[Gen-art] Gen-ART of draft-dukhovni-opportunistic-security-05
Martin Thomson <martin.thomson@gmail.com> Sat, 01 November 2014 05:10 UTC
Return-Path: <martin.thomson@gmail.com>
X-Original-To: gen-art@ietfa.amsl.com
Delivered-To: gen-art@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 66B3B1A87E6 for <gen-art@ietfa.amsl.com>; Fri, 31 Oct 2014 22:10:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.4
X-Spam-Level:
X-Spam-Status: No, score=-1.4 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, J_CHICKENPOX_19=0.6, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZrGM4rO99yN9 for <gen-art@ietfa.amsl.com>; Fri, 31 Oct 2014 22:10:36 -0700 (PDT)
Received: from mail-lb0-x22b.google.com (mail-lb0-x22b.google.com [IPv6:2a00:1450:4010:c04::22b]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 343731A87E8 for <gen-art@ietf.org>; Fri, 31 Oct 2014 22:10:36 -0700 (PDT)
Received: by mail-lb0-f171.google.com with SMTP id u10so5171693lbd.30 for <gen-art@ietf.org>; Fri, 31 Oct 2014 22:10:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=MZBbtF3JTxY0Zgo3T9Gi+Xt6ROWxuvNiijrvR6b+Je8=; b=XBbiDDqye9YbbBC0D4NB3pbqvawOJSguI52FYmUz3JmY2r65IiSf/eEZEye1Kz4fhu Ln07sDJEbD+E2QEk/TZd3Vow8qF2aK2oC4AFMTlIBcIorW1ukFMgjiFc6Gpl1TMrhXlZ tBwREFY+Doers7oOY71g0XZMVl8pzqznaNESxwz1CR4/Dslc58LJp7LGJJz1nvqDxETR uPzjvp1zArSK+BU25ZmVClqrUL3mdYWMizx0TmwH1xVTWvzZaBzn54yWiGC0ehm1Tj6s MpJgzWyBKZHcS0PRiHSrd0t/jqgE0XkD2GkQvmaUMTdOS9tsnUDMYyciULU1sGENo9Uq P/7g==
MIME-Version: 1.0
X-Received: by 10.152.23.3 with SMTP id i3mr31394210laf.53.1414818634487; Fri, 31 Oct 2014 22:10:34 -0700 (PDT)
Received: by 10.25.215.134 with HTTP; Fri, 31 Oct 2014 22:10:34 -0700 (PDT)
Date: Fri, 31 Oct 2014 22:10:34 -0700
Message-ID: <CABkgnnUzdM31hiHT9JFB06b5azAheh+Ckshx2tNDe-9dRPo9JA@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
To: draft-dukhovni-opportunistic-security.all@tools.ietf.org, "gen-art@ietf.org" <gen-art@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: http://mailarchive.ietf.org/arch/msg/gen-art/eUF3IIo4lWMJiDPWKaQj-atzizM
Subject: [Gen-art] Gen-ART of draft-dukhovni-opportunistic-security-05
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/gen-art/>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 01 Nov 2014 05:10:38 -0000
I am the assigned Gen-ART reviewer for this draft. For background on Gen-ART, please see the FAQ at <http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>. Please resolve these comments along with any other Last Call comments you may receive. Document:draft-dukhovni-opportunistic-security-05 Reviewer: Martin Thomson Review Date: 2014-10-31 IETF LC End Date: 2014-11-18 IESG Telechat date: (if known) Summary: Ship it; it's more important to have this stake in the ground than it is to have it right. Major issues: This is the first attempt at definition, which appears at the bottom of page 3: "Opportunistic Security" (OS) is defined as the use of cleartext as the baseline communication security policy, with encryption and authentication negotiated and applied to the communication when available. So I can't start from an unauthenticated, encrypted baseline? And I can't opportunistically add other features (like length hiding)? How about: "Opportunistic Security" (OS) is defined as a security policy that adds security features - such as encryption or authentication - based on availability, using negotiation to enable commonly supported features. (the next paragraph establishes that cleartext is the baseline anyway) I still find the paragraph that starts "An OS protocol first determines the capabilities of the peer with [...]" goes nowhere. There's no "then" or "second". It just wanders off. This is a crucial part of the definition. (This also appears too far down in the document, I'm inclined to suggest that this belongs in the newly empty Section 1). OLD: An OS protocol first determines the capabilities of the peer with which it is attempting to communicate. Peer capabilities may be discovered by out-of-band or in-band means. (Out-of-band mechanisms include the use of DANE records or cached keys or credentials acquired via TOFU. In-band determination implies negotiation between peers.) The capability determination phase may indicate that the peer supports authenticated, encrypted communication; unauthenticated, encrypted communication; or only cleartext communication. NEW: An OS protocol enables security features based on the capabilities that can be learned about a communications peer. This might use out of band information, or an in-band negotiation. As capabilities are discovered, they are enabled. Failure to enable any given feature is not considered cause to terminate communications, since each feature is enabled independently. (then you can get into f'rexamples, like the whole auth+enc - unauth+enc - clear continuum; the STARTTLS quagmire, a DANE example = to cover opportunistic authentication.) Minor issues: I'm not excited about writing this, because Victor has made a genuine effort to engage, and I understand the pressures that are being applied from multiple directions, but here goes.... My original review noted a couple of structural issues: - the document had too many words - the definition of OS in S3 was obfuscated Though some aspects of the draft are greatly improved, and arguably a new definition is provided (see above), I suggest that these have not been addressed. I contributed text and specific editorial suggestions[1] that would have drastically reduced the amount of text, but those were apparently only sparingly sampled. This is only a personal reaction, but the emphasis on DANE is perhaps a little strong. I suggested less of that last time (i.e., none); but there is now more. [1] https://github.com/martinthomson/saag/commit/63bf358d1101b06460350a6fc5068fdedb3ff6d3 [2] https://tools.ietf.org/rfcdiff?url2=draft-dukhovni-opportunistic-security-05.txt
- [Gen-art] Gen-ART of draft-dukhovni-opportunistic… Martin Thomson
- Re: [Gen-art] Gen-ART of draft-dukhovni-opportuni… Jari Arkko
- Re: [Gen-art] Gen-ART of draft-dukhovni-opportuni… Martin Thomson
- Re: [Gen-art] Gen-ART of draft-dukhovni-opportuni… Stephen Farrell