Re: [tcpinc] Kathleen Moriarty's Yes on draft-ietf-tcpinc-tcpeno-13: (with COMMENT)

David Mazieres <dm-list-tcpcrypt@scs.stanford.edu> Mon, 13 November 2017 00:17 UTC

Return-Path: <dm-list-tcpcrypt@scs.stanford.edu>
X-Original-To: tcpinc@ietfa.amsl.com
Delivered-To: tcpinc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CB5F0126D85; Sun, 12 Nov 2017 16:17:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yEQL579V0mr1; Sun, 12 Nov 2017 16:17:43 -0800 (PST)
Received: from market.scs.stanford.edu (www.scs.stanford.edu [IPv6:2001:470:806d:1::9]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 14BAD126CB6; Sun, 12 Nov 2017 16:17:43 -0800 (PST)
Received: from market.scs.stanford.edu (localhost [127.0.0.1]) by market.scs.stanford.edu (8.15.2/8.15.2) with ESMTP id vAD0Hf4I008658; Sun, 12 Nov 2017 16:17:41 -0800 (PST)
Received: (from dm@localhost) by market.scs.stanford.edu (8.15.2/8.15.2/Submit) id vAD0HeTK087626; Sun, 12 Nov 2017 16:17:40 -0800 (PST)
From: David Mazieres <dm-list-tcpcrypt@scs.stanford.edu>
To: Kathleen Moriarty <Kathleen.Moriarty.ietf@gmail.com>, The IESG <iesg@ietf.org>
Cc: tcpinc@ietf.org, david.black@dell.com, tcpinc-chairs@ietf.org, draft-ietf-tcpinc-tcpeno@ietf.org
In-Reply-To: <151040587573.16080.12341649562855789524.idtracker@ietfa.amsl.com>
References: <151040587573.16080.12341649562855789524.idtracker@ietfa.amsl.com>
Reply-To: David Mazieres expires 2018-02-10 PST <mazieres-xcsyy3bmjfcxe3pyckr3cwawza@temporary-address.scs.stanford.edu>
Date: Sun, 12 Nov 2017 16:17:40 -0800
Message-ID: <874lpz6nh7.fsf@ta.scs.stanford.edu>
MIME-Version: 1.0
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/tcpinc/bYtkqAVteFHuJmXSpTn_YniCU-U>
Subject: Re: [tcpinc] Kathleen Moriarty's Yes on draft-ietf-tcpinc-tcpeno-13: (with COMMENT)
X-BeenThere: tcpinc@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Working group mailing list for TCP Increased Security \(tcpinc\)" <tcpinc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpinc>, <mailto:tcpinc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tcpinc/>
List-Post: <mailto:tcpinc@ietf.org>
List-Help: <mailto:tcpinc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpinc>, <mailto:tcpinc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Nov 2017 00:17:44 -0000

Kathleen Moriarty <Kathleen.Moriarty.ietf@gmail.com>; writes:

> Thanks for your work on this draft and experiment.  I just have one
> comment that I don't think has been mentioned already. In section 4,
> could you include reference to Opportunistic security, RFC7435.  The
> definition has changed slightly over time and it would be good to link
> this to the current definition that is intended.  The work on 7435 was
> painstaking and the definition varies a bit in older specs.  I do
> realize you describe this more in the security considerations section,
> but it is much later in the document, so this seemed like an easy fix.

Would you be okay if we cited RFC7435 in the security considerations
section (10), rather than section 4?

My issue is that the term "opportunistic security" entails some
subjective judgment (like the fact that it is a form of security) that
requires some context I don't really want to get into at the beginning
of Section 4.  Section 4 is trying to be an objective specification of
what the protocol does with just the minimal rationale necessary for it
to make sense.  The security considerations section already gets into
detail about security, which is why RFC7435 would seem to fit well
there.

Thanks,
David