Re: [tcpinc] Eric Rescorla's Discuss on draft-ietf-tcpinc-tcpeno-13: (with DISCUSS and COMMENT)

Tero Kivinen <kivinen@iki.fi> Tue, 14 November 2017 03:43 UTC

Return-Path: <kivinen@iki.fi>
X-Original-To: tcpinc@ietfa.amsl.com
Delivered-To: tcpinc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0A775126C2F; Mon, 13 Nov 2017 19:43:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.121
X-Spam-Level:
X-Spam-Status: No, score=-1.121 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_NEUTRAL=0.779] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9Ti5w7Y4qvDm; Mon, 13 Nov 2017 19:43:30 -0800 (PST)
Received: from mail.kivinen.iki.fi (fireball.acr.fi [212.16.101.130]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9AD0C1242EA; Mon, 13 Nov 2017 19:43:29 -0800 (PST)
Received: from fireball.acr.fi (localhost [127.0.0.1]) by mail.kivinen.iki.fi (8.15.2/8.15.2) with ESMTPS id vAE3gbtq003696 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Tue, 14 Nov 2017 05:42:37 +0200 (EET)
Received: (from kivinen@localhost) by fireball.acr.fi (8.15.2/8.14.8/Submit) id vAE3ga0C023018; Tue, 14 Nov 2017 05:42:36 +0200 (EET)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Message-ID: <23050.26156.887026.454347@fireball.acr.fi>
Date: Tue, 14 Nov 2017 05:42:36 +0200
From: Tero Kivinen <kivinen@iki.fi>
To: "Black, David" <David.Black@dell.com>
Cc: Eric Rescorla <ekr@rtfm.com>, David Mazieres <dm-list-tcpcrypt@scs.stanford.edu>, "tcpinc@ietf.org" <tcpinc@ietf.org>, Kyle Rose <krose@krose.org>, "tcpinc-chairs@ietf.org" <tcpinc-chairs@ietf.org>, "Mirja Kuehlewind (IETF)" <ietf@kuehlewind.net>, The IESG <iesg@ietf.org>, "draft-ietf-tcpinc-tcpeno@ietf.org" <draft-ietf-tcpinc-tcpeno@ietf.org>
In-Reply-To: <CE03DB3D7B45C245BCA0D243277949362FD4FC09@MX307CL04.corp.emc.com>
References: <151036581280.449.10740505473540594433.idtracker@ietfa.amsl.com> <CE03DB3D7B45C245BCA0D243277949362FD495EF@MX307CL04.corp.emc.com> <CABcZeBPfk6Pi=_UPvTBaS9jQBYjExUdqkdX5Q--iUuyCv_qZtw@mail.gmail.com> <CAJU8_nWpVhm4oTT+SLyG-nk=ww7nBU-DaVe86rUU-LGGqJvHvQ@mail.gmail.com> <CABcZeBO0TD0KnpTfe6CbHUoiS=FmGiGW6r_mFMH_9bYFWKqKLA@mail.gmail.com> <CABcZeBNp=1c1cx0+nJezjWy_Q4N9-PUeQuqOU_k7A7KhRj18EQ@mail.gmail.com> <CE03DB3D7B45C245BCA0D243277949362FD4BB57@MX307CL04.corp.emc.com> <CABcZeBPL2mVFtsL77Bdr=BUf7cb+qe_+Wxq42AtoohHmSmJaCg@mail.gmail.com> <CE03DB3D7B45C245BCA0D243277949362FD4BDAB@MX307CL04.corp.emc.com> <877euu7hy0.fsf@ta.scs.stanford.edu> <CE03DB3D7B45C245BCA0D243277949362FD4D450@MX307CL04.corp.emc.com> <87vaieow9k.fsf@ta.scs.stanford.edu> <CABcZeBPxOaK3DN5u0ohizt8rAQ+tShMuOcdpJBJ-2fmMJuQWgA@mail.gmail.com> <CE03DB3D7B45C245BCA0D243277949362FD4FC09@MX307CL04.corp.emc.com>
X-Mailer: VM 8.2.0b under 25.1.1 (x86_64--netbsd)
X-Edit-Time: 14 min
X-Total-Time: 20 min
Archived-At: <https://mailarchive.ietf.org/arch/msg/tcpinc/oUv32Nqq4MRsnUOq3aj0FQWDm08>
Subject: Re: [tcpinc] Eric Rescorla's Discuss on draft-ietf-tcpinc-tcpeno-13: (with DISCUSS and COMMENT)
X-BeenThere: tcpinc@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Working group mailing list for TCP Increased Security \(tcpinc\)" <tcpinc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpinc>, <mailto:tcpinc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tcpinc/>
List-Post: <mailto:tcpinc@ietf.org>
List-Help: <mailto:tcpinc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpinc>, <mailto:tcpinc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Nov 2017 03:43:32 -0000

Black, David writes:
> I like Amanda’s suggestion of: “Expert Review with RFC Required”
> That should result in two security reviews of a new TEP, both of
> which could halt a weak one. Looking at the Independent Submission
> track as the “path of least resistance” that would be the IETF
> Security Area (ADs and Directorate) as part of RFC publication plus
> an IANA expert review as part of codepoint assignment. Thank you,
> Amanda.

We (talking as secdir secretary) do not do security reviews on the
independent submission documents. Area review teams only review IETF
stream documents and ignore other streams (Independent, IAB, IRTF
etc). 

Expert can of course do whatever checks he wants, and the IANA section
can set some instructions for expert, for example ask him to verify in
the specific mailing list before doing assignments etc.

I as an IANA expert for the IKEv2 related registries (it is just
expert review, no specification or RFC required) usually do require
stable reference before I say assignment is ok. I also quite often
send email to the ipsec@ietf.org list before doing assignments, if I
think there is something that might be important to people there.

Anyways everything this boils down getting expert for the IANA
registry that we (as an IETF) can trust do good job of blocking bad
ideas... 
-- 
kivinen@iki.fi