Re: [Taps] I-D Action: draft-ietf-taps-transport-security-03.txt
Spencer Dawkins at IETF <spencerdawkins.ietf@gmail.com> Thu, 01 November 2018 21:35 UTC
Return-Path: <spencerdawkins.ietf@gmail.com>
X-Original-To: taps@ietfa.amsl.com
Delivered-To: taps@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 210CA127B92; Thu, 1 Nov 2018 14:35:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rA1xGyRnyMu9; Thu, 1 Nov 2018 14:35:06 -0700 (PDT)
Received: from mail-lj1-x234.google.com (mail-lj1-x234.google.com [IPv6:2a00:1450:4864:20::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9977612D4E8; Thu, 1 Nov 2018 14:35:05 -0700 (PDT)
Received: by mail-lj1-x234.google.com with SMTP id k19-v6so10890018lji.11; Thu, 01 Nov 2018 14:35:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=FzxYsxt+tolJO6QxYM3NLMxYest/lNf8OOQZLBo+0Y8=; b=fsfBnixt3vOgo08SoFtmKFnZ490z2nezJqNsebS6YjghZ51768o20VBPDIJ4KdTUFS A0BEktKYc0Gy0A75AMJivVRC7rISDfIRke6yzs5It1wFHnpbfEdvMrpwnkz9FemvyKat NyWo+ZILYH/Dmbnxoby/wF3B2uaNpRt4QDidIZBkneUYbu8hT/OvoYv1X7T24JH8vPPj ZlRVrvBPASbzhcSlNU+C2HCrk6bBfkIv0SiX3pvPLf3vwldoa59P5qEGQqJSsNzZAy1w oFC8yOMSizqc8xh00zCDYbSjY47YkIchZTnoFkr7s8j3El4Axec8fS7jz0OOfmP7btb7 rg5A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=FzxYsxt+tolJO6QxYM3NLMxYest/lNf8OOQZLBo+0Y8=; b=AcyNtfIiWyu4XCzWaNJ7BoIzIxcnLEbDnMM4iCetGw9aS2ydS6IK219y37SmR4Rc9E FJsOxNZ9XGFrVgidnypqZ1iseexULWJvfdx+GWgCe+DrpomMlGbkOGcS8Gla96Fl7X1l 8BtxQtCFAxj5s3qabOMwWPF884weCaV0mW9HCz3QXIM0O/6uICpcKY+2ulLvpZeDYfRK 1ECQWqH5etdpvYk8wnmfNg/g7X8MI/0tgJFAjFrmPjHpE99iNjUjcXXJenFvcHNQP8V4 fbrMkJQBRdYqk8VQd4w0o2fXYdOnfcyiQjYNWWurhigp0lBnSSd8Qt2MoXItg35wL844 cArA==
X-Gm-Message-State: AGRZ1gI642vCqe18lBAzvCOxSqgH2DvsnqBUSZ3uFLOexxndasN33PFS TF+WzC4fAsQWtIDzLw++ql8cGLNGtyS6j4rcvY8=
X-Google-Smtp-Source: AJdET5d78RXMb6Tc3bFKlzEHxKNkpIuas1EoeNJjze+dDD3D0hQL5QCX4ceTDZCvsHlc4nsWmgV8PTxGuTn9jJRP8Bk=
X-Received: by 2002:a2e:320c:: with SMTP id y12-v6mr5902545ljy.163.1541108103630; Thu, 01 Nov 2018 14:35:03 -0700 (PDT)
MIME-Version: 1.0
References: <154022748014.6890.5464777930050299508@ietfa.amsl.com> <6fb7824e-b24e-1b88-f8eb-3e8005906e1b@inet.tu-berlin.de> <A6F37FDD-77F6-497B-B35F-652CF0A29C48@akamai.com> <CAO8oSXnQ4caha7R6buzb3J67WEzjKd7qiBKY+9qCwNymdoeoRw@mail.gmail.com>
In-Reply-To: <CAO8oSXnQ4caha7R6buzb3J67WEzjKd7qiBKY+9qCwNymdoeoRw@mail.gmail.com>
From: Spencer Dawkins at IETF <spencerdawkins.ietf@gmail.com>
Date: Thu, 01 Nov 2018 16:34:53 -0500
Message-ID: <CAKKJt-dL2x4U43YcFn1PALR5txNwQRE4mhyZqE0__UDs6TdgxQ@mail.gmail.com>
To: Christopher Wood <christopherwood07@gmail.com>
Cc: "Falk, Aaron" <aafalk@akamai.com>, taps WG <taps@ietf.org>, Theresa Enghardt <theresa@inet.tu-berlin.de>, draft-ietf-taps-transport-security@ietf.org
Content-Type: multipart/alternative; boundary="00000000000013d5a00579a1310a"
Archived-At: <https://mailarchive.ietf.org/arch/msg/taps/ll60J8Qj0fNZYvbdkaPJZQF0-5Y>
Subject: Re: [Taps] I-D Action: draft-ietf-taps-transport-security-03.txt
X-BeenThere: taps@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IETF Transport Services \(TAPS\) Working Group" <taps.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/taps>, <mailto:taps-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/taps/>
List-Post: <mailto:taps@ietf.org>
List-Help: <mailto:taps-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/taps>, <mailto:taps-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Nov 2018 21:35:08 -0000
Hi, Christopher, On Sat, Oct 27, 2018 at 12:08 AM Christopher Wood < christopherwood07@gmail.com> wrote: > Hi Aaron, > > On Fri, Oct 26, 2018 at 10:46 AM Aaron Falk <aafalk@akamai.com> wrote: > >> Dear Authors, >> >> We agreed at the last IETF that the authors would send a note when this >> draft was ready for SecDir review. Is it ready? Do you want to talk about >> Theresa's comments in Bangkok first? >> > > It is not yet ready. We will send it to SecDir when that changes. I don’t > think Theresa’s comments are blockers here. (I’ll spin a new version with > her comments for submission when the tracker reopen.) > Given that TAPS meets fairly late on Wednesday, if you think there will be discussion that a SECDIR reviewer might benefit from, it is likely possible to let the secdir secretaries at https://datatracker.ietf.org/group/secdir/about/ know that a request for early review will be coming, so that a reviewer could be identified early enough to be present. If that won't be a helpful discussion for a reviewer to listen to, of course, no need. Do the right thing :-) Spencer > Best, > Chris > > >> --aaron >> >> On 26 Oct 2018, at 5:15, Theresa Enghardt wrote: >> >> Dear TAPS, >> >> having shepherded the minset draft, and, in the process, having seen a >> lot of discussion around security, where we mostly pointed to the >> security survey draft, I gave this draft another read in the current >> version, with a focus on Section 5. >> >> Thanks for the update, this document was a good read. >> >> However, I have some comments, which I'm sharing now rather than later, >> just in case there's anything which is better discussed in-person in >> Bangkok. >> >> >> Right now, the abstract states that this document is a survey of >> security protocols. I suggest to add text saying that the document also >> provides a minimal set of security features. Essentially, this document >> and minset together cover the "minimum requirements of a secure >> transport system". >> >> >> In Section 5, the document groups security features into mandatory and >> optional features, and states their transport dependency and application >> dependency. Application dependency, for me, relates to whether a feature >> is "functional", "optimizing", or "automatable" (in minset terminology). >> For example, if there is no application dependency, the feature is >> "automatable" and does not have to be exposed to the application. In >> contrast, a "function" feature needs to be exposed to the application. >> >> In Section 5.1, I am missing transport dependency and application >> dependency for the mandatory transport features. For example, I would be >> interested to know what is the minimum that the transport system needs >> to expose to the application for public-key based authentication? >> >> In Section 5.1, what is "unilateral responder authentication", which I >> haven't found in other places in the document under this name? >> >> In Section 5.2, "Session caching and management" has no application >> dependency. However, later in Section 6.1, we do expose Session Cache >> Management to the application. My interpretation is that this is just an >> "optimizing" feature, which is why there is no application dependency, >> but it is still useful to expose. It might help to make this explicit in >> the text. >> >> In Section 5, do we want to mention any security features related to >> integrity protection? >> >> >> As far as I can see, none of the protocols we survey provide any >> features explicitly providing privacy. Maybe this is worth highlighting >> in the Security considerations section, beyond saying that no claims of >> privacy properties are made. >> >> >> Finally, I would be in favor of asking for a Secdir early review to make >> sure we're not missing anything in the survey. >> >> >> Thank you again for this draft. I really appreciate that we're >> discussing transport security features in this way. >> >> >> Best, >> Theresa >> >> _______________________________________________ >> Taps mailing list >> Taps@ietf.org >> https://www.ietf.org/mailman/listinfo/taps >> > _______________________________________________ > Taps mailing list > Taps@ietf.org > https://www.ietf.org/mailman/listinfo/taps >
- [Taps] I-D Action: draft-ietf-taps-transport-secu… internet-drafts
- Re: [Taps] I-D Action: draft-ietf-taps-transport-… Theresa Enghardt
- Re: [Taps] I-D Action: draft-ietf-taps-transport-… Aaron Falk
- Re: [Taps] I-D Action: draft-ietf-taps-transport-… Christopher Wood
- Re: [Taps] I-D Action: draft-ietf-taps-transport-… Christopher Wood
- Re: [Taps] I-D Action: draft-ietf-taps-transport-… Theresa Enghardt
- Re: [Taps] I-D Action: draft-ietf-taps-transport-… Spencer Dawkins at IETF
- Re: [Taps] I-D Action: draft-ietf-taps-transport-… Christopher Wood
- Re: [Taps] I-D Action: draft-ietf-taps-transport-… Spencer Dawkins at IETF
- Re: [Taps] I-D Action: draft-ietf-taps-transport-… Christopher Wood