[Gen-art] GEN-ART LC review of draft-farrell-perpass-attack-03
Scott Brim <scott.brim@gmail.com> Sat, 28 December 2013 22:01 UTC
Return-Path: <scott.brim@gmail.com>
X-Original-To: gen-art@ietfa.amsl.com
Delivered-To: gen-art@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8DEEC1AE24A for <gen-art@ietfa.amsl.com>; Sat, 28 Dec 2013 14:01:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.7
X-Spam-Level:
X-Spam-Status: No, score=0.7 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id U44_7juxtAKl for <gen-art@ietfa.amsl.com>; Sat, 28 Dec 2013 14:01:57 -0800 (PST)
Received: from mail-oa0-x230.google.com (mail-oa0-x230.google.com [IPv6:2607:f8b0:4003:c02::230]) by ietfa.amsl.com (Postfix) with ESMTP id CCE221AE373 for <gen-art@ietf.org>; Sat, 28 Dec 2013 14:01:57 -0800 (PST)
Received: by mail-oa0-f48.google.com with SMTP id l6so10757313oag.21 for <gen-art@ietf.org>; Sat, 28 Dec 2013 14:01:52 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:from:date:message-id:subject:to:content-type; bh=lvEJ0n9zDV2MKU45lqNPiB7m7m+UbkS6MGP+0rGAzfM=; b=GD4bTdOMNHTc9TFHiIIs4jou9wjMIxiZnMpJM0uOC1hX9NOZseB56XmEjVDoKKZRYG GTycVSIX0PN3MEDPlSduZrobCJc9/p7UPB5G8Adzg4NgVcarRwDfHV+i7s/5FvhtBapy QBIu4lZqfW8mWonOLbiSmKhQRgqg6+PojZAPt+QZf24cxoOqERwYfLcUXbQa0Z2apkJo j4kQGQZnzHQq1jl222x4X9FxifGJGflFPdOac41pxORlo/EjZCxfrKcbyN2w0egWu6K9 lgOsf2nujjlRHuoHTNJR7O0a3Bh/4g6NkxmNDN7Lq6n2n8SOFGCaumbseZMp1mA1Xtos U20w==
X-Received: by 10.60.50.202 with SMTP id e10mr38967005oeo.39.1388268112460; Sat, 28 Dec 2013 14:01:52 -0800 (PST)
MIME-Version: 1.0
Received: by 10.182.48.9 with HTTP; Sat, 28 Dec 2013 14:01:32 -0800 (PST)
From: Scott Brim <scott.brim@gmail.com>
Date: Sat, 28 Dec 2013 17:01:32 -0500
Message-ID: <CAPv4CP8pUgCNUuT6SbT5C1Wb-kpZOEdX7R=ftvjio8HPdGyA+A@mail.gmail.com>
To: gen-art <gen-art@ietf.org>, draft-farrell-perpass-attack.all@tools.ietf.org
Content-Type: text/plain; charset="ISO-8859-1"
Subject: [Gen-art] GEN-ART LC review of draft-farrell-perpass-attack-03
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/gen-art/>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 28 Dec 2013 22:01:59 -0000
I am the assigned Gen-ART reviewer for this draft. For background on
Gen-ART, please see the FAQ at
<http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>.
Please resolve these comments along with any other Last Call comments
you may receive.
Document: draft-farrell-perpass-attack-03
Reviewer: Scott Brim
Review Date: 2013-12-28
IETF LC End Date: 2013-12-31
IESG Telechat date: 2014-01-23
Summary: Ready for BCP, with one minor issue and some nits
Major issues:
Minor issues:
We've spent a lot of time on this draft and it looks good. I have one
remaining minor issue:
> Participants at that meeting
> therefore expressed strong agreement that this was an attack that
This is inconsistent with later text that says some monitoring is not an
attack. To avoid inconsistency, I suggest adding a few words, e.g.:
"this can only be treated as an attack", or "this should be treated as
an attack" instead of just "this was an attack".
Nits/editorial comments:
> protocol meta-data such as headers
I've never seen metadata hyphenated before. Please fix.
> The same techniques can be used
> regardless of motivation and we cannot defend against the most
> nefarious actors while allowing monitoring by other actors no matter
> how benevolent some might consider them to be
In order to make the justification clear, I suggest
(1) change "can be used" to "are used" -- they already are, and
that's significant.
(2) In the middle, add another justifying clause: "motivation, and
since we cannot distinguish motive, we cannot defend" ...
> Protocols that mitigate
> pervasive monitoring will not prevent the attack
Add "necessarily": ... not necessarily prevent ...
> It is nonetheless timely to revisit the security of our standards.
s/nonetheless/thus/ since you gave the justifications above.
"Nonetheless" doesn't make sense here.
> monitoring in the case of Certificate Transparency. [RFC6962] There
Reference is in the wrong place.
Thanks for all the work ... Scott