Re: [secdir] secdir review of draft-ietf-nea-pt-eap-06

"Nancy Cam-Winget (ncamwing)" <ncamwing@cisco.com> Sat, 12 January 2013 15:23 UTC

Return-Path: <ncamwing@cisco.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ED94F21F870A; Sat, 12 Jan 2013 07:23:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.599
X-Spam-Level:
X-Spam-Status: No, score=-10.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 09UYCLfUbnwc; Sat, 12 Jan 2013 07:23:43 -0800 (PST)
Received: from rcdn-iport-5.cisco.com (rcdn-iport-5.cisco.com [173.37.86.76]) by ietfa.amsl.com (Postfix) with ESMTP id E2C1021F8707; Sat, 12 Jan 2013 07:23:41 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=972; q=dns/txt; s=iport; t=1358004222; x=1359213822; h=from:to:subject:date:message-id:in-reply-to:content-id: content-transfer-encoding:mime-version; bh=gmU7maBtATuVB2AbqwWzmmVaOoH3jvKyn8fnZj3uAfE=; b=j21Yehd8Pz2YVsa7h8eVpSIW7kRjo9nT+NHhxlLZOsOxixkx3yZbRngK 3OE/EpfvUqF75HppEWOArBNC+6Q7w7BYE8z48+N0qRHrERcBBwO2g/OMG YSeHJYEKPS7WA51Slc02B+KNHyj7hvBJNtMR7ZpUX7FzeAyE6/a0VwHIX Q=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: Av4EAEx/8VCtJXG9/2dsb2JhbABFvg8Wc4IgAQQ6UQEIIhRCJQIEARIIiBG1OpBNYQOmVIJ1giQ
X-IronPort-AV: E=Sophos;i="4.84,458,1355097600"; d="scan'208";a="161704407"
Received: from rcdn-core2-2.cisco.com ([173.37.113.189]) by rcdn-iport-5.cisco.com with ESMTP; 12 Jan 2013 15:23:41 +0000
Received: from xhc-rcd-x11.cisco.com (xhc-rcd-x11.cisco.com [173.37.183.85]) by rcdn-core2-2.cisco.com (8.14.5/8.14.5) with ESMTP id r0CFNfdg023818 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Sat, 12 Jan 2013 15:23:41 GMT
Received: from xmb-aln-x02.cisco.com ([169.254.5.197]) by xhc-rcd-x11.cisco.com ([173.37.183.85]) with mapi id 14.02.0318.004; Sat, 12 Jan 2013 09:23:41 -0600
From: "Nancy Cam-Winget (ncamwing)" <ncamwing@cisco.com>
To: Leif Johansson <leifj@sunet.se>, "secdir@ietf.org" <secdir@ietf.org>, "draft-ietf-nea-pt-eap.all@tools.ietf.org" <draft-ietf-nea-pt-eap.all@tools.ietf.org>, "iesg@ietf.org" <iesg@ietf.org>
Thread-Topic: secdir review of draft-ietf-nea-pt-eap-06
Thread-Index: AQHN7NSAhWJul+LVc0GKYm4QR11Ah5hFtmeA
Date: Sat, 12 Jan 2013 15:23:41 +0000
Message-ID: <B80278DF1B7C814184086F4A6ECB3115225B4BA2@xmb-aln-x02.cisco.com>
In-Reply-To: <50EAC2B8.3080908@sunet.se>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.2.1.120420
x-originating-ip: [10.21.117.120]
Content-Type: text/plain; charset="us-ascii"
Content-ID: <C48893637738024380988C6B0117A345@cisco.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Mailman-Approved-At: Sun, 13 Jan 2013 08:02:37 -0800
Subject: Re: [secdir] secdir review of draft-ietf-nea-pt-eap-06
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 12 Jan 2013 15:23:44 -0000

Hi Leif,

Thanks for your review.  I can make that update to the PT-EAP draft as it
looks like a few more comments are trickling in as well.

Thanks!
  Nancy.

On 1/7/13 4:42 AM, "Leif Johansson" <leifj@sunet.se> wrote:

>I have reviewed this document as part of the security directorate's
>ongoing effort to review all IETF documents being processed by the IESG.
>These comments were written primarily for the benefit of the security
>area directors.  Document editors and WG chairs should treat these
>comments just like any other last call comments.
>
>This document describes a posture transport protocol for EAP tunnel
>methods.
>
>I found the document clearly written and easy to follow.
>
>The only suggestion I have is that in section 3.4 (or 4.2.5) on the Asokan
>Attack the document should clearly state that the verification of the
>channel
>token MUST be performed before any other attestations are evaluated.
>
>        Cheers Leif