[secdir] secdir review of draft-ietf-decade-problem-statement-05
Leif Johansson <leifj@sunet.se> Sun, 11 March 2012 20:39 UTC
Return-Path: <leifj@sunet.se>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 94D2A21F85A3; Sun, 11 Mar 2012 13:39:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TJ0gN5KzgVVV; Sun, 11 Mar 2012 13:39:23 -0700 (PDT)
Received: from backup-server.nordu.net (backup-server.nordu.net [IPv6:2001:948:4:1::66]) by ietfa.amsl.com (Postfix) with ESMTP id 30BE521F85A5; Sun, 11 Mar 2012 13:39:23 -0700 (PDT)
Received: from [10.0.1.91] (70-91-87-57-BusName-metrodr.md.hfc.comcastbusiness.net [70.91.87.57]) (authenticated bits=0) by backup-server.nordu.net (8.14.3/8.14.3) with ESMTP id q2BKdGkc001958 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sun, 11 Mar 2012 21:39:20 +0100 (CET)
Message-ID: <4F5D0D74.5030209@sunet.se>
Date: Sun, 11 Mar 2012 21:39:16 +0100
From: Leif Johansson <leifj@sunet.se>
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:10.0.2) Gecko/20120216 Thunderbird/10.0.2
MIME-Version: 1.0
To: draft-ietf-decade-problem-statement.all@tools.ietf.org, iesg@ietf.org, secdir@ietf.org
X-Enigmail-Version: 1.3.5
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Subject: [secdir] secdir review of draft-ietf-decade-problem-statement-05
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 11 Mar 2012 20:39:24 -0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. My main problem with the draft is that the Security Considerations Section is weak. I would have liked a more in-depth analysis of the enumerated threats in the context of decade. For instance the privacy aspects of using in-network storage for P2P networks is only covered briefly as part of a discussion on traffic analysis. Also in section 3.2 it is noted that E2E encryption may render P2P caches ineffective. This speaks to a fundamental flaw (imo) in the architecture: the standard way to protect against many of the stated attacks also leads to inefficiency of decade. At the very least the document needs to call this issue out clearly. Cheers Leif -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk9dDXQACgkQ8Jx8FtbMZndzfQCdGlV5Vun5Khv9doeYdcjebALX ++EAn0VVTjtEMsDlFFM86NlWC+pRlr7X =Ob4+ -----END PGP SIGNATURE-----
- [secdir] secdir review of draft-ietf-decade-probl… Leif Johansson
- Re: [secdir] secdir review of draft-ietf-decade-p… Songhaibin
- Re: [secdir] secdir review of draft-ietf-decade-p… Leif Johansson
- Re: [secdir] secdir review of draft-ietf-decade-p… Songhaibin
- Re: [secdir] secdir review of draft-ietf-decade-p… Leif Johansson
- Re: [secdir] secdir review of draft-ietf-decade-p… David Harrington