[Nea] Comments on draft--sangster-nea-pa-tnc-security-00.txt

To: "nea at ietf.org" <nea at ietf.org>
Subject: [Nea] Comments on draft--sangster-nea-pa-tnc-security-00.txt
From: Gary Tomlinson <gtomlinson at SonicWALL.com>
Date: Fri, 29 Feb 2008 16:33:18 -0800
Delivered-to: ietfarch-nea-web-archive at core3.amsl.com
Delivered-to: nea at core3.amsl.com
List-archive: <http://www.ietf.org/pipermail/nea>
List-help: <mailto:nea-request@ietf.org?subject=help>
List-id: Network Endpoint Assessment discussion list <nea.ietf.org>
List-post: <mailto:nea@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/nea>, <mailto:nea-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/nea>, <mailto:nea-request@ietf.org?subject=unsubscribe>
Sender: nea-bounces at ietf.org
Thread-index: Ach7M9gmFnkO6OcnEdyVBwAbY6BmHA==
Thread-topic: Comments on draft--sangster-nea-pa-tnc-security-00.txt
User-agent: Microsoft-Entourage/11.4.0.080122

The following are some purely editorial comments regarding the individual
submission draft-sangster-nea-pa-tnc-security-00.txt.

Given how many ways there are to slice security, I am keen to see what
others in the WG and the IETF security area have to offer up as alternatives
to securing the PA-TNC protocol.  I will say this draft does make sense to
me as a rational approach to the problem.

Page 6. Section 2.3, CMS Protected Content Attribute.  This is a new PA-TNC
name space attribute and as such needs to be defined as an extension to the
IANA PA-TNC attribute type registry defined by
draft-sangster-nea-pa-tnc-00.txt section 7.2.  I believe it would be value 9
in this registry.  I also think a new section 5.x needs to be created in
this specification providing IANA guidance on the extension of this
registry.

Page 21, section 2.4, Security Capabilities Attribute.  Even though the
document specified how to distinguish CMS attributes from PA-TNC attributes,
I still found this section difficult to read.  I think if the PA-TNC
attribute were to be referred to as "PA Security Capabilities attribute
type", and the CMS attribute to be referred to as "CMS Security Capabilities
attribute"it would be much easier to understand.  Also, the "PA Security
Capabilities attribute type" is a new PA-TNC name space attribute that needs
to be defined as an extension to the IANA PA-TNC attribute type registry
defined by draft-sangster-nea-pa-tnc-00.txt section 7.2.  I believe it would
be value 10 in this registry.  It too also needs to be added the new section
5.x  in this specification providing IANA guidance on the extension of this
registry.

Page 44, section 5. This registry was already specified in the PA-TNC
specification draft-sangster-nea-pa-tnc-00.txt section 7.3.  I believe in
this document there is a need to extend this registry.

Page 44, section 5.1, PA-TNC Error Codes.  These code values overlap those
already established in the PA-TNC specification.  I believe all of these
need to be relocated up by a value of 3.

Gary

_______________________________________________
Nea mailing list
Nea at ietf.org
https://www.ietf.org/mailman/listinfo/nea

Prev by Date: [Nea] Comments on draft-sangster-nea-pa-tnc-00..txt
Next by Date: [Nea] Process for reviewing PA and PB candidate proposals
Previous by thread: [Nea] Comments on draft-sangster-nea-pa-tnc-00..txt
Next by thread: [Nea] Process for reviewing PA and PB candidate proposals
Index(es):
- Date
- Thread

[Nea] Comments on draft--sangster-nea-pa-tnc-security-00.txt

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.