[Gen-art] GEN-ART telechat review of draft-farrell-perpass-attack-05
Scott Brim <scott.brim@gmail.com> Fri, 31 January 2014 16:56 UTC
Return-Path: <scott.brim@gmail.com>
X-Original-To: gen-art@ietfa.amsl.com
Delivered-To: gen-art@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 018E01A1F48; Fri, 31 Jan 2014 08:56:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SavwqCutpbsG; Fri, 31 Jan 2014 08:56:22 -0800 (PST)
Received: from mail-oa0-x22e.google.com (mail-oa0-x22e.google.com [IPv6:2607:f8b0:4003:c02::22e]) by ietfa.amsl.com (Postfix) with ESMTP id E973C1A0522; Fri, 31 Jan 2014 08:56:21 -0800 (PST)
Received: by mail-oa0-f46.google.com with SMTP id n16so5414742oag.5 for <multiple recipients>; Fri, 31 Jan 2014 08:56:18 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:from:date:message-id:subject:to:content-type; bh=uZcH2uyBv5uVi0PGuq3jz/NpzpjG7R4y7boTuRbudNE=; b=ALGuhcIAojg3hQv4mBS+Q8W2OfvVe5pG+aiaZbKCJrEQb/x2W+2nc4C7lOi/4xrWX9 ftI9LC86G3raG7Z0Uq7SgBiLwrUl//YUYboV9yPTqS1nx4H8//L3zLpDNezFh893PT+y CSj26v3bai897OiWewJKj03Q10jsH57iRyuVIbKyI0hQAppks/cO4CElMdLrRfjy4Q1D T0394wK0jBFb0rdu28n4QMVI/G4YGg6CL5vOvwjUvwswpBZ+xdosF6Up0FCehfonwAdj bo4LXKrc1LpRB4hIdIAcXzIGCIJRynTi3ZhrkKoz8J6tkNBcUEI0rbb3ebTdrhGZpTug u3PA==
X-Received: by 10.182.142.229 with SMTP id rz5mr17533036obb.12.1391187378207; Fri, 31 Jan 2014 08:56:18 -0800 (PST)
MIME-Version: 1.0
Received: by 10.182.48.9 with HTTP; Fri, 31 Jan 2014 08:55:58 -0800 (PST)
From: Scott Brim <scott.brim@gmail.com>
Date: Fri, 31 Jan 2014 11:55:58 -0500
Message-ID: <CAPv4CP_2_pF_Rp8Ee37p7vTAgxkJrAV-wZQfiN_pJ=umxXXgAg@mail.gmail.com>
To: gen-art <gen-art@ietf.org>, draft-farrell-perpass-attack.all@tools.ietf.org, IETF discussion list <ietf@ietf.org>
Content-Type: text/plain; charset="ISO-8859-1"
Subject: [Gen-art] GEN-ART telechat review of draft-farrell-perpass-attack-05
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/gen-art/>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 31 Jan 2014 16:56:24 -0000
I am the assigned Gen-ART reviewer for this draft. For background on Gen-ART, please see the FAQ at < http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>. Please wait for direction from your document shepherd or AD before posting a new version of the draft. Document: draft-farrell-perpass-attack-05 Reviewer: Scott Brim Review Date: 2014-02-01 IETF LC End Date: 2013-12-31 IESG Telechat date: 2014-02-06 Summary: This draft is ready for publication as a BCP. Major issues: Minor issues: Nits/editorial comments: Two comments: First, there are good arguments for publication as Informational , but since it incrementally adds to BCP 72, it should be incorporated there, so BCP is slightly better. Second, the only significant difference from -04 was the removal of "and be prepared to justify their decisions". There was a lot of discussion that led to this, and some concern that the statement on architectural considerations is not strongly enough worded without it. However, see the previous paragraph (both paragraphs are below). I believe that these two paragraphs, taken together, do what is desired. Those developing IETF specifications need to be able to describe how they have considered PM, and, if the attack is relevant to the work to be published, be able to justify related design decisions. This does not mean a new "pervasive monitoring considerations" section is needed in IETF documentation. It means that, if asked, there needs to be a good answer to the question "is pervasive monitoring relevant to this work and if so how has it been considered?" In particular, architectural decisions, including which existing technology is re-used, may significantly impact the vulnerability of a protocol to PM. Those developing IETF specifications therefore need to consider mitigating PM when making these architectural decisions. Getting adequate, early review of architectural decisions including whether appropriate mitigation of PM can be made is important. Revisiting these architectural decisions late in the process is very costly. Scott
- [Gen-art] GEN-ART telechat review of draft-farrel… Scott Brim
- Re: [Gen-art] GEN-ART telechat review of draft-fa… Dave Crocker
- Re: [Gen-art] GEN-ART telechat review of draft-fa… Sam Hartman
- Re: [Gen-art] GEN-ART telechat review of draft-fa… Abdussalam Baryun