IETF Logo Mail Archive

Re: [sidr] Kathleen Moriarty's No Objection on draft-ietf-sidr-publication-10: (with COMMENT)

Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> Tue, 31 January 2017 02:00 UTC

Return-Path: <kathleen.moriarty.ietf@gmail.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CEA1812986E; Mon, 30 Jan 2017 18:00:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4aexXwtA3I0v; Mon, 30 Jan 2017 18:00:41 -0800 (PST)
Received: from mail-qk0-x235.google.com (mail-qk0-x235.google.com [IPv6:2607:f8b0:400d:c09::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3F5BF129849; Mon, 30 Jan 2017 18:00:41 -0800 (PST)
Received: by mail-qk0-x235.google.com with SMTP id s140so150208655qke.0; Mon, 30 Jan 2017 18:00:41 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=uSAN4lWtWwqTVqBna0JG74RRQ3CQkZBiOfCTjXhRdH4=; b=io9cy7vPIINjG+kjppvNICA2rrL1KvIExI1BJd07uW9hBmLUBUnmRNOFOb35qIsk7/ QaK3E2OdBify9Fe+l2fQ99lPbjICXEO0giMde10/BK2WyceZNDAa/uIpDzAo5KaLsN5R V2eOBo5ry4gPPABTYIzaPJuvC2Dr27i+v22K6qNhJA6BShOovd5U/siKChg/Jdj3e9Wt Af4XgbxHlIsisVt/hOKsdYMOs6ocQU5MibhZpM91WXvO2kdiOyacEwBXU4hxeQeJflRh mRdOSeTiU+biYn92OyQTEV1i3cGIRMoyK6SXlw26/cjZPZz9SrjEXA/cQSGAQkefNCwv OMIQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=uSAN4lWtWwqTVqBna0JG74RRQ3CQkZBiOfCTjXhRdH4=; b=Mr1ro/Qkfe2bNBOQ0SkZwLSGnD0MKsjldOt4PZP8eERsFqKzQlRtrhNG9ugUycGi42 Awvzaye8wKICDFH66mC46r54aS5VQXj+031xeRcBb0WU6XBV+8cAqhMvCX4bDsyguLDR oXQ9QTFnKNM/AYiVQCFaFXncacCz7GhAifpiMrTRYhWat2esT8tj4R6BjnLqsy6oHMgX lcNV2YNJlbvA2o1edmbReOmYT2xlyZSdSEDaRZ7vHPI31a3qKSzGK1N94QUyK3Aim0lp Y1X2HAI4wd2svQskN4/tOv7fyTR5MwLYCkeQDdFdpdyQowQwcKHBDkx8sDNl25dJWJKT LTsA==
X-Gm-Message-State: AIkVDXLjI7+kehNOAUG2AjsMMu1unXs2a/10dTaTUol0qBNluw3AFAno5Adb5WXqDiI6ibUGx/2qqoaY7tl3Xg==
X-Received: by 10.55.81.194 with SMTP id f185mr24668798qkb.153.1485828040391; Mon, 30 Jan 2017 18:00:40 -0800 (PST)
MIME-Version: 1.0
Received: by 10.12.170.30 with HTTP; Mon, 30 Jan 2017 18:00:39 -0800 (PST)
In-Reply-To: <20170131010157.E32F74665502@minas-ithil.hactrn.net>
References: <148476342049.2020.11557954514441735216.idtracker@ietfa.amsl.com> <20170131010157.E32F74665502@minas-ithil.hactrn.net>
From: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
Date: Mon, 30 Jan 2017 21:00:39 -0500
Message-ID: <CAHbuEH6eJs9FOASg8_wZoy5_HzBp-j=xbEKun6=UgdOVoxiaNA@mail.gmail.com>
To: Rob Austein <sra@hactrn.net>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidr/-H1Th0NRiOuw3ohWo0HTLoV3ZX4>
Cc: Chris Morrow <morrowc@ops-netman.net>, sidr chairs <sidr-chairs@ietf.org>, The IESG <iesg@ietf.org>, sidr@ietf.org, draft-ietf-sidr-publication@ietf.org
Subject: Re: [sidr] Kathleen Moriarty's No Objection on draft-ietf-sidr-publication-10: (with COMMENT)
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 31 Jan 2017 02:00:43 -0000

Hi Rob,

On Mon, Jan 30, 2017 at 8:01 PM, Rob Austein <sra@hactrn.net> wrote:
> At Wed, 18 Jan 2017 10:17:00 -0800, Kathleen Moriarty wrote:
> ...
>> ----------------------------------------------------------------------
>> COMMENT:
>> ----------------------------------------------------------------------
>>
>> As for Alissa's comment on transport, more language added to the Security
>> Considerations section would be helpful to explain why the CMS signature
>> is sufficient.  I am assuming that the only exposure would be to public
>> information during transport that is protected from tampering, unless I
>> missed something in reading the draft (I don't think you are transferring
>> private keys and didn't see that in the text).
>
> Correct, no private keys in flight here.  Everything being transferred
> is a signed object intended for public consumption.

OK, my response here was tied to my text following that considered CA
policies.  Having run CAs and reviewed many policies, most are strict
enough that I would think the session encryption would be mandated by
policy assurance level.  This would mean something like only those
operating under a rudimentary assurance level might not have session
encryption... but knowing where that line is drawn would be helpful.
I believe Stephen put a discuss on this and I agree with that since I
was making assumptions on the policy assurance requirements.  If the
assurance requirements cover the need for session encryption, that
should be stated or a stronger requirement in this draft per Stephen's
discuss.

Thank you,
Kathleen

>
> Will try to come up with something for security considerations (I
> would say "suggestions welcome" but I think you just did...).




-- 

Best regards,
Kathleen

v2.23.0 | Report a Bug | By Email