Re: [Taps] [Last-Call] [Iot-directorate] Iotdir telechat review of draft-ietf-taps-transport-security-11
Tommy Pauly <tpauly@apple.com> Wed, 22 April 2020 17:05 UTC
Return-Path: <tpauly@apple.com>
X-Original-To: taps@ietfa.amsl.com
Delivered-To: taps@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B39FC3A1080; Wed, 22 Apr 2020 10:05:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=apple.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id isrFP8zYO1bs; Wed, 22 Apr 2020 10:05:20 -0700 (PDT)
Received: from nwk-aaemail-lapp01.apple.com (nwk-aaemail-lapp01.apple.com [17.151.62.66]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C75273A1078; Wed, 22 Apr 2020 10:05:19 -0700 (PDT)
Received: from pps.filterd (nwk-aaemail-lapp01.apple.com [127.0.0.1]) by nwk-aaemail-lapp01.apple.com (8.16.0.42/8.16.0.42) with SMTP id 03MH2pjt030458; Wed, 22 Apr 2020 10:05:15 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=apple.com; h=from : message-id : content-type : mime-version : subject : date : in-reply-to : cc : to : references; s=20180706; bh=wZdjGAiQ2QpIFCH012qq1JWQwmcQoI9ylvqWBEcYMk0=; b=D1njAdXIEp3Z1XpEvYQddCpjeuLVrwqVDFp46UJSBWvZcbHR7AfhV74yscJGEkm5J3pz Lb/rE6xBlx3bfY1zlQacWP0GpdpgaS3fgx/cLPBAxTOYms0hbE1mj9JbiYZhGYKwoKsS yRTKkS2T7+MyYRNVs/MKzs4qvGRYQSNXBxJf8k2UmiN/wralJcrbx1MbfRPzr0+2TCln Q688mXl2A4hNy4mn42JiJPNW08/2hvm/Rk05X+MCPIhqE0eHADHFatzSFVWoBsKmzZ42 ojyicrWkQ992o4N69q2izjUQiTsHwZT7TizUy19OxOXlMFWp+8aaquFoZivsY7lLOa2v TA==
Received: from rn-mailsvcp-mta-lapp01.rno.apple.com (rn-mailsvcp-mta-lapp01.rno.apple.com [10.225.203.149]) by nwk-aaemail-lapp01.apple.com with ESMTP id 30hj73ba40-4 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Wed, 22 Apr 2020 10:05:15 -0700
Received: from rn-mailsvcp-mmp-lapp03.rno.apple.com (rn-mailsvcp-mmp-lapp03.rno.apple.com [17.179.253.16]) by rn-mailsvcp-mta-lapp01.rno.apple.com (Oracle Communications Messaging Server 8.1.0.5.20200312 64bit (built Mar 12 2020)) with ESMTPS id <0Q9700NR88SQ4200@rn-mailsvcp-mta-lapp01.rno.apple.com>; Wed, 22 Apr 2020 10:05:14 -0700 (PDT)
Received: from process_milters-daemon.rn-mailsvcp-mmp-lapp03.rno.apple.com by rn-mailsvcp-mmp-lapp03.rno.apple.com (Oracle Communications Messaging Server 8.1.0.5.20200312 64bit (built Mar 12 2020)) id <0Q9700L008PIX600@rn-mailsvcp-mmp-lapp03.rno.apple.com>; Wed, 22 Apr 2020 10:05:14 -0700 (PDT)
X-Va-A:
X-Va-T-CD: ed5c3ce2e09ef5aa6ff6961241871657
X-Va-E-CD: 05ca45ebcf6d66e50370884a8fba8dcc
X-Va-R-CD: 6b1e0eddcc6b9537037ebf8d4d2de0e0
X-Va-CD: 0
X-Va-ID: d09f40ae-6149-49bd-b164-b1a98820722e
X-V-A:
X-V-T-CD: ed5c3ce2e09ef5aa6ff6961241871657
X-V-E-CD: 05ca45ebcf6d66e50370884a8fba8dcc
X-V-R-CD: 6b1e0eddcc6b9537037ebf8d4d2de0e0
X-V-CD: 0
X-V-ID: 0f997f2f-793a-4ba8-9f5f-e9f7804c191d
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.138, 18.0.676 definitions=2020-04-22_06:2020-04-22, 2020-04-22 signatures=0
Received: from [17.232.192.67] (unknown [17.232.192.67]) by rn-mailsvcp-mmp-lapp03.rno.apple.com (Oracle Communications Messaging Server 8.1.0.5.20200312 64bit (built Mar 12 2020)) with ESMTPSA id <0Q9700ZVC8SNJT00@rn-mailsvcp-mmp-lapp03.rno.apple.com>; Wed, 22 Apr 2020 10:05:14 -0700 (PDT)
From: Tommy Pauly <tpauly@apple.com>
Message-id: <11E692BD-0C31-4A96-A247-96C380D7999E@apple.com>
Content-type: multipart/alternative; boundary="Apple-Mail=_770DDBED-9580-4868-BF06-08AEC10B8B23"
MIME-version: 1.0 (Mac OS X Mail 13.4 \(3608.80.7.2.3\))
Date: Wed, 22 Apr 2020 10:05:11 -0700
In-reply-to: <5C72A1F6-DAD5-484A-B62E-FD26F83ADE20@cisco.com>
Cc: "iot-directorate@ietf.org" <iot-directorate@ietf.org>, "last-call@ietf.org" <last-call@ietf.org>, "draft-ietf-taps-transport-security.all@ietf.org" <draft-ietf-taps-transport-security.all@ietf.org>, "taps@ietf.org" <taps@ietf.org>
To: "Eric Vyncke (evyncke)" <evyncke=40cisco.com@dmarc.ietf.org>, Mohit Sethi <mohit.m.sethi@ericsson.com>
References: <158573789268.30918.7424398883276797270@ietfa.amsl.com> <5C72A1F6-DAD5-484A-B62E-FD26F83ADE20@cisco.com>
X-Mailer: Apple Mail (2.3608.80.7.2.3)
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.138, 18.0.676 definitions=2020-04-22_06:2020-04-22, 2020-04-22 signatures=0
Archived-At: <https://mailarchive.ietf.org/arch/msg/taps/2E6NYoTKoO_H40ycZc_juhdLzUo>
Subject: Re: [Taps] [Last-Call] [Iot-directorate] Iotdir telechat review of draft-ietf-taps-transport-security-11
X-BeenThere: taps@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IETF Transport Services \(TAPS\) Working Group" <taps.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/taps>, <mailto:taps-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/taps/>
List-Post: <mailto:taps@ietf.org>
List-Help: <mailto:taps-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/taps>, <mailto:taps-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Apr 2020 17:05:22 -0000
Hi Mohit, Thanks for the review! You can find an updated version of the document here: https://ietf-tapswg.github.io/draft-ietf-taps-transport-security/draft-ietf-taps-transport-security.html <https://ietf-tapswg.github.io/draft-ietf-taps-transport-security/draft-ietf-taps-transport-security.html> Regarding the title, we believe that the current version is correct, since "Transport Services” itself is about the interaction between apps and transport protocols; thus by adding security to the mix, we are still referring to the interface to applications. More importantly, the authors believe that the first sentence of the abstract does indicate this clearly: "This document provides a survey of commonly used or notable network security protocols, with a focus on how they interact and integrate with applications and transport protocols.” We did incorporate the editorial points you brought up. Thanks for pointing those out! Thanks, Tommy > On Apr 2, 2020, at 5:03 AM, Eric Vyncke (evyncke) <evyncke=40cisco.com@dmarc.ietf.org> wrote: > > Thank you Mohit for the review. > > I will take it into account for my ballot position. > > Regards > > -éric > > -----Original Message----- > From: Iot-directorate <iot-directorate-bounces@ietf.org> on behalf of Mohit Sethi via Datatracker <noreply@ietf.org> > Reply-To: Mohit Sethi <mohit.m.sethi@ericsson.com> > Date: Wednesday, 1 April 2020 at 12:45 > To: "iot-directorate@ietf.org" <iot-directorate@ietf.org> > Cc: "last-call@ietf.org" <last-call@ietf.org>, "draft-ietf-taps-transport-security.all@ietf.org" <draft-ietf-taps-transport-security.all@ietf.org>, "taps@ietf.org" <taps@ietf.org> > Subject: [Iot-directorate] Iotdir telechat review of draft-ietf-taps-transport-security-11 > > Reviewer: Mohit Sethi > Review result: Ready with Nits > > This document provides a summary of common security protocols. It then > discusses the interfaces that exist between applications and security protocols > as well as security protocols and transport services. > > Major issues: The document header says that this document is about interfaces > between security protocols and transport services. Yet, later on, I find that > the document is also discussing the interfaces between security protocols and > applications. Perhaps you could add 'applications' to the title -> 'Interaction > Between Applications, Security Protocols, and Transport Services' > > Editorial issues: > - Instead of saying 'This protocol obsoletes TCP MD5 "signature" options', can > we say 'TCP-AO obsoletes....' to avoid confusion of what is 'this' - Please > expand 'and IPsec AH [RFC4302]' -> IP Authentication Header - Are you talking > about cryptographic agility here 'security protocols: confidentiality, privacy > protections, and agility.' ? - Consider changing 'interface surface exposed '-> > interface exposed by'. Otherwise it sounds too similar to attack surface > exposed. - Expand EAP and reference RFC3748. - Perhaps you could say that > Source Address Validation (SAV) to prevent DoS is relevant for protocols that > use unreliable transport? > > > -- > Iot-directorate mailing list > Iot-directorate@ietf.org > https://www.ietf.org/mailman/listinfo/iot-directorate > > > -- > last-call mailing list > last-call@ietf.org > https://www.ietf.org/mailman/listinfo/last-call
- [Taps] Iotdir telechat review of draft-ietf-taps-… Mohit Sethi via Datatracker
- Re: [Taps] [Iot-directorate] Iotdir telechat revi… Eric Vyncke (evyncke)
- Re: [Taps] [Last-Call] [Iot-directorate] Iotdir t… Tommy Pauly