[secdir] secdir review of draft-ietf-rmt-pi-norm-revised-09
"David Harrington" <ietfdbh@comcast.net> Fri, 10 April 2009 19:55 UTC
Return-Path: <ietfdbh@comcast.net>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 3FB8A3A6B68 for <secdir@core3.amsl.com>; Fri, 10 Apr 2009 12:55:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.724
X-Spam-Level:
X-Spam-Status: No, score=-1.724 tagged_above=-999 required=5 tests=[AWL=-0.614, BAYES_05=-1.11]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TdtXI5xbj8Fy for <secdir@core3.amsl.com>; Fri, 10 Apr 2009 12:55:28 -0700 (PDT)
Received: from QMTA03.westchester.pa.mail.comcast.net (qmta03.westchester.pa.mail.comcast.net [76.96.62.32]) by core3.amsl.com (Postfix) with ESMTP id 38E8C3A680C for <secdir@ietf.org>; Fri, 10 Apr 2009 12:55:28 -0700 (PDT)
Received: from OMTA14.westchester.pa.mail.comcast.net ([76.96.62.60]) by QMTA03.westchester.pa.mail.comcast.net with comcast id dv1B1b0071HzFnQ53vwGi4; Fri, 10 Apr 2009 19:56:16 +0000
Received: from Harrington73653 ([24.147.240.21]) by OMTA14.westchester.pa.mail.comcast.net with comcast id dvwc1b00F0UQ6dC3avwcZn; Fri, 10 Apr 2009 19:56:37 +0000
From: David Harrington <ietfdbh@comcast.net>
To: secdir@ietf.org, Pasi.Eronen@nokia.com, tim.polk@nist.gov
Date: Fri, 10 Apr 2009 15:56:35 -0400
Message-ID: <03a101c9ba16$74bf49f0$0600a8c0@china.huawei.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 11
Thread-Index: Acm6FnPhmb2bGw/9SquiIT3AtmLbSg==
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198
Cc: 'Magnus Westerlund' <magnus.westerlund@ericsson.com>, 'Lorenzo Vicisano' <lorenzo@vicisano.net>, adamson@itd.nrl.navy.mil, M.Handley@cs.ucl.ac.uk, cabo@tzi.org, macker@itd.nrl.navy.mil
Subject: [secdir] secdir review of draft-ietf-rmt-pi-norm-revised-09
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Apr 2009 19:55:29 -0000
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. The document specifies a protocol (or an update to a protocol) that provides end-to-end reliable transport of bulk data objects or streams over multicast routing and forwarding services. It also provides a congestion control scheme. It is designed to permit different upper layer services to utilize its services in different ways. I got to this review late, so I went straight to the security considerations first. I found the security requirements wishy-washy. Per BCP61, MUSTs are for implementers, SHOULDs are for deployers. There are few MUSTs or REQUIREDs to guide implementators what MUST be present for interoperable security capabilities in an compliant implementation. There are lots of SHOULDs, RECOMMENDEDs, MAY, can be, is possible, is expected, optionally, etc. in the "Baseline Secure NORM Operation". On the other hand, there are lots of SHALLs and REQUIREDs for how deployers MUST configure their security. I am not sure how interoperable the security for this "standard" will be because there are so many allowable options for how one does security. This protocol is not a security protocol. It is a protocol that utilizes lower layer security services, so maybe this "wishy-washy" approach is the correct approach to serve the real-world needs of NORM implementers and deployers. But I would feel more comfortable with something a bit more solid in terms of what MUST be present for security capabilities in compliant implementations. It might help a lot to separate the security considerations into what MUST be implemented for interoperability, and how deployments SHOULD be configured, and then talk about optional extensions or alternatives. As currently written, I am not sure I could figure out just what an implementer MUST support. David Harrington dbharrington@comcast.net ietfdbh@comcast.net dharrington@huawei.com
- [secdir] secdir review of draft-ietf-rmt-pi-norm-… David Harrington
- Re: [secdir] secdir review of draft-ietf-rmt-pi-n… Brian Adamson
- Re: [secdir] secdir review of draft-ietf-rmt-pi-n… David Harrington
- Re: [secdir] secdir review of draft-ietf-rmt-pi-n… Brian Adamson
- [secdir] Update: draft-ietf-rmt-pi-norm-revised-10 Brian Adamson
- [secdir] [IANA #236966] Re: Last Call: draft-ietf… Amanda Baber via RT