Re: Last Call: 'A Lightweight UDP Transfer Protocol for the the I nternet Registry Information Service' to Proposed Standard (draft-ietf-cr isp-iris-lwz)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Last Call: 'A Lightweight UDP Transfer Protocol for the the I nternet Registry Information Service' to Proposed Standard (draft-ietf-cr isp-iris-lwz)

To: Sam Hartman <hartmans-ietf at mit.edu>
Subject: Re: Last Call: 'A Lightweight UDP Transfer Protocol for the the I nternet Registry Information Service' to Proposed Standard (draft-ietf-cr isp-iris-lwz)
From: Andrew Newton <andy at hxr.us>
Date: Thu, 17 Aug 2006 12:11:52 -0400
Cc: iesg at ietf.org, ietf at ietf.org, Mark Townsley <townsley at cisco.com>
In-reply-to: <tslac63bc3s.fsf@cz.mit.edu>
List-help: <mailto:ietf-request@ietf.org?subject=help>
List-id: IETF-Discussion <ietf.ietf.org>
List-post: <mailto:ietf@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
References: <0BF76B30C100624BA997C9CED19D81254C95B3@uspitsmsgusr08.win.marconi.com> <tslac63bc3s.fsf@cz.mit.edu>
User-agent: Thunderbird 1.5.0.5 (Windows/20060719)

Sam Hartman wrote:

"Gray," == Gray, Eric <Eric.Gray at marconi.com> writes:


    Gray,> Sam, I thought the Security Area Directorate was limited to
    Gray,> determining if the description of security risks is
    Gray,> adequate and that determination of whether security is
    Gray,> adequate - for adequately described security risks - would
    Gray,> be up to the end consumer.

first, this document is in last call.  It's very clear to me that I
can make a last call comment as an IETf contributor that I think the
security is inadequate.

To be quite honest, I was unsure which hat you were wearing when you made your statement. I'm also unsure if it matters.

All that being said, I agree that the security considerations section is missing quite a bit. It should explain the consequences of using this protocol from a security point of view. And the big thing it left out, is that not only should it mention that there are alternatives, but it should explicitly state what they are. In this case, the security considerations section ought to specifically point to XPC, which is also from the CRISP wg and being IETF last called at the moment. That draft is draft-ietf-crisp-iris-xpc-04.txt; a review of it would be helpful.

-andy


_______________________________________________
Ietf mailing list
Ietf at ietf.org
https://www1.ietf.org/mailman/listinfo/ietf

References:
- RE: Last Call: 'A Lightweight UDP Transfer Protocol for the the I nternet Registry Information Service' to Proposed Standard (draft-ietf-cr isp-iris-lwz)
  - From: Gray, Eric
- Re: Last Call: 'A Lightweight UDP Transfer Protocol for the the I nternet Registry Information Service' to Proposed Standard (draft-ietf-cr isp-iris-lwz)
  - From: Sam Hartman

Prev by Date: Re: L2VPNs must not be IP(v4)-only
Next by Date: Re: L2VPNs must not be IP(v4)-only
Previous by thread: Re: Last Call: 'A Lightweight UDP Transfer Protocol for the the I nternet Registry Information Service' to Proposed Standard (draft-ietf-cr isp-iris-lwz)
Next by thread: Announcement of mailing list for pre-congestion notification (PCN)
Index(es):
- Date
- Thread

Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.

Re: Last Call: 'A Lightweight UDP Transfer Protocol for the the I nternet Registry Information Service' to Proposed Standard (draft-ietf-cr isp-iris-lwz)

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.