Re: [sidr] Review of draft-ietf-sidr-adverse-actions-03

Steve KENT <steve.kent@raytheon.com> Mon, 09 January 2017 17:39 UTC

Return-Path: <prvs=0182586c3a=steve.kent@raytheon.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AD7E4129443; Mon, 9 Jan 2017 09:39:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.099
X-Spam-Level:
X-Spam-Status: No, score=-5.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-3.199, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id F_mBO7N9gpFQ; Mon, 9 Jan 2017 09:39:13 -0800 (PST)
Received: from dfw-mailout20.raytheon.com (dfw-mailout20.raytheon.com [199.46.199.221]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A6F12129499; Mon, 9 Jan 2017 09:39:12 -0800 (PST)
Received: from ca-mailout10.rtnmail.ray.com (ca-mailout10.rtnmail.ray.com [147.25.146.12]) by dfw-mailout20.ext.ray.com (8.15.0.59/8.15.0.59) with ESMTPS id v09Hd6VE001004 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Mon, 9 Jan 2017 17:39:07 GMT
Received: from 008-smtp-out.ray.com ([23.103.8.215]) by ca-mailout10.rtnmail.ray.com (8.15.0.59/8.15.0.59) with ESMTPS id v09Hd5dP008756 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=NOT); Mon, 9 Jan 2017 17:39:05 GMT
Received: from CY1PR0601MB023.008f.mgd2.msft.net (23.103.8.215) by CY1PR0601MB023.008f.mgd2.msft.net (23.103.8.215) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_RSA_WITH_AES_256_CBC_SHA) id 15.1.789.16; Mon, 9 Jan 2017 17:39:04 +0000
Received: from CY1PR0601MB023.008f.mgd2.msft.net ([23.103.8.215]) by CY1PR0601MB023.008f.mgd2.msft.net ([23.103.8.215]) with mapi id 15.01.0789.014; Mon, 9 Jan 2017 17:39:04 +0000
From: Steve KENT <steve.kent@raytheon.com>
To: Dan Romascanu <dromasca@gmail.com>, "gen-art@ietf.org" <gen-art@ietf.org>
Thread-Topic: Review of draft-ietf-sidr-adverse-actions-03
Thread-Index: AQHSamYTsL7I4vqN5Eu1AlAG3mZhn6EwZ9Qm
Date: Mon, 9 Jan 2017 17:39:04 +0000
Message-ID: <e24e2f8f5378421c8b4fc911efa11a6e@CY1PR0601MB023.008f.mgd2.msft.net>
References: <148395897584.24935.4865204550913882433.idtracker@ietfa.amsl.com>
In-Reply-To: <148395897584.24935.4865204550913882433.idtracker@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [23.103.8.197]
Content-Type: multipart/alternative; boundary="_000_e24e2f8f5378421c8b4fc911efa11a6eCY1PR0601MB023008fmgd2m_"
MIME-Version: 1.0
X-CC: dromasca@gmail.com, gen-art@ietf.org, sidr@ietf.org, ietf@ietf.org, draft-ietf-sidr-adverse-actions.all@ietf.org
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2017-01-09_11:, , signatures=0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2017-01-09_11:, , signatures=0
X-Original-Sender: steve.kent@raytheon.com
X-Original-Recipients: draft-ietf-sidr-adverse-actions.all@ietf.org, ietf@ietf.org, sidr@ietf.org, gen-art@ietf.org, dromasca@gmail.com
X-Attachments:
X-DMZ-Spam-Details: rule=notspam policy=default score=0 spamscore=0 suspectscore=0 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1612050000 definitions=main-1701090248
X-DMZ-Spam-Reason: mlx
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidr/PQPOB4ujn5Izy1dqiycONCs-FAw>
Cc: "draft-ietf-sidr-adverse-actions.all@ietf.org" <draft-ietf-sidr-adverse-actions.all@ietf.org>, "ietf@ietf.org" <ietf@ietf.org>, "sidr@ietf.org" <sidr@ietf.org>
Subject: Re: [sidr] Review of draft-ietf-sidr-adverse-actions-03
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Jan 2017 17:39:14 -0000

Dan,


Thanks for the review.


Adverse actions include cases where the CA or repository manager is not attacked or did not make an error, as noted in the Introduction:

Note that the CA that allocated the affected INRs may be acting in accordance with established policy, and thus the change may be contractually justified, even though viewed as adverse by the INR holder.
Thus I believe the title is appropriate.


We chose to labels actions with an "A" to distinguish them and to allow numbering of actions to begin at "1". If we label actions by subsection, the labels will become longer, which we felt was awkward.

________________________________
From: Dan Romascanu <dromasca@gmail.com>
Sent: Monday, January 9, 2017 5:49:35 AM
To: gen-art@ietf.org
Cc: sidr@ietf.org; ietf@ietf.org; draft-ietf-sidr-adverse-actions.all@ietf.org
Subject: Review of draft-ietf-sidr-adverse-actions-03

Reviewer: Dan Romascanu
Review result: Ready with Nits

I am the assigned Gen-ART reviewer for this draft. The General Area
Review Team (Gen-ART) reviews all IETF documents being processed
by the IESG for the IETF Chair.  Please treat these comments just
like any other last call comments.

For more information, please see the FAQ at

<https://trac.ietf.org/trac/gen/wiki/GenArtfaq>.

Document: draft-ietf-sidr-adverse-actions-03
Reviewer: Dan Romascanu
Review Date: 2017-01-09
IETF LC End Date: 2017-01-10
IESG Telechat date: 2017-01-19

Summary:

Major issues:

Minor issues:

Nits/editorial comments:

1. The title is slightly misleading, it can be interpreted that the
document deals with cases where the CA or Resource Manager initiate
the attacks. In reality the document deals with attacks made possible
by the fact that the CA or Resource Managers are themselves under
attack, or some management mistakes were made at the CA or Resource
Manager. I would suggest a change in the title of the document:

s/Adverse Actions by a Certification Authority (CA) or Repository
Manager/Adverse Actions by means of a Certification Authority (CA) or
Repository Manager/

2. It is not clear why the numbering of the actions in the subsections
of section 2 (2.1, 2,2, etc.) are prefixed by A, rather than
continuing the indentation under 2.1, 2.2, etc. In other words - why
A-1.1 and not 2.1.1, A-1.1.1 and not 2.1.1.1, etc.