Re: [secdir] SECDIR Re-Reveiw of draft-ietf-hip-dex
"Eric Vyncke (evyncke)" <evyncke@cisco.com> Mon, 06 July 2020 06:35 UTC
Return-Path: <evyncke@cisco.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4D09F3A112C; Sun, 5 Jul 2020 23:35:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.597
X-Spam-Level:
X-Spam-Status: No, score=-9.597 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=QPsa/IR5; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=oGTtB1on
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AQCDOnGLrCfH; Sun, 5 Jul 2020 23:35:42 -0700 (PDT)
Received: from alln-iport-3.cisco.com (alln-iport-3.cisco.com [173.37.142.90]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3A0F93A112D; Sun, 5 Jul 2020 23:35:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=15781; q=dns/txt; s=iport; t=1594017342; x=1595226942; h=from:to:subject:date:message-id:references:in-reply-to: mime-version; bh=qT8S+zdQ4bW1ijf9VzLVnBgPQaBW3mzWLXzoVU+zL9U=; b=QPsa/IR5wGxF8jRGN6thDB/5G+KgG2NeKuxSrJnqfoscZiaJrJ8a41kw efnkTkEkrj/j5ohkOooaBS5TI4hx+HbuL87wBDbqw2wJeAYCeidGQhtsV cufGvdxOUN67qQgU1nCuiuTU/P+YXdRy55RStNoxDwM5X6ufADYCDym5w A=;
X-IPAS-Result: A0DDBQCSxQJf/5FdJa1WBwMcAQEBAQEBBwEBEgEBBAQBAYIKgSMvUQdvWC8shDKDRgONSooBiW6Ea4JSA1ULAQEBDAEBLQIEAQGERwIXggsCJDgTAgMBAQEDAgMBAQEBBQEBAQIBBgRthVsMhW4BAQEBAxIRBBkBATgPAgEIDgMDAQIoAwICAh8RFAkIAgQBEiKDBAGBfk0DLgGeBwKBOYhhdn8zgwEBAQWFAQ0Lgg4JgTiCaYNDhj4agUE/gREnHIJNPoIagXZECQEVEYJPM4ItjyeDE4ZDm0RNCoJcjnmFYoRvAx2Ze4UikVmMdZFrAgQCBAUCDgEBBYFqIimBLXAVOyoBgj5QFwINjh4MF4NOih0BOHQ0AwIGAQcBAQMJfJAHAQE
IronPort-PHdr: 9a23:YziQXRUA09zEKSGemI4UGlJLj1vV8LGuZFwc94YnhrRSc6+q45XlOgnF6O5wiEPSBNyHuf1BguvS9avnXD9I7ZWAtSUEd5pBH18AhN4NlgMtSMiCFQXgLfHsYiB7eaYKVFJs83yhd0QAHsH4ag7dp3Sz6XgZHRCsfQZwL/7+T4jVicn/3uuu+prVNgNPgjf1Yb57IBis6wvLscxDiop5IaF3wRzM8XY=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="5.75,318,1589241600"; d="scan'208,217";a="499417984"
Received: from rcdn-core-9.cisco.com ([173.37.93.145]) by alln-iport-3.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 06 Jul 2020 06:35:40 +0000
Received: from XCH-ALN-003.cisco.com (xch-aln-003.cisco.com [173.36.7.13]) by rcdn-core-9.cisco.com (8.15.2/8.15.2) with ESMTPS id 0666ZeMc009062 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Mon, 6 Jul 2020 06:35:40 GMT
Received: from xhs-rtp-003.cisco.com (64.101.210.230) by XCH-ALN-003.cisco.com (173.36.7.13) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Mon, 6 Jul 2020 01:35:40 -0500
Received: from xhs-aln-003.cisco.com (173.37.135.120) by xhs-rtp-003.cisco.com (64.101.210.230) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Mon, 6 Jul 2020 02:35:38 -0400
Received: from NAM10-DM6-obe.outbound.protection.outlook.com (173.37.151.57) by xhs-aln-003.cisco.com (173.37.135.120) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Mon, 6 Jul 2020 01:35:38 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Z5a9jqxmQe6DaRdL4fKjEbi9rimdOk9/3w+kFm5m9SQ+9f31IHal5bS4i7sBtCL5wzZu00YGLY81bRAhGeEvoJSVS04ejOmn1IzurhqIaot6pHF3ZJPsSWSigTorwP0dG4XfRcQJKTmGSPvmu6v/Axe3Lahygz/+gEIHxXwtYNi8s5AdkdKyyXHuQ4U03RdEo7iTUepKHQunkQuN6E5/1EHy7FF5yBm62cBijAF8svmT3tg6B+9+8x43ETduJaSywlrIUVFqHjvIWWG4pK3b+KWgC+I56z519ByyuxRTCA2zcWrVBr14u2uZkYadMePx8C/dca6MswVpZoGXvWJ/mw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=qT8S+zdQ4bW1ijf9VzLVnBgPQaBW3mzWLXzoVU+zL9U=; b=fqG+oAgM53GS3LSt5UvniUm+U+qOZyqEvnOreAO6qUdfSrOrUS6hL471Z4KNWWB4kfyqlIPj9nmypnkF3dYhpAWsbBP6St8QLk84SZVjfTv6uOcGtRUJTmUtHd4EkSa/GkwBhESKaQw1LsHv/egDZTSNq40j2KAcsVvlYZXjIODJq4ylqFl/16JtrNmJuT0pRWv8l+wNQX6HaZE4kqivW26gAv95Wz6Jqck6hkS0Gr1sJAVFxwbvstwOG16k5KqdSrZury8MUhR9NjegfaIIDnDahrnj7w7pJ4ZFnCqzTYHzdfdeZk/B2Zg6vVgvOJBOvNIgwQk4QjWU9SzQ1SMV/Q==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=qT8S+zdQ4bW1ijf9VzLVnBgPQaBW3mzWLXzoVU+zL9U=; b=oGTtB1onkZzQZYatpNIlybmtD7zO8gTAieEsJTC0J9D8I2USmwvHnnJncgAZmGU+mUtKa8Kjyx3omVO2VHHb++SFEJXylc63gJEH/eBDTiWyga+RUW5/Wh1+Jf5Nh6MKZC4pay7uQcFIhUYsNMGK4GyDnV5bMATCQ293B865QwQ=
Received: from DM5PR11MB1753.namprd11.prod.outlook.com (2603:10b6:3:10d::13) by DM5PR11MB1289.namprd11.prod.outlook.com (2603:10b6:3:b::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3153.21; Mon, 6 Jul 2020 06:35:38 +0000
Received: from DM5PR11MB1753.namprd11.prod.outlook.com ([fe80::a14c:59b6:47b0:f630]) by DM5PR11MB1753.namprd11.prod.outlook.com ([fe80::a14c:59b6:47b0:f630%7]) with mapi id 15.20.3153.029; Mon, 6 Jul 2020 06:35:38 +0000
From: "Eric Vyncke (evyncke)" <evyncke@cisco.com>
To: Donald Eastlake <d3e3e3@gmail.com>, "iesg@ietf.org" <iesg@ietf.org>, secdir <secdir@ietf.org>, "draft-ietf-hip-dex.all@ietf.org" <draft-ietf-hip-dex.all@ietf.org>, "secdir-secretary@mit.org" <secdir-secretary@mit.org>
Thread-Topic: SECDIR Re-Reveiw of draft-ietf-hip-dex
Thread-Index: AQHWUz2NARF/kW+WJUmpMXxcpIr0W6j6Ol2A
Date: Mon, 06 Jul 2020 06:35:38 +0000
Message-ID: <A7FA64DD-FA7C-453A-B7F7-2BDBA8AD0897@cisco.com>
References: <CAF4+nEGugeTKFvuNRFDQTvYKBG8EexAYwxVaiHMfK1rOEkwsag@mail.gmail.com>
In-Reply-To: <CAF4+nEGugeTKFvuNRFDQTvYKBG8EexAYwxVaiHMfK1rOEkwsag@mail.gmail.com>
Accept-Language: fr-BE, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.38.20061401
authentication-results: gmail.com; dkim=none (message not signed) header.d=none;gmail.com; dmarc=none action=none header.from=cisco.com;
x-originating-ip: [2001:420:c0c1:36:65a9:2a8:2e53:dd47]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 8d0cdcd4-cdbd-479b-cf46-08d82176cbda
x-ms-traffictypediagnostic: DM5PR11MB1289:
x-microsoft-antispam-prvs: <DM5PR11MB1289A661323AD0568EA65C8CA9690@DM5PR11MB1289.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 04569283F9
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: CWVE/blf+koF0MXat7ZvDINhwaeGWM30YZDLF8+DvhT6Mv7n/KWafrT5YfsKbzFPPdCxHleLzlJgCFFBy+H8Cq8IdXCr2Rbg27o6RVc+Tim8Pu4/Ar/uXjcyyyCo6v02bobAZv/FrPbsOdHAQT9IznWvD7RSy/tU8PkavveXPCFUhIOo1OERJrzeU2kS/yt/U2rAIf1k25N5sMQvO//IppoUe7BluhWJGztUx4oc7WhcWIjY42WwKnYCiB3Cq2xLOL8VvyP8vekzdagGILCrIebda5u3arIf1COUHDryFjB8I2lUj5weOiGhZ3kO4dpBQQCvBfDjF5aDIcvK1A60rw==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM5PR11MB1753.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(136003)(376002)(39860400002)(346002)(396003)(366004)(2906002)(5660300002)(6512007)(71200400001)(2616005)(6486002)(8676002)(53546011)(66446008)(66556008)(66476007)(64756008)(33656002)(83380400001)(186003)(316002)(86362001)(110136005)(6506007)(36756003)(478600001)(66946007)(8936002)(76116006)(91956017); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: OxErs/4lP39jHfJZ50vR+8sAJNuQ8C8Na4t/PAWN2GmYxEXa9P9OlCkrycwFY0t67RX3ObMGO2QsT2jvKj0uad1HoQ2vxyKRC2si2/MxhpApswOvjqb7i9GDvTZP1EWnqHeZUi3keN2Mn2LxySO2/5TlN4KsZ3Je8R/CpRQxYEx91ZtSoSNHTatiDI8a52Ny/NllSWeH+/AqoSroER6518GeJagLxsuy0UB8ym3qGnTZtXlAC2xHlQ4zlvNww+Y8tHDoauXQTnOCVyk8dYVDsteVPkAKdd+kGme8OJJWeZ19gzUAcX+JfvctHBTEimnaEMsTORddM56ANazB1MK9bKJx+wEM9oDCABrvuqy6mTaQSVqHV6D36MOT2nII5MA0CjVaizJsDGP8eQNwmnzhEU3Cl04CFdP5KTWxjDtX+XelpJMs6myPxp039OXGGZe/5LhU8KGarcaqNpCMTQMrc9iqCEa8lHBuvipMrBZiLRw4qmko1BU60Apqx5a2ExLziEyToQRc5CBfCxFEMxXSFGrmgsf579VNDeSchZO9pSw=
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_A7FA64DDFA7C453AB7F72BDBA8AD0897ciscocom_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DM5PR11MB1753.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 8d0cdcd4-cdbd-479b-cf46-08d82176cbda
X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Jul 2020 06:35:38.1767 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: HP6CiQpTsIZqnVnBgSLHTBFGbKWwyH7u5ZrCfuPVkk4z0pY8nucg7x2Cwgx8kyOHeyccAHGBImd3fobKq5SH9Q==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR11MB1289
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.13, xch-aln-003.cisco.com
X-Outbound-Node: rcdn-core-9.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/xsa2qyiFpoOcOrG9mvQDGR0wk24>
Subject: Re: [secdir] SECDIR Re-Reveiw of draft-ietf-hip-dex
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Jul 2020 06:35:45 -0000
Thank you Don for reviewing the latest revision against your previous review. Regards -éric From: iesg <iesg-bounces@ietf.org> on behalf of Donald Eastlake <d3e3e3@gmail.com> Date: Monday, 6 July 2020 at 04:31 To: "iesg@ietf.org" <iesg@ietf.org>, secdir <secdir@ietf.org>, "draft-ietf-hip-dex.all@ietf.org" <draft-ietf-hip-dex.all@ietf.org>, "secdir-secretary@mit.org" <secdir-secretary@mit.org> Subject: SECDIR Re-Reveiw of draft-ietf-hip-dex Hi, I have checked the current -20 version of this draft against my previous review below. All my comments are resolved except that I think the plural of SHOULD is SHOULDs, not SHOULDS, and there are still occurrences of SHOULDS in Appendix B of the draft. Thanks, Donald =============================== Donald E. Eastlake 3rd +1-508-333-2270 (cell) 2386 Panoramic Circle, Apopka, FL 32703 USA d3e3e3@gmail.com<mailto:d3e3e3@gmail.com> ---------- Forwarded message --------- From: Donald Eastlake <d3e3e3@gmail.com<mailto:d3e3e3@gmail.com>> Date: Mon, Jan 20, 2020 at 11:18 PM Subject: SECDIR Reveiw of draft-ietf-hip-dex-11 To: <draft-ietf-hip-dex.all@ietf.org<mailto:draft-ietf-hip-dex.all@ietf.org>> Cc: iesg@ietf.org<mailto:iesg@ietf.org> <iesg@ietf.org<mailto:iesg@ietf.org>>, secdir <secdir@ietf.org<mailto:secdir@ietf..org>> I have reviewed this document as (a very late) part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. The summary of the review is Ready with Nits. Sorry to get this review in so late but, while approved by the IESG, the draft is still in revised draft needed state so this may do some good. On the security front, although the draft is pretty complex and I am not that familiar with HIP, I did not see any significant security issues that were not already called out in the draft. So I concentrated on possible editorial issues. Editorial: Section 1.1, 3rd paragraph, page 5. Delete "However," a the beginning of the 2nd sentence. It doesn't make sense. Section 2.3, Definitions should be in alphabetic order. Section 2.3: It seems to me that people who are puzzled about what something means are most likely to be puzzled by the acronym. So I would put the acronym first, where there is an acronym or acronym-like term to use, then the expansion in parenthesis or in the body of the definition. This done for a couple of entries like CMAC and CKDF but most are the other way. Section 3 last paragraph and Section 12.10 5th bullet: "to use" -> "use of" I think OGA and KEYMAT should be in the Definitions list and KEYMAT, which I assume just is short for "keying material", should be expanded on first use in Section 6.3. Alternatively, you could just replace all occurrences of KEYMAT with "Keying Material". Section 5.3.2, page 23. The first sentence of the first paragraph starting on that page has problems. Maybe "chose" should be "choses" but I'm not sure: "The DH_GROUP_LIST parameter contains the Responder's order of preference based on which the Responder chose the ECDH key contained in the HOST_ID parameter (see below)." Appendix A, first sentence, "allows to identify" -> "allows identifying" Appendix B, "IEDG" -> "IESG" Appendix B, around the middle of page 51, right after the line beginning with "Section 6," there are three line with a blank line before and after. I found this confusing at first. I suggest those three line also be indented. Appendix B, page 52, "SHOUDS" -> "SHOUDs" Thanks, Donald =============================== Donald E. Eastlake 3rd +1-508-333-2270 (cell) 2386 Panoramic Circle, Apopka, FL 32703 USA d3e3e3@gmail.com<mailto:d3e3e3@gmail.com>
- [secdir] SECDIR Re-Reveiw of draft-ietf-hip-dex Donald Eastlake
- Re: [secdir] SECDIR Re-Reveiw of draft-ietf-hip-d… Eric Vyncke (evyncke)
- Re: [secdir] SECDIR Re-Reveiw of draft-ietf-hip-d… Robert Moskowitz