[secdir] Secdir Review of draft-ietf-tram-stun-path-data-03

Watson Ladd <watsonbladd@gmail.com> Thu, 11 February 2016 15:57 UTC

Return-Path: <watsonbladd@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 42E231B33CB for <secdir@ietfa.amsl.com>; Thu, 11 Feb 2016 07:57:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ps3B68apWqDm for <secdir@ietfa.amsl.com>; Thu, 11 Feb 2016 07:57:08 -0800 (PST)
Received: from mail-yw0-x236.google.com (mail-yw0-x236.google.com [IPv6:2607:f8b0:4002:c05::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 028961B2B7B for <secdir@ietf.org>; Thu, 11 Feb 2016 07:57:08 -0800 (PST)
Received: by mail-yw0-x236.google.com with SMTP id u200so42341585ywf.0; Thu, 11 Feb 2016 07:57:07 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=zRG5ieSd0JNe+MXUvFHXX7spE9h7um+EP3rbT258w7Y=; b=xUATdjf6qdkdFaVKbymC+T1VtoumMUFRevJmUSwLOmuI8Aw83uw5dw302EqTPJGtGG 7+gvGSvQwzabbLTRaSbI14ZacQTettBejfht83/3G6GmPqQw74mw5U5oACX+CAZWAI0l TGJs6nOV19flC7pxMkyJYld2qrLTFTgSuapOXoyF4+eT8qjnVa/TWfyIn+1dzNTUEJ3L m0cn5Vn4hIXUOMcsKipBOm9hKrI2vim+lleBCoL1rJAxKLGkRjKngY8ySUyEj0bSK4nS JCgv5CXbntrQM3tvr3Et7I0Ll0DTmc+EKK5PUNKz7TibgpSQkip4zCd+nyjUvdvdI9Hm 4RBw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:date:message-id:subject:from:to :content-type; bh=zRG5ieSd0JNe+MXUvFHXX7spE9h7um+EP3rbT258w7Y=; b=FTOzz/d82ySS2FrVyGTigC0svEfGyL3EzTWeOGczufD5hr/yIEJ5cmUfQF/Qn942Ju iD/v5h53ifiQ29VT2Y+tSQbr0syQg66FamSG1CVQy0i0EdlvWECi8U8abPSE9DedHlWd HMkxUg3xII6Vbi5Akb+qzKiiBy7Q89oIiZfYV17LRixZ8gf+SlOBWqM6wS2E87kjELcM NYFQWXaOBBlKf1MeBLBfDjl6kaEHJ0upeZGw2y6kv0uQkmq+5PUKZr3yxTi5IJwXNhHl 8RZGteubcojJpYhR386IzSwwpZVQI3PBKoVojvqtNF9QzkfsoleJIz2M7mV6yrtSztfm X5ig==
X-Gm-Message-State: AG10YOQXXoWZO9NIEH8QPvlmM2PUOlb556Rfhw3aVSb/B5V7LJL1kMN3pd9WoR6rbz7QAdxefPiUv8tJ1eiqjw==
MIME-Version: 1.0
X-Received: by 10.129.57.135 with SMTP id g129mr23478309ywa.244.1455206227275; Thu, 11 Feb 2016 07:57:07 -0800 (PST)
Received: by 10.13.216.138 with HTTP; Thu, 11 Feb 2016 07:57:07 -0800 (PST)
Date: Thu, 11 Feb 2016 07:57:07 -0800
Message-ID: <CACsn0cnedpW29iSSHut-w++S64L5dsqH=d_9-4ix6gNXO7d16g@mail.gmail.com>
From: Watson Ladd <watsonbladd@gmail.com>
To: iseg@ietf.org, secdir@ietf.org, draft-ietf-tram-stun-path-data-03.all@tools.ietf.org
Content-Type: text/plain; charset=UTF-8
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/wTgsf8SdOYyPlNaboP5ExdODFNQ>
Subject: [secdir] Secdir Review of draft-ietf-tram-stun-path-data-03
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Feb 2016 15:57:09 -0000

Dear all,

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

This document describes an extension to  STUN for determining the
characteristics of connections, useful in situations where hosts have
multiple interfaces. It does this by enabling
clients to send multiple requests and receive counts of how many
responses were transmitted.

This document was Ready with Nits. Some values need to be assigned by
IANA. It reuses existing security mechanisms from STUN, which do in
fact protect the integrity of messages
properly. I am worried about interoperability questions, but these
come from those earlier
RFCs, and so are outside the scope of this review.

Sincerely,
Watson