Re: [secdir] SECDIR review of draft-giralt-schac-ns-04

Victoriano Giralt <> Wed, 18 May 2011 14:57 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 5B08EE06FB; Wed, 18 May 2011 07:57:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -5.048
X-Spam-Status: No, score=-5.048 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FH_RELAY_NODNS=1.451, RCVD_IN_DNSWL_MED=-4, RDNS_NONE=0.1]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id GEK6R1JEPZJp; Wed, 18 May 2011 07:57:17 -0700 (PDT)
Received: from (unknown []) by (Postfix) with ESMTP id 4A7F5E06B8; Wed, 18 May 2011 07:57:15 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id BBEBB570001; Wed, 18 May 2011 16:57:12 +0200 (CEST)
Received: from ( []) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTP id 722BD6C8B98; Wed, 18 May 2011 16:57:08 +0200 (CEST)
Message-ID: <>
Date: Wed, 18 May 2011 16:57:07 +0200
From: Victoriano Giralt <>
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-GB; rv: Gecko/20110414 Lightning/1.0b2 Thunderbird/3.1.10
MIME-Version: 1.0
To: Chris Lonvick <>
References: <>
In-Reply-To: <>
X-Enigmail-Version: 1.1.1
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: ClamAV using ClamSMTP
X-Mailman-Approved-At: Fri, 20 May 2011 08:21:44 -0700
Subject: Re: [secdir] SECDIR review of draft-giralt-schac-ns-04
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 18 May 2011 14:57:18 -0000

Hash: RIPEMD160

On 7/3/11 22:46, Chris Lonvick wrote:
> The only security concern I have is that the registration URN is not yet
> active and that it is limited to HTTPS.  While I think it is still going
> to take some time for this ID to become an RFC, I'd just like to see the
> web site set up sooner rather than later so the kinks may be ironed out.
This has been a long time on the writing queue, but I wanted to iron out
all kinks.

> Beyond that, I think that it would be better to state that it will always
> be a "secure web site" which will offer credentials signed by such-n-such,
> and will require the latest secure methods for accessing a web site; that
> currently being http [reference] with the latest TLS transport
> [reference].  My issue with this is that "https" can still reference SSLv2
> and I don't think that's the intent of the statement in this ID.
> I don't have any concerns about the Security Considerations section other
> than the statement about using "HTTPS" as noted above.
I totally agree with you. SSLv2 is a no-no. I had not properly grasped
the meaning of your comment and started to think about a domain expert
that could help me to address your concerns. With the present
formulation I have fully understood your concern, thanks for
enlightening this old web dinosaur.

> The terms TERENA and TF-EMC2 are used without first defining them.  Maybe
> some changes in Section 1.

> I think that the second paragraph of the Abstract could use some
> polishing.

> CML> I see that this paragraph is been duplicated into the Introduction.
> I don't think that's necessary.
Removed from the intro.

> In Section 4, the word "Anyhow" is ambiguous.  I'd suggest replacing it
> with a more definite word such as "Regardless", or with the term "In any
> case".
You are right. I've gone for "In any case".

> In Section 5, the term "NREN" is not defined before it is used.  I'd
> suggest:
That was changed after other reviewer's comments.

> CML> I see that this version does use the term "National Research and
> Education Network" but it's not associated with the acronym.
I hope the acronym is now associated.

> In the third paragraph of Section 5, remove the term "as soon as
> practical".  ...just get it done.  :-)
Done. It was suffering the "we have a lot of work, will take care of
this once the namespace is granted" syndrome. It is up, though not
running in full swing.

> Could you add a URL to reference [4]?
> CML> Could you also add a URL for reference [5]?
I swear all references have URLs in the XML version, the xml2rf tool
eats those references when doing the transformation. They are not had
inserted again.

> Best regards,
> Chris
Thank you very much, Victoriano.

- -- 
Victoriano Giralt
Systems Manager
Central ICT Services
University of Malaga
- -
A: Yes.
> > Q: Are you sure ?
>> >> A: Because it reverses the logical flow of conversation.
>>> >>> Q: Why is top posting annoying in email ?
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla -