Re: [secdir] SECDIR review of draft-giralt-schac-ns-04
Victoriano Giralt <victoriano@uma.es> Wed, 18 May 2011 14:57 UTC
Return-Path: <victoriano@uma.es>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5B08EE06FB; Wed, 18 May 2011 07:57:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.048
X-Spam-Level:
X-Spam-Status: No, score=-5.048 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FH_RELAY_NODNS=1.451, RCVD_IN_DNSWL_MED=-4, RDNS_NONE=0.1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GEK6R1JEPZJp; Wed, 18 May 2011 07:57:17 -0700 (PDT)
Received: from cartero1.uma.es (unknown [150.214.47.225]) by ietfa.amsl.com (Postfix) with ESMTP id 4A7F5E06B8; Wed, 18 May 2011 07:57:15 -0700 (PDT)
Received: from correo1.uma.es (vesta1.sci.uma.es [192.168.23.8]) by cartero1.uma.es (Postfix) with ESMTP id BBEBB570001; Wed, 18 May 2011 16:57:12 +0200 (CEST)
Received: from wifi-eduroam-96.tnc2011.org (wifi-eduroam-96.tnc2011.org [78.128.224.96]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by correo1.uma.es (Postfix) with ESMTP id 722BD6C8B98; Wed, 18 May 2011 16:57:08 +0200 (CEST)
Message-ID: <4DD3DE43.7030103@uma.es>
Date: Wed, 18 May 2011 16:57:07 +0200
From: Victoriano Giralt <victoriano@uma.es>
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-GB; rv:1.9.2.17) Gecko/20110414 Lightning/1.0b2 Thunderbird/3.1.10
MIME-Version: 1.0
To: Chris Lonvick <clonvick@cisco.com>
References: <Pine.GSO.4.63.1103071325020.14767@sjc-cde-011.cisco.com>
In-Reply-To: <Pine.GSO.4.63.1103071325020.14767@sjc-cde-011.cisco.com>
X-Enigmail-Version: 1.1.1
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: ClamAV using ClamSMTP
X-Mailman-Approved-At: Fri, 20 May 2011 08:21:44 -0700
Cc: draft-giralt-schac-ns.all@tools.ietf.org, iesg@ietf.org, secdir@ietf.org
Subject: Re: [secdir] SECDIR review of draft-giralt-schac-ns-04
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 May 2011 14:57:18 -0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 On 7/3/11 22:46, Chris Lonvick wrote: > The only security concern I have is that the registration URN is not yet > active and that it is limited to HTTPS. While I think it is still going > to take some time for this ID to become an RFC, I'd just like to see the > web site set up sooner rather than later so the kinks may be ironed out. This has been a long time on the writing queue, but I wanted to iron out all kinks. > Beyond that, I think that it would be better to state that it will always > be a "secure web site" which will offer credentials signed by such-n-such, > and will require the latest secure methods for accessing a web site; that > currently being http [reference] with the latest TLS transport > [reference]. My issue with this is that "https" can still reference SSLv2 > and I don't think that's the intent of the statement in this ID. > > I don't have any concerns about the Security Considerations section other > than the statement about using "HTTPS" as noted above. I totally agree with you. SSLv2 is a no-no. I had not properly grasped the meaning of your comment and started to think about a domain expert that could help me to address your concerns. With the present formulation I have fully understood your concern, thanks for enlightening this old web dinosaur. > The terms TERENA and TF-EMC2 are used without first defining them. Maybe > some changes in Section 1. Addressed > I think that the second paragraph of the Abstract could use some > polishing. Polished > CML> I see that this paragraph is been duplicated into the Introduction. > I don't think that's necessary. Removed from the intro. > In Section 4, the word "Anyhow" is ambiguous. I'd suggest replacing it > with a more definite word such as "Regardless", or with the term "In any > case". You are right. I've gone for "In any case". > In Section 5, the term "NREN" is not defined before it is used. I'd > suggest: That was changed after other reviewer's comments. > CML> I see that this version does use the term "National Research and > Education Network" but it's not associated with the acronym. I hope the acronym is now associated. > In the third paragraph of Section 5, remove the term "as soon as > practical". ...just get it done. :-) Done. It was suffering the "we have a lot of work, will take care of this once the namespace is granted" syndrome. It is up, though not running in full swing. > Could you add a URL to reference [4]? > > CML> Could you also add a URL for reference [5]? I swear all references have URLs in the XML version, the xml2rf tool eats those references when doing the transformation. They are not had inserted again. > Best regards, > Chris Thank you very much, Victoriano. - -- Victoriano Giralt Systems Manager Central ICT Services University of Malaga SPAIN - - A: Yes. > > Q: Are you sure ? >> >> A: Because it reverses the logical flow of conversation. >>> >>> Q: Why is top posting annoying in email ? -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iD8DBQFN095DV6+mDjj1PTgRAz+NAJ0expp5KF7EWKG8rZNkHlF5fbqizQCfSJx3 wSmQJfxlnqLloKkcImx0AlE= =sJd/ -----END PGP SIGNATURE-----
- [secdir] SECDIR review of draft-giralt-schac-ns-04 Chris Lonvick
- Re: [secdir] SECDIR review of draft-giralt-schac-… Victoriano Giralt