[secdir] Secdir Last Call assignment: draft-ietf-regext-change-poll
"Valery Smyslov" <valery@smyslov.net> Mon, 29 October 2018 13:36 UTC
Return-Path: <valery@smyslov.net>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 51BFF130F26; Mon, 29 Oct 2018 06:36:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.2
X-Spam-Level:
X-Spam-Status: No, score=-0.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_SORBS_WEB=1.5] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (public key: not available)" header.d=smyslov.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id G0yUFrCOxJSF; Mon, 29 Oct 2018 06:36:07 -0700 (PDT)
Received: from direct.host-care.com (direct.host-care.com [198.136.54.115]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8618E130F23; Mon, 29 Oct 2018 06:35:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=smyslov.net ; s=default; h=Content-Transfer-Encoding:Content-Type:MIME-Version:Message-ID :Date:Subject:Cc:To:From:Sender:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=Ho1DXOGzzVGRY8CkU1hgeqU9Trc30QhmfSGtcKzrVcE=; b=JztMPpEtal5L0FL712JHHDREXQ uVwwtG+5Cc1asm926i2zz4zvddzggG5EVFrFghKsoFrat1f7VCbytVmIE2PBm+Noqzj+SIGMG0Y/S 7dVtXDOtlcbWrsGZGC6zyLEDxWW/dhEPtLMpGlOha27FuWGwPMxn7EUeZL3UkzWmz3gJWoS52Y6UT wKM3afEgMh2Kxy1T6HN+TFIKWcxv8zh2LMwex1rQVRiS9fG9fe3W6L8D0NhXzxqYgaOVfcrdl3ge+ Sje9MkZfrq2MBZyA1PwaFT/7cugUi3Plfh7QR4asNz4LgLl2dVwdYEI6VjmWcAsnE8H5LdscBAm0x VhMtp6ug==;
Received: from [82.138.51.4] (port=49366 helo=buildpc) by direct.host-care.com with esmtpsa (TLSv1:ECDHE-RSA-AES256-SHA:256) (Exim 4.91) (envelope-from <valery@smyslov.net>) id 1gH7hk-0007OW-Pd; Mon, 29 Oct 2018 09:35:41 -0400
From: Valery Smyslov <valery@smyslov.net>
To: secdir@ietf.org
Cc: draft-ietf-regext-change-poll.all@ietf.org, regext@ietf.org, ietf@ietf.org
Date: Mon, 29 Oct 2018 16:35:22 +0300
Message-ID: <04a001d46f8c$3fd204e0$bf760ea0$@smyslov.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 14.0
Content-Language: ru
Thread-Index: AdRvXnGNFd6CotSYRDG5mWUsUy7B6w==
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - direct.host-care.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - smyslov.net
X-Get-Message-Sender-Via: direct.host-care.com: authenticated_id: valery@smyslov.net
X-Authenticated-Sender: direct.host-care.com: valery@smyslov.net
X-Source:
X-Source-Args:
X-Source-Dir:
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/r4itwmqnIkOLvH9X70A17WGaqZM>
Subject: [secdir] Secdir Last Call assignment: draft-ietf-regext-change-poll
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 29 Oct 2018 13:36:09 -0000
Reviewer: Valery Smyslov Review result: Ready with Nits I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This draft defines an extension for an Extensible Provisioning Protocol (EPP, RFC 5730) that allows servers to notify clients about operations which were not initiated by clients, but which modify state of client-sponsored objects. The extension is defined using standard EPP mechanism for adding extensions, so Security Considerations from RFC 5730 are applied and no new ones are added. Keeping long message queues consume server resources and can potentially be a surface for DoS attack, however as far as I understand unauthorized entities cannot cause server to perform actions resulted in operations on other clients' objects, so it seems that it is not a security issue here. Nevertheless adding a few words that it is not a security issue would be helpful. General comment not related to security. It seems to me that the protocol description is inconsistent. The Introduction Section states, that this extension only extends the response to the EPP <poll> command. However, Section 3 of this specification, which describes the EPP Command Mapping, extends only the response to the EPP <info> command with poll message, and the <poll> command is not mentioned there at all. I'm not familiar with the EPP protocol, but I believe that <info> and <poll> are different commands, so unless I've missed something, it seems that the protocol description is inconsistent (or incomplete). Since it is not related to security, I think the document is Ready (from security perspective), but this inconsistency must either be fixed or some clarification be provided.
- [secdir] Secdir Last Call assignment: draft-ietf-… Valery Smyslov
- Re: [secdir] Secdir Last Call assignment: draft-i… Gould, James
- Re: [secdir] Secdir Last Call assignment: draft-i… Valery Smyslov