Re: [tcpinc] Eric Rescorla's Discuss on draft-ietf-tcpinc-tcpeno-13: (with DISCUSS and COMMENT)

"Mirja Kuehlewind (IETF)" <ietf@kuehlewind.net> Tue, 14 November 2017 05:55 UTC

Return-Path: <ietf@kuehlewind.net>
X-Original-To: tcpinc@ietfa.amsl.com
Delivered-To: tcpinc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 29EB91293F5 for <tcpinc@ietfa.amsl.com>; Mon, 13 Nov 2017 21:55:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); domainkeys=pass (1024-bit key) header.from=ietf@kuehlewind.net header.d=kuehlewind.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7kHCyNU0SMIX for <tcpinc@ietfa.amsl.com>; Mon, 13 Nov 2017 21:55:13 -0800 (PST)
Received: from kuehlewind.net (kuehlewind.net [83.169.45.111]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7C1701293E1 for <tcpinc@ietf.org>; Mon, 13 Nov 2017 21:55:13 -0800 (PST)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=kuehlewind.net; b=RJlLOpydi1enwqlIYAXrxpvLLWijJHOlCNdjkm4h7LXBDwL/aghp7xjlw1Kc81YWzrNfphVx+513qvOkaC1U/ZlVu3aOm5OWkH3IIEpn5n5aLx6iyxDnGPLTMThKR05rFk7PjLNslYT01cUjqKxbSHHtvqZdUDNKoVpE2MAukcw=; h=Received:Received:Content-Type:Mime-Version:Subject:From:In-Reply-To:Date:Cc:Content-Transfer-Encoding:Message-Id:References:To:X-Mailer:X-PPP-Message-ID:X-PPP-Vhost;
Received: (qmail 24059 invoked from network); 14 Nov 2017 06:55:11 +0100
Received: from dhcp-80f9.meeting.ietf.org (31.133.128.249) by kuehlewind.net with ESMTPSA (DHE-RSA-AES256-SHA encrypted, authenticated); 14 Nov 2017 06:55:10 +0100
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
From: "Mirja Kuehlewind (IETF)" <ietf@kuehlewind.net>
In-Reply-To: <23050.27412.808582.529851@fireball.acr.fi>
Date: Tue, 14 Nov 2017 13:55:02 +0800
Cc: Eric Rescorla <ekr@rtfm.com>, Kyle Rose <krose@krose.org>, "tcpinc-chairs@ietf.org" <tcpinc-chairs@ietf.org>, "tcpinc@ietf.org" <tcpinc@ietf.org>, The IESG <iesg@ietf.org>, David Mazieres <dm-list-tcpcrypt@scs.stanford.edu>, "draft-ietf-tcpinc-tcpeno@ietf.org" <draft-ietf-tcpinc-tcpeno@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <C420AB8F-4C55-428C-B954-0D278740AA7C@kuehlewind.net>
References: <151036581280.449.10740505473540594433.idtracker@ietfa.amsl.com> <CE03DB3D7B45C245BCA0D243277949362FD495EF@MX307CL04.corp.emc.com> <CABcZeBPfk6Pi=_UPvTBaS9jQBYjExUdqkdX5Q--iUuyCv_qZtw@mail.gmail.com> <CAJU8_nWpVhm4oTT+SLyG-nk=ww7nBU-DaVe86rUU-LGGqJvHvQ@mail.gmail.com> <CABcZeBO0TD0KnpTfe6CbHUoiS=FmGiGW6r_mFMH_9bYFWKqKLA@mail.gmail.com> <CABcZeBNp=1c1cx0+nJezjWy_Q4N9-PUeQuqOU_k7A7KhRj18EQ@mail.gmail.com> <CE03DB3D7B45C245BCA0D243277949362FD4BB57@MX307CL04.corp.emc.com> <CABcZeBPL2mVFtsL77Bdr=BUf7cb+qe_+Wxq42AtoohHmSmJaCg@mail.gmail.com> <CE03DB3D7B45C245BCA0D243277949362FD4BDAB@MX307CL04.corp.emc.com> <877euu7hy0.fsf@ta.scs.stanford.edu> <CE03DB3D7B45C245BCA0D243277949362FD4D450@MX307CL04.corp.emc.com> <87vaieow9k.fsf@ta.scs.stanford.edu> <CABcZeBPxOaK3DN5u0ohizt8rAQ+tShMuOcdpJBJ-2fmMJuQWgA@mail.gmail.com> <CE03DB3D7B45C245BCA0D243277949362FD4FC09@MX307CL04.corp.emc.com> <23050.26156.887026.454347@fireball.acr.fi> <CE03DB3D7B45C245BCA0D243277949362FD4FF5E@MX307CL04.corp.emc.com> <23050.27412.808582.529851@fireball.acr.fi>
To: Tero Kivinen <kivinen@iki.fi>, "Black, David" <David.Black@dell.com>
X-Mailer: Apple Mail (2.3273)
X-PPP-Message-ID: <20171114055511.24047.4858@lvps83-169-45-111.dedicated.hosteurope.de>
X-PPP-Vhost: kuehlewind.net
Archived-At: <https://mailarchive.ietf.org/arch/msg/tcpinc/4IsfkLP1zL5TFXoC1UwyAnnuUKA>
Subject: Re: [tcpinc] Eric Rescorla's Discuss on draft-ietf-tcpinc-tcpeno-13: (with DISCUSS and COMMENT)
X-BeenThere: tcpinc@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Working group mailing list for TCP Increased Security \(tcpinc\)" <tcpinc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpinc>, <mailto:tcpinc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tcpinc/>
List-Post: <mailto:tcpinc@ietf.org>
List-Help: <mailto:tcpinc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpinc>, <mailto:tcpinc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Nov 2017 05:55:15 -0000

We should rather put experts in place and not trying to push the responsibility on the Sec AD. The conflict review is only to check if there are conflicts with any IETF work and not to check if the work described is technically mature.

Mirja


> Am 14.11.2017 um 12:03 schrieb Tero Kivinen <kivinen@iki.fi>fi>:
> 
> Black, David writes:
>>> We (talking as secdir secretary) do not do security reviews on the
>>> independent submission documents. Area review teams only review IETF
>>> stream documents and ignore other streams (Independent, IAB, IRTF
>>> etc).
>> 
>> Hmm - the process that I'd expect is that a SEC AD notices something
>> odd, suspicious or peculiar in an independent submission TEP spec
>> during conflict review and asks an expert on the secdir to take a
>> closer look.   Given the threat of a weak TEP hash to all other
>> TEPs, I would think/hope that independent submission publication of
>> a TEP with a weak hash could be blocked then and there. 
> 
> Sec AD will most likely post to the saag list [1] and ask if there is
> reason to block some specific ISE document. This does not mean there
> is security review done on that document.
> 
> [1] https://mailarchive.ietf.org/arch/msg/saag/E8icM-Ak-wJnnqtG4t6I8bujxiI
> -- 
> kivinen@iki.fi
> 
> _______________________________________________
> Tcpinc mailing list
> Tcpinc@ietf.org
> https://www.ietf.org/mailman/listinfo/tcpinc