[secdir] secdir review of draft-ietf-stox-groupchat-10

Leif Johansson <leifj@sunet.se> Mon, 02 March 2015 18:16 UTC

Return-Path: <leifj@sunet.se>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com []) by ietfa.amsl.com (Postfix) with ESMTP id F11931A8724; Mon, 2 Mar 2015 10:16:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.238
X-Spam-Status: No, score=0.238 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HELO_EQ_SE=0.35, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id 2Xhy7dHVh5sv; Mon, 2 Mar 2015 10:16:13 -0800 (PST)
Received: from e-mailfilter01.sunet.se (e-mailfilter01.sunet.se [IPv6:2001:6b0:8:2::201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 301601A87C9; Mon, 2 Mar 2015 10:16:11 -0800 (PST)
Received: from smtp1.sunet.se (smtp1.sunet.se []) by e-mailfilter01.sunet.se (8.14.4/8.14.4/Debian-4) with ESMTP id t22IG8mp005362 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 2 Mar 2015 19:16:08 +0100
Received: from kerio.sunet.se (kerio.sunet.se []) by smtp1.sunet.se (8.14.9/8.14.7) with ESMTP id t22IG42j002106 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 2 Mar 2015 19:16:06 +0100 (CET)
VBR-Info: md=sunet.se; mc=all; mv=swamid.se
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=sunet.se; s=default; t=1425320167; bh=ca33HN2CEL65HPm6LHjizNgvGhlJ9t929F5Sbv4jySc=; h=Date:From:To:Subject; b=UHm+zc9MzcQF47Ra3CNUM+2qFjvUo//3jusM1KOsIiI8ZYYitlEXY9qSrxCPyeYsJ rllNF6HzAN7z//qQzAUmdAAzbHRp3fCikTapqTPRx5JPdlv8lK2LDRJvHGSDnn2OCu 8bYVe7YY8Xcy7Vu5OZE1AJooMZs9qEgGO1PWGkjI=
X-Footer: c3VuZXQuc2U=
Received: from [] ([]) (authenticated user leifj@sunet.se) by kerio.sunet.se (Kerio Connect 8.3.4 patch 1) (using TLSv1.2 with cipher DHE-RSA-AES256-SHA (256 bits)); Mon, 2 Mar 2015 19:16:04 +0100
Message-ID: <54F4A8E3.1010802@sunet.se>
Date: Mon, 02 Mar 2015 19:16:03 +0100
From: Leif Johansson <leifj@sunet.se>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.4.0
MIME-Version: 1.0
To: draft-ietf-stox-groupchat.all@tools.ietf.org, "secdir@ietf.org" <secdir@ietf.org>, IESG <iesg@ietf.org>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Bayes-Prob: 0.0001 (Score 0, tokens from: outbound, outbound-sunet-se:default, sunet-se:default, base:default, @@RPTN)
X-CanIt-Geo: ip=; country=SE; latitude=59.3294; longitude=18.0686; http://maps.google.com/maps?q=59.3294,18.0686&z=6
X-CanItPRO-Stream: outbound-sunet-se:outbound (inherits from outbound-sunet-se:default, sunet-se:default, base:default)
X-Canit-Stats-ID: 09NWGg8X6 - 45eda613d5ab - 20150302
X-CanIt-Archive-Cluster: PfMRe/vJWMiXwM2YIH5BVExnUnw
Received-SPF: neutral (e-mailfilter01.sunet.se: is neither permitted nor denied by domain leifj@sunet.se) receiver=e-mailfilter01.sunet.se; client-ip=; envelope-from=<leifj@sunet.se>; helo=smtp1.sunet.se; identity=mailfrom
X-Scanned-By: CanIt (www . roaringpenguin . com) on
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/vFqptD8rHSJzWTlBp3TOeMXKQa0>
Subject: [secdir] secdir review of draft-ietf-stox-groupchat-10
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 02 Mar 2015 18:16:16 -0000

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

This draft is imo as ready as it is likely to be from a security
perspective. The security considerations section does contain an
I-D reference (draft-ietf-simple-chat) which needs to be resolved
before publication though.