IETF Logo Mail Archive

Re: [tcpinc] Kathleen Moriarty's Yes on draft-ietf-tcpinc-tcpeno-13: (with COMMENT)

Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> Mon, 13 November 2017 00:43 UTC

Return-Path: <kathleen.moriarty.ietf@gmail.com>
X-Original-To: tcpinc@ietfa.amsl.com
Delivered-To: tcpinc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E7967127005; Sun, 12 Nov 2017 16:43:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id w8J3yj7IdN9B; Sun, 12 Nov 2017 16:43:47 -0800 (PST)
Received: from mail-pg0-x241.google.com (mail-pg0-x241.google.com [IPv6:2607:f8b0:400e:c05::241]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8A6DD126BF7; Sun, 12 Nov 2017 16:43:47 -0800 (PST)
Received: by mail-pg0-x241.google.com with SMTP id z184so6071092pgd.13; Sun, 12 Nov 2017 16:43:47 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=Uc2TfD18y8Nv3R77biiGUjZp8PmG4IToeXVfcFZ7iHU=; b=YGDcgWRTPYhOQSOYrMN7+zxsu08fVuk229bNI8V1RCNjr9yQP1aJYUVECrvZ+abEGj /KOddf46azR7C33FvzWvmMxOHa4FYJVcTVixVwMnd/8H9pWvxPmv370hYu/EUXwu9HVh VIlb5OMNmdN+R9jPKe2J0RyoiFeLMqp1f1c4LfsHZeF6NTLTCqgTVtcpOh2GtegXNynM t6eOM181XmAvd104cohHs5VCJs5hQnRm2wdO1a0G0qTU6yQKmrCqa48Co/9hn2bh0GVU sE8lIBlVhYXYRzkzcHyLescgVEpYF5BpuR0IusfyJzsNlVUQTxfd47QPlrtrzRI3/wNJ 4/8A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=Uc2TfD18y8Nv3R77biiGUjZp8PmG4IToeXVfcFZ7iHU=; b=Pp24PtqhEm++XAPgFRPtiH9NtFBr0aTNQynsZvmI26QGS1djwg03hxBMtYzGO4h0sE Wns0h1ZPXMxklfyhG7nfucD2F2ID27Cq4MYc4A0Og48u5X2/DLpzrpxnaKCDl+0II3nO lyIUztl/ug6iOOJkGUd95KnsmbHnmTD08gViHfNxA/6bqRRMTvqXMxM7xAFl6XOIgWAk hk1Vc3LuUrzdGEIoNNDUhr6+C4VeVCDKNSWIu4kYoPiztUdTi+obeM44FxBK+IaNU47N A6m0JKtzVlMYpzASyzZmBTpyE1evDIN+FToYnpdrSx4sz6T/DHtG5mVhGEmTrzTrrdJb 1l1w==
X-Gm-Message-State: AJaThX5BUQ918xxKMQv8v9mYR4p9vZaXKFd6c7MxanMsKxzevXGQ3mYY 5VSIsrQXCC5dGzs2WPHej5J8TyGvAJ/rh9/1TvU=
X-Google-Smtp-Source: AGs4zMb7xmD5Gd+xtmbXdk7KWCnxajJO6UjlutANku5yMFmkIi88rpCW+HcdrU8W0fJ1nrvODQFAyiOe268+knjb6Ek=
X-Received: by 10.84.172.195 with SMTP id n61mr1116698plb.78.1510533827193; Sun, 12 Nov 2017 16:43:47 -0800 (PST)
MIME-Version: 1.0
Received: by 10.100.155.9 with HTTP; Sun, 12 Nov 2017 16:43:06 -0800 (PST)
In-Reply-To: <874lpz6nh7.fsf@ta.scs.stanford.edu>
References: <151040587573.16080.12341649562855789524.idtracker@ietfa.amsl.com> <874lpz6nh7.fsf@ta.scs.stanford.edu>
From: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
Date: Sun, 12 Nov 2017 19:43:06 -0500
Message-ID: <CAHbuEH6NZM9ojM_DjszF_kbd57VXm19v8JaVcFvBBRqZ9vxw7Q@mail.gmail.com>
To: David Mazieres expires 2018-02-10 PST <mazieres-xcsyy3bmjfcxe3pyckr3cwawza@temporary-address.scs.stanford.edu>
Cc: The IESG <iesg@ietf.org>, tcpinc@ietf.org, "Black, David" <david.black@dell.com>, tcpinc-chairs@ietf.org, draft-ietf-tcpinc-tcpeno@ietf.org
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tcpinc/nvj0gUc1pNwnNTu2peSUQz4aLf4>
Subject: Re: [tcpinc] Kathleen Moriarty's Yes on draft-ietf-tcpinc-tcpeno-13: (with COMMENT)
X-BeenThere: tcpinc@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Working group mailing list for TCP Increased Security \(tcpinc\)" <tcpinc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpinc>, <mailto:tcpinc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tcpinc/>
List-Post: <mailto:tcpinc@ietf.org>
List-Help: <mailto:tcpinc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpinc>, <mailto:tcpinc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Nov 2017 00:43:49 -0000

Hi David,

On Sun, Nov 12, 2017 at 7:17 PM, David Mazieres
<dm-list-tcpcrypt@scs.stanford.edu> wrote:
> Kathleen Moriarty <Kathleen.Moriarty.ietf@gmail.com> writes:
>
>> Thanks for your work on this draft and experiment.  I just have one
>> comment that I don't think has been mentioned already. In section 4,
>> could you include reference to Opportunistic security, RFC7435.  The
>> definition has changed slightly over time and it would be good to link
>> this to the current definition that is intended.  The work on 7435 was
>> painstaking and the definition varies a bit in older specs.  I do
>> realize you describe this more in the security considerations section,
>> but it is much later in the document, so this seemed like an easy fix.
>
> Would you be okay if we cited RFC7435 in the security considerations
> section (10), rather than section 4?
>
> My issue is that the term "opportunistic security" entails some
> subjective judgment (like the fact that it is a form of security) that
> requires some context I don't really want to get into at the beginning
> of Section 4.  Section 4 is trying to be an objective specification of
> what the protocol does with just the minimal rationale necessary for it
> to make sense.  The security considerations section already gets into
> detail about security, which is why RFC7435 would seem to fit well
> there.

I only suggested section 4 as that's where you first mention OS.  I
think it's important as one reads the draft to understand how you want
that read on first introduction.  The Security Considerations section
is really far down in the draft.  Do you want to add a pointer to the
security considerations from section 4 and in the security
considerations also point to RFC7435?

That would also work for me if the pointer to RFC7435 isn't in section 4.

Thanks,
Kathleen

>
> Thanks,
> David



-- 

Best regards,
Kathleen

v2.23.0 | Report a Bug | By Email