques to handle 
>> uncertainty", in these sections.
>> 
>> 
>> 
>> 4. security considerations
>> 
>> If the confidence information is maliciously altered, does it cause 
>> trouble to the information receiver?
>> (I think the RFC 4119 (and RFC 3694) does not address the need to 
>> protect confidence information.)
>> 
>> Information sender sents a location information with high confidence 
>> value, but the information receiver received the information with 
>> falsified low confidence value.
>> I guess this could hinder some decision making of the information 
>> receiver in some case.
>> 
>> So, I think it would be safer to say something like that we should 
>> implement schemes to protect the values that is defined outside the 
>> scope of this draft, etc.
>> 
>> 
>> 
>> Kind regards,
>> Take
>> 
>> 
>> ---
>> Takeshi Takahashi, Ph.D.,
>> Senior Researcher at the National Institute of Information and 
>> Communications Technology, Japan takeshi_takahashi@nict.go.jp
>