[secdir] secdir review of draft-ietf-intarea-nat-reveal-analysis-05

"Scott G. Kelly" <scott@hyperthought.com> Fri, 08 March 2013 00:03 UTC

Return-Path: <secdir-bounces@mit.edu>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0510021F86BC for <secdir@ietfa.amsl.com>; Thu, 7 Mar 2013 16:03:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.099
X-Spam-Level:
X-Spam-Status: No, score=-5.099 tagged_above=-999 required=5 tests=[AWL=1.500, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id B0bH5BaQxFcM for <secdir@ietfa.amsl.com>; Thu, 7 Mar 2013 16:03:37 -0800 (PST)
Received: from pch.mit.edu (PCH.MIT.EDU [18.7.21.90]) by ietfa.amsl.com (Postfix) with ESMTP id 61C3421F869E for <secdir@ietf.org>; Thu, 7 Mar 2013 16:03:37 -0800 (PST)
Received: from pch.mit.edu (pch.mit.edu [127.0.0.1]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id r2803aSg029829 for <secdir@ietf.org>; Thu, 7 Mar 2013 19:03:36 -0500
Received: from mailhub-dmz-3.mit.edu (MAILHUB-DMZ-3.MIT.EDU [18.9.21.42]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id r2803Y97029826 for <secdir@PCH.mit.edu>; Thu, 7 Mar 2013 19:03:34 -0500
Received: from dmz-mailsec-scanner-1.mit.edu (DMZ-MAILSEC-SCANNER-1.MIT.EDU [18.9.25.12]) by mailhub-dmz-3.mit.edu (8.13.8/8.9.2) with ESMTP id r28031NL015496 for <secdir@mit.edu>; Thu, 7 Mar 2013 19:03:34 -0500
X-AuditID: 1209190c-b7f046d00000094c-54-51392ad6fcc2
Authentication-Results: symauth.service.identifier
Received: from smtp112.iad.emailsrvr.com (smtp112.iad.emailsrvr.com [207.97.245.112]) by dmz-mailsec-scanner-1.mit.edu (Symantec Messaging Gateway) with SMTP id E5.78.02380.6DA29315; Thu, 7 Mar 2013 19:03:34 -0500 (EST)
Received: from localhost (localhost.localdomain [127.0.0.1]) by smtp51.relay.iad1a.emailsrvr.com (SMTP Server) with ESMTP id B360A20A00; Thu, 7 Mar 2013 19:03:33 -0500 (EST)
X-Virus-Scanned: OK
Received: from legacy13.wa-web.iad1a (legacy13.wa-web.iad1a.rsapps.net [192.168.4.99]) by smtp51.relay.iad1a.emailsrvr.com (SMTP Server) with ESMTP id 96084209E9; Thu, 7 Mar 2013 19:03:33 -0500 (EST)
Received: from hyperthought.com (localhost.localdomain [127.0.0.1]) by legacy13.wa-web.iad1a (Postfix) with ESMTP id 84C4737040D; Thu, 7 Mar 2013 19:03:33 -0500 (EST)
Received: by apps.rackspace.com (Authenticated sender: scott@hyperthought.com, from: scott@hyperthought.com) with HTTP; Thu, 7 Mar 2013 16:03:33 -0800 (PST)
Date: Thu, 7 Mar 2013 16:03:33 -0800 (PST)
From: "Scott G. Kelly" <scott@hyperthought.com>
To: draft-ietf-intarea-nat-reveal-analysis.all@tools.ietf.org, "iesg@ietf.org" <iesg@ietf.org>, "secdir" <secdir@mit.edu>
MIME-Version: 1.0
Importance: Normal
X-Priority: 3 (Normal)
X-Type: plain
Message-ID: <1362701013.542210453@apps.rackspace.com>
X-Mailer: webmail7.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFrrEKsWRWlGSWpSXmKPExsVyPvFrge41LctAg1O7+Szanu1mc2D0aDpz lDmAMYrLJiU1J7MstUjfLoEr40/DLaaC05wVh+8eZ2lg/MHexcjJISFgItH/9DQjiM0oYCSx +9wrVoi4mMSFe+vZuhi5OIQE7jFKXJ8wCcrZxCixZ+UfFogqYYnHfUdZIRJnGCW2tZwFGyUk sJpR4tbDJIjEckaJGa2HmEESLAJaEt1bF4IVCQs4S2z7MxMsziagL3Ho8Uw2EFtEoFZixukF YPfxCghKnJz5BGgbOwezgJrEDV2QKLOAtsSyha/BOjkFhCQ6rnbCXT1h3S9mCJtX4sz+T8wQ U0wlfh4+yAgRF5G42vOefQKj6CwkC2bBLZiFZMECRuZVjLIpuVW6uYmZOcWpybrFyYl5ealF uoZ6uZkleqkppZsYgZEgxCnJs4PxzUGlQ4wCHIxKPLwVmywChVgTy4orcw8xSnIwKYnyTlGw DBTiS8pPqcxILM6ILyrNSS0+xCjBwawkwvtbBijHm5JYWZValA+TkuZgURLnvZxy019IID2x JDU7NbUgtQgmy8TBfohRhoNDSYI3FRj7QoJFqempFWmZOSXIajhBBBfIGh6gNUkghbzFBYm5 xZnpEEWnGHU5Zt199IJRiCUvPy9VSpw3AKRIAKQoozQPbhgsqV1ilJUS5mVkYGAQ4gG6BhgI qPKvGMWBASDMGw4yhSczrwRu0yugI5iAjvALtgA5oiQRISXVwDhD48p3tbnfOpVntuVrvb0s t2zCOQflY4Kfdk5xm7eml3cr51RuhYutE74HTTJYnNnh1pTpXKJnNkPkvOJRM2eR/f1S6RWr 3eWurr1TmVXrJhMxT+yG4Tn9S2fEV6tnGNeWFD17cutB+3+PtVeuTdr995Dl+p33m1qvbV1y YsfJxJJ19nuWRi9QYinOSDTUYi4qTgQAMvalTmUDAAA=
X-MIME-Autoconverted: from quoted-printable to 8bit by pch.mit.edu id r2803Y97029826
X-BeenThere: secdir@mit.edu
X-Mailman-Version: 2.1.6
Precedence: list
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: secdir-bounces@mit.edu
Errors-To: secdir-bounces@mit.edu
Subject: [secdir] secdir review of draft-ietf-intarea-nat-reveal-analysis-05
X-BeenThere: secdir@ietf.org
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Mar 2013 00:03:38 -0000

I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG.  These comments were written primarily for the benefit of the security area directors.  Document editors and WG chairs should treat these comments just like any other last call comments.

The intended status is Informational. From the abstract, the document describes a collection of solutions to reveal a host identifier (denoted as HOST_ID) when a Carrier Grade NAT (CGN) or application proxies are involved in the path. The document looks at several options for adding an identifier to packets that facilitates source disambiguation by endpoints. 

The document includes a section on privacy considerations, and the security considerations section points out that servers should not rely on HOST_ID for trust decisions, and that admins should be aware of the potential for unwanted information leakage. It also says that  HOST_ID specification documents should elaborate further on threats specific to the particular solution.

I think this pretty well covers it, and I have no concerns with this document.

--Scott



_______________________________________________
secdir mailing list
secdir@mit.edu
https://mailman.mit.edu/mailman/listinfo/secdir