[secdir] Secdir review of draft-ietf-eman-requirements-10

Magnus Nyström <magnusn@gmail.com> Mon, 21 January 2013 04:06 UTC

Return-Path: <magnusn@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 69D9721F87CC; Sun, 20 Jan 2013 20:06:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.3
X-Spam-Status: No, score=0.3 tagged_above=-999 required=5 tests=[HTML_MESSAGE=0.001, MIME_8BIT_HEADER=0.3, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id RnxKNDThKl1M; Sun, 20 Jan 2013 20:06:04 -0800 (PST)
Received: from mail-we0-x234.google.com (we-in-x0234.1e100.net [IPv6:2a00:1450:400c:c03::234]) by ietfa.amsl.com (Postfix) with ESMTP id 75E3821F87C8; Sun, 20 Jan 2013 20:05:46 -0800 (PST)
Received: by mail-we0-f180.google.com with SMTP id t57so1482850wey.11 for <multiple recipients>; Sun, 20 Jan 2013 20:05:45 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:x-received:date:message-id:subject:from:to :content-type; bh=PLAc6NhnUJwZx+BxxlluvsfUzkobuLah0503yl8xIYo=; b=RcGJwVnTM4/y2aTmfNibwf5Sy76xqedslNxd4si1f57HksFjNY1zNDfDZMDWqHP9MF AANaD7B43bMFOrX0ThFcajAd4nxW4H6IfDmvUP6bcTMndEVdkVke5rfJvTbJ2IVvaMQB yp1v4lZ64VSQMlPDrJTlw81ban+A8NbpRoplQRig4o0pw3NE5B8VpJXW7tyOBQT41sR0 9Kp3WVqE4rmmnnduxjSeQEMFLNs7NCUlCrWzXGyMEvB85XfMjwQnIoskQo/g+kEWocz2 hUE5Vg9ljsMlgjIkYm5Sui6voPXRCpbXD5ws/U5XR2IWFYTabwe8YpNRQfNdhaZrYb2C dxdA==
MIME-Version: 1.0
X-Received: by with SMTP id hc2mr13043462wib.12.1358741145581; Sun, 20 Jan 2013 20:05:45 -0800 (PST)
Received: by with HTTP; Sun, 20 Jan 2013 20:05:45 -0800 (PST)
Date: Sun, 20 Jan 2013 20:05:45 -0800
Message-ID: <CADajj4Z6jQej-Q4jCHZ873wjX5M5-Z+sfCczXhn4aZgb8SkE=w@mail.gmail.com>
From: Magnus Nyström <magnusn@gmail.com>
To: "iesg@ietf.org" <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>, draft-ietf-eman-requirements@tools.ietf.org
Content-Type: multipart/alternative; boundary="e89a8f3baa6f52f6a304d3c49326"
Subject: [secdir] Secdir review of draft-ietf-eman-requirements-10
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Jan 2013 04:06:05 -0000

I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG.  These
comments were written primarily for the benefit of the security area
directors. Document editors and WG chairs should treat these comments just
like any other last call comments.

This standards-track document describes requirements on standards for
managing power entities over networks.
 As stated in the Security Considerations section, controlling power state
and power supply of networked energy entities are highly sensitive actions
and thus authorization, privacy etc. may be required. Similarly, the date
provided by those entities will often require integrity and sometimes
authenticity. The document may gain by also making clear the potential
need for the energy entities to identify, authenticate and authorize the
entities requesting access to power data. I would suggest to add some text
around this - because I assume some requirements on standards will be
present for that.