Re: [tcpinc] Eric Rescorla's Discuss on draft-ietf-tcpinc-tcpeno-13: (with DISCUSS and COMMENT)

Tero Kivinen <kivinen@iki.fi> Tue, 14 November 2017 04:04 UTC

Return-Path: <kivinen@iki.fi>
X-Original-To: tcpinc@ietfa.amsl.com
Delivered-To: tcpinc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 812B5127876; Mon, 13 Nov 2017 20:04:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.121
X-Spam-Level:
X-Spam-Status: No, score=-1.121 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_NEUTRAL=0.779] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3hJj7TiT0YXi; Mon, 13 Nov 2017 20:04:19 -0800 (PST)
Received: from mail.kivinen.iki.fi (fireball.acr.fi [212.16.101.130]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 31FE612704A; Mon, 13 Nov 2017 20:04:19 -0800 (PST)
Received: from fireball.acr.fi (localhost [127.0.0.1]) by mail.kivinen.iki.fi (8.15.2/8.15.2) with ESMTPS id vAE43XfS024702 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Tue, 14 Nov 2017 06:03:33 +0200 (EET)
Received: (from kivinen@localhost) by fireball.acr.fi (8.15.2/8.14.8/Submit) id vAE43Wpv012535; Tue, 14 Nov 2017 06:03:32 +0200 (EET)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <23050.27412.808582.529851@fireball.acr.fi>
Date: Tue, 14 Nov 2017 06:03:32 +0200
From: Tero Kivinen <kivinen@iki.fi>
To: "Black\, David" <David.Black@dell.com>
Cc: Eric Rescorla <ekr@rtfm.com>, Kyle Rose <krose@krose.org>, "tcpinc-chairs\@ietf.org" <tcpinc-chairs@ietf.org>, "tcpinc\@ietf.org" <tcpinc@ietf.org>, "Mirja Kuehlewind \(IETF\)" <ietf@kuehlewind.net>, The IESG <iesg@ietf.org>, David Mazieres <dm-list-tcpcrypt@scs.stanford.edu>, "draft-ietf-tcpinc-tcpeno\@ietf.org" <draft-ietf-tcpinc-tcpeno@ietf.org>
In-Reply-To: <CE03DB3D7B45C245BCA0D243277949362FD4FF5E@MX307CL04.corp.emc.com>
References: <151036581280.449.10740505473540594433.idtracker@ietfa.amsl.com> <CE03DB3D7B45C245BCA0D243277949362FD495EF@MX307CL04.corp.emc.com> <CABcZeBPfk6Pi=_UPvTBaS9jQBYjExUdqkdX5Q--iUuyCv_qZtw@mail.gmail.com> <CAJU8_nWpVhm4oTT+SLyG-nk=ww7nBU-DaVe86rUU-LGGqJvHvQ@mail.gmail.com> <CABcZeBO0TD0KnpTfe6CbHUoiS=FmGiGW6r_mFMH_9bYFWKqKLA@mail.gmail.com> <CABcZeBNp=1c1cx0+nJezjWy_Q4N9-PUeQuqOU_k7A7KhRj18EQ@mail.gmail.com> <CE03DB3D7B45C245BCA0D243277949362FD4BB57@MX307CL04.corp.emc.com> <CABcZeBPL2mVFtsL77Bdr=BUf7cb+qe_+Wxq42AtoohHmSmJaCg@mail.gmail.com> <CE03DB3D7B45C245BCA0D243277949362FD4BDAB@MX307CL04.corp.emc.com> <877euu7hy0.fsf@ta.scs.stanford.edu> <CE03DB3D7B45C245BCA0D243277949362FD4D450@MX307CL04.corp.emc.com> <87vaieow9k.fsf@ta.scs.stanford.edu> <CABcZeBPxOaK3DN5u0ohizt8rAQ+tShMuOcdpJBJ-2fmMJuQWgA@mail.gmail.com> <CE03DB3D7B45C245BCA0D243277949362FD4FC09@MX307CL04.corp.emc.com> <23050.26156.887026.454347@fireball.acr.fi> <CE03DB3D7B45C245BCA0D243277949362FD4FF5E@MX307CL04.corp.emc.com>
X-Mailer: VM 8.2.0b under 25.1.1 (x86_64--netbsd)
X-Edit-Time: 3 min
X-Total-Time: 8 min
Archived-At: <https://mailarchive.ietf.org/arch/msg/tcpinc/sUMMeeVHfslfEaB89ER0C7_7QMw>
Subject: Re: [tcpinc] Eric Rescorla's Discuss on draft-ietf-tcpinc-tcpeno-13: (with DISCUSS and COMMENT)
X-BeenThere: tcpinc@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Working group mailing list for TCP Increased Security \(tcpinc\)" <tcpinc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpinc>, <mailto:tcpinc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tcpinc/>
List-Post: <mailto:tcpinc@ietf.org>
List-Help: <mailto:tcpinc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpinc>, <mailto:tcpinc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Nov 2017 04:04:20 -0000

Black, David writes:
> > We (talking as secdir secretary) do not do security reviews on the
> > independent submission documents. Area review teams only review IETF
> > stream documents and ignore other streams (Independent, IAB, IRTF
> > etc).
> 
> Hmm - the process that I'd expect is that a SEC AD notices something
> odd, suspicious or peculiar in an independent submission TEP spec
> during conflict review and asks an expert on the secdir to take a
> closer look.   Given the threat of a weak TEP hash to all other
> TEPs, I would think/hope that independent submission publication of
> a TEP with a weak hash could be blocked then and there. 

Sec AD will most likely post to the saag list [1] and ask if there is
reason to block some specific ISE document. This does not mean there
is security review done on that document.

[1] https://mailarchive.ietf.org/arch/msg/saag/E8icM-Ak-wJnnqtG4t6I8bujxiI
-- 
kivinen@iki.fi